The fastlane-action-csp from venafi

Automate Apple Code Signing with Venafi CodeSign Protect and Fastlane

Make sure to have the latest Venafi CodeSign Protect client for MacOS installed and configured. See documentation

The venafi_codesign_auth action will automate authentication/authorization for the CodeSign Protect client.

The venafi_codesign_cert action will automate the issuance of Apple code signing certificates within Venafi CodeSign Protect. This automation leverages API access and therefore you will need an appropriate API Integration with the following minimum scopes:

restricted:manage;configuration;certificate:discover

To fetch an appropriate access_token, you can use the following API call:

POST /vedauth/authorize/oauth HTTP/1.1
Host: tpp.example.com
Content-Type: application/json
Content-Length: 147

{
   "client_id":"apple-cert",
   "password":"SuperSecretPassword!",
   "scope":"restricted:manage;configuration;certificate:discover",
   "username":"local:myaccount"
}

Or using curl:

curl --location 'https://tpp.example.com/vedauth/authorize/oauth' \
--header 'Content-Type: application/json' \
--data '{
   "client_id":"apple-cert",
   "password":"SuperSecretPassword!!",
   "scope":"restricted:manage;configuration;certificate:discover",
   "username":"local:myaccount"
}'

Issue Apple Code Signing Certificate

Here is an example lane:

 lane :venafi_cert do
    app_store_connect_api_key(
      key_id: "<insert key id>",
      issuer_id: "<insert issuer id>",
      key_filepath: "/Users/developer/private_keys/AuthKey_ABC123.p8",
      duration: 1200
    )
    venafi_codesign_cert(
      tpp_url: "https://tpp.example.com",
      tpp_access_token: "lfhTMYQtLK+oHS6cUvOCLh==",
      tpp_policydn: "Code Signing\\Certificates",
      tpp_project: "AppleTestProject",
      tpp_environment: "Development",
      certificate_type: "APPLEDEVELOPMENT"
    )

Sign with CodeSign Protect:

Here is an example lane:

venafi_codesign_auth(tpp_url: "https://tpp.example.com",
                    tpp_username: "sample-cs-user",
                    tpp_password: "MySecret!"
                    )
    build_app(
      project: "SampleIOSApp.xcodeproