Now I forget the fastlane match password, I did not have any way to find out what is the password. So I want to reset the password using this command(I get this way from https://github.com/fastlane/fastlane/issues/6297):
fastlane match nuke distribution
but still tell me to input the Passphrase for Match storage:
$ fastlane match nuke distribution ‹ruby-2.7.2›
[✔] 🚀
[12:21:55]: fastlane detected a Gemfile in the current directory
[12:21:55]: However, it seems like you didn't use `bundle exec`
[12:21:55]: To launch fastlane faster, please use
[12:21:55]:
[12:21:55]: $ bundle exec fastlane match nuke distribution
[12:21:55]:
[12:21:55]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[12:21:56]: In the config file './fastlane/Matchfile' you have the line git_url, but didn't provide any value. Make sure to append a value right after the option name. Make sure to check the docs for more information
[12:21:56]: In the config file './fastlane/Matchfile' you have the line username, but didn't provide any value. Make sure to append a value right after the option name. Make sure to check the docs for more information
[12:21:56]: Successfully loaded '/Users/dolphin/Documents/GitHub/flutter-netease-music/ios/fastlane/Matchfile' 📄
+-----------------+---------------------------+
| Detected Values from './fastlane/Matchfile' |
+-----------------+---------------------------+
| git_branch | master |
| storage_mode | git |
| type | adhoc |
| app_identifier | ["com.reddwarf.musicapp"] |
+-----------------+---------------------------+
Available session is not valid any more. Continuing with normal login.
[12:21:59]: To not be asked about this value, you can specify it using 'git_url'
[12:21:59]: URL to the git repo containing all the certificates: https://github.com/jiangxiaoqiang/music-certificate.git
[12:22:19]: Cloning remote git repo...
[12:22:19]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
[12:22:21]: Checking out branch master...
[12:22:21]: Enter the passphrase that should be used to encrypt/decrypt your certificates
[12:22:21]: This passphrase is specific per repository and will be stored in your local keychain
[12:22:21]: Make sure to remember the password, as you'll need it when you run match on a different machine
[12:22:21]: Passphrase for Match storage: ******
[12:22:31]: Type passphrase again: ******
[12:22:33]: wrong final block length
[12:22:33]: Couldn't decrypt the repo, please make sure you enter the right password!
keychain: "/Users/dolphin/Library/Keychains/jiangxiaoqiang-db"
version: 512
class: "inet"
attributes:
0x00000007 <blob>="match_https://github.com/jiangxiaoqiang/music-certificate.git"
0x00000008 <blob>=<NULL>
"acct"<blob>=<NULL>
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303231303831383034323233335A00 "20210818042233Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303231303831383034323233335A00 "20210818042233Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>=0x00000000
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="match_https://github.com/jiangxiaoqiang/music-certificate.git"
"type"<uint32>=<NULL>
password has been deleted.
[12:22:33]: Enter the passphrase that should be used to encrypt/decrypt your certificates
[12:22:33]: This passphrase is specific per repository and will be stored in your local keychain
[12:22:33]: Make sure to remember the password, as you'll need it when you run match on a different machine
[12:22:33]: Passphrase for Match storage:
I really did not remember the password, I just remember the password I was set the password is very simple, but after I input it tell me incorrect. what should I do to reset the password or find the password? I have tried to delete all certificate files to regerneate the certificate info but still need to input Passphrase for Match storage.
you need to create a new git repo and update your Matchfile with that newly created repo URL.
Then you should be able to run without entering any Passphrase
bundle exec fastlane match nuke distribution
Please feel free to open discussion here, if you still having issue
https://github.com/fastlane/fastlane/discussions
Related
So the background is this: I have an Xcode project that depends on a swift package that's in a private repository on github. Of course, this requires a key to access. So far, I've managed to configure CI such that I can ssh into the instance and git clone the required repository for the swift package. Unfortunately when running it with xcbuild as CI does, it doesn't work and I get this message:
static:ios distiller$ xcodebuild -showBuildSettings -workspace ./Project.xcworkspace \
-scheme App\ Prod
Resolve Package Graph
Fetching git#github.com:company-uk/ProjectDependency.git
xcodebuild: error: Could not resolve package dependencies:
Authentication failed because the credentials were rejected
In contrast, git clone will happily fetch this repo as seen here:
static:ios distiller$ git clone git#github.com:company-uk/ProjectDependency.git
Cloning into 'ProjectDependency'...
Warning: Permanently added the RSA host key for IP address '11.22.33.44' to the list of known hosts.
remote: Enumerating objects: 263, done.
remote: Counting objects: 100% (263/263), done.
remote: Compressing objects: 100% (171/171), done.
remote: Total 1335 (delta 165), reused 174 (delta 86), pack-reused 1072
Receiving objects: 100% (1335/1335), 1.11 MiB | 5.67 MiB/s, done.
Resolving deltas: 100% (681/681), done.
For a bit more context, this is running on CircleCI, set up with a Deploy key on GitHub, which has been added to the Job on CI.
Any suggestions about what might be different between the way Xcode tries to fetch dependencies and the way vanilla git does it would be great. Thanks.
For CI pipelines where you cannot sign into GitHub or other repository hosts this is the solution I found that bypasses the restrictions/bugs of Xcode around private Swift packages.
Use https urls for the private dependencies because the ssh config is currently ignored by xcodebuild even though the documentation says otherwise.
Once you can build locally with https go to your repository host and create a personal access token (PAT). For GitHub instructions are found here.
With your CI system add this PAT as a secret environment variable. In the script below it is referred to as GITHUB_PAT.
Then in your CI pipeline before you run xcodebuild make sure you run an appropriately modified version of this bash script:
for FILE in $(grep -Ril "https://github.com/[org_name]" .); do
sed -i '' "s/https:\/\/github.com\/[org_name]/https:\/\/${GITHUB_PAT}#github.com\/[org_name]/g" ${FILE}
done
This script will find all https references and inject the PAT into it so it can be used without a password.
Don't forget:
Replace [org_name] with your organization name.
Replace ${GITHUB_PAT} with the name of your CI Secret if you named it differently.
Configure the grep command to ignore any paths you don't want modified by the script.
This seems to be a bug in Xcode 11 with SSH. Switching to HTTPS for resolving Swift Packages fixes the issue:
So from this:
E29801192303068A00018344 /* XCRemoteSwiftPackageReference "ProjectDependency" */ = {
isa = XCRemoteSwiftPackageReference;
repositoryURL = "git#github.com:company-uk/ProjectDependency.git";
requirement = {
branch = "debug";
kind = branch;
};
};
to:
E29801192303068A00018344 /* XCRemoteSwiftPackageReference "ProjectDependency" */ = {
isa = XCRemoteSwiftPackageReference;
repositoryURL = "https://github.com/company-uk/ProjectDependency.git";
requirement = {
branch = "debug";
kind = branch;
};
};
Also, now that Xcode 12 is out, you can use that, where it's fixed.
In order to get private swift packages working with GitHub actions I had to add the following:
I had to add an SSH key to my secrets
On the xcodebuild step, I had to add the flag: -usePackageSupportBuiltinSCM
right before executing the xcodebuild step, I had to add the following run script:
- name: Add CI SSH Key
run: ssh-add - <<< "${{ secrets.YOUR_SECRET_SSH_KEY }}"
You can resolve this issue in a CI environment with Xcode 12 by adding your GitHub account to Accounts within Xcode.
Sign in with your GitHub account name and a personal access token you created on Github.
We are using Jenkins with Fastlane tools and when xcodebuild is invoked, it will use the access token to authenticate into the repos using HTTPS.
I had the same issue, the root cause for me is: the default github ssh key type is ed25519 ssh-keygen -t ed25519 -C "your_email#example.com".
But XCode doesn't support ed25519. Changed to RSA key works: ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
You can see the error under XCode Preference > Accounts > Github
I was able to build with a package from a private repo in GitHub actions with HTTPS URLs by creating a .netrc file using the extractions/netrc#v1 action.
Build:
runs-on: macos-12
steps:
- uses: actions/checkout#v3
- uses: extractions/netrc#v1
with:
machine: github.com
username: user
password: ${{ secrets.SWIFT_PACKAGE_MANAGER_PAT }}
- uses: extractions/netrc#v1
with:
machine: api.github.com
username: user
password: ${{ secrets.SWIFT_PACKAGE_MANAGER_PAT }}
After this, xcodebuild will use the PAT when accessing the private repo.
I tried to use GITHUB_TOKEN, but it seems that it is restricted to the current repo only. So I created a PAT for my GitHub account and added that to the repo secrets.
Lets say I have a scenario in my demo.feature file
Scenario Outline: Gather and load all submenus
Given I will login using <username> and <password>
When I will click all links
Examples :
| username | password |
| user1 | pass1 |
| use2 | pass2 |
lets say i have a file called users.json
How can i get those usernames and passwords from that external file to my demo.feature ?
Can I catch the file by passing parameters to my npm script like below ?
npm run cucumber -- --params.environment.file=usernames.json
I recommend having the login step access that json file within the step definition. Just make sure not to check it into the repo and instead always expect it to be in a location but only locally and not in the repository.
Doing the above is useful for a couple of reasons:
- An engineer running your tests does not need to know that a param must be passed in from the command line
- The code is self-descriptive in that step as to how it logs in
- You can add better error handling
- You can use multiple user files if needs be by having hooks define paths etc based on tags
I'm trying to use sigh and I am a bit confused. When I type the below line:
sigh username:"me#example.com" app_identifier:"com.example"
It logs in with my user name but then gives me the prompt:
[21:19:44]: Successfully logged in
[21:19:44]: Fetching profiles...
[21:19:44]: To not be asked about this value, you can specify it using 'app_identifier'
The bundle identifier of your app:
When I type the below line:
sigh -a com.example -u me#example.com
I do not get the prompt. What am I doing wrong in the first one? The first one from what I understand is what I can use in the fastlane file for automation, which is why this is important. I read the below on this:
https://github.com/fastlane/fastlane/tree/master/sigh
as well as the sigh --help documentation.
My lane is defined as below:
desc "Get the provisioning profiles for the app"
lane :sign do |options|
apple_id = CredentialsManager::AppfileConfig.try_fetch_value(:apple_id)
team_id = CredentialsManager::AppfileConfig.try_fetch_value(:team_id)
cert(username: apple_id, team_id: team_id)
sigh(app_identifier: options[:bundle_id], username: apple_id)
end
The part where sigh is I get the same prompt. Is there a way to remove it?
UPDATE
The following works:
sigh --username "me#example.com" --app_identifier "com.example"
But I want it to work in fastlane. What am I doing wrong there?
sigh username:"me#example.com" app_identifier:"com.example"
That syntax is not supported, instead try the following from the command line
sigh --username "me#example.com" --app_identifier "com.example"
To do the same from your Fastfile
sigh(username: "me#example.com", app_identifier: "com.example")
Turns out the reason was that I had some data in my Appfile that Fastlane didn't like. It didn't show proper error messaging, but I put one more variable that it didn't recognize and there for it failed.
One thing I learned about Fastlane is that it works well but sometimes errors are hard to debug. Make sure to read the documentation properly!
The quotation below is the instruction to contribute to brew-cask. However, I could not understand the sentence: github_user='<my-github-username>', I do not know whether should I input <>, and what is the github_user?
There is one email address, two names for one single GitHub account. What is more, when I input the last sentence: cask-repair --pull origin --push $github_user $outdated_cask. There is 2 errors: the requested upstream branch 'Andy1984' does not exist, and
Error creating pull request: Unprocessable Entity (HTTP 422)
Invalid value for "head"
and the result is There was an error submitting the pull request. Have you forked the repo and made sure the pull and push remotes exist? I am quite sure I followed the instructions. What is wrong?
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# fork homebrew-cask to your account - only needed once
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
hub fork
# use to update <outdated_cask>
outdated_cask='<the-cask-i-want-to-update>'
github_user='<my-github-username>'
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
cask-repair --pull origin --push $github_user $outdated_cask
According to the documentation you can also use a script to push new version of an existing cask.
Check: https://github.com/caskroom/homebrew-cask/blob/master/CONTRIBUTING.md#updating-a-cask
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# use to update <outdated_cask>
cask-repair <outdated_cask>
I am using Chef, invoked by Capistrano.
There is a directive to clone a repository using git.
git node['rails']['rails_root'] do
repository "git#myrepo.com:/myproj.git"
reference "master"
action :sync
user node['rails']['rails_user']
group node['rails']['rails_group']
end
When it gets to this point, I get:
** [out :: 10.1.1.1] STDERR: Host key verification failed.
So, I need to add a "known_hosts" entry. No problem. But to which user? The core of my problem is that I have no idea which user is executing what commands, and if they are invoking sudo, etc.
I've run keyscan to populate the known_hosts of root, and the user I ssh in as, to no avail.
Note, this git repo is read-protected, and requires ssh key access.
Another way to solve https://github.com/opscode-cookbooks/ssh_known_hosts
this worked for me
You can use an ssh wrapper approach. Look here for details.
Briefly do the following steps
First, create a file in the cookbooks/COOKBOOK_NAME/files/default directory that is named wrap-ssh4git.sh and which contains the following:
#!/usr/bin/env bash
/usr/bin/env ssh -o "StrictHostKeyChecking=no" $1 $2
Then, use the following block for your deployment:
directory "/tmp/private_code/.ssh" do
owner "ubuntu"
recursive true
end
cookbook_file "/tmp/private_code/wrap-ssh4git.sh" do
source "wrap-ssh4git.sh"
owner "ubuntu"
mode 00700
end
deploy "private_repo" do
repo "git#github.com:acctname/private-repo.git"
user "ubuntu"
deploy_to "/tmp/private_code"
action :deploy
ssh_wrapper "/tmp/private_code/wrap-ssh4git.sh"
end
The git repository will be cloned as user node['rails']['rails_user'] (via https://docs.chef.io/resource_git.html) - I assume that users known_hosts file is the one you have to modify.
I have resolved this issue as below
_home_dir = nil
node['etc']['passwd'].each do |user, data|
if user.eql? node['jenkins']['username']
_home_dir = data['dir']
end
end
key_config ="Host *\n\tStrictHostKeyChecking no\n"
file "#{_home_dir}/.ssh/config" do
owner node['jenkins']['username']
group node['jenkins']['username']
mode "0600"
content key_config
end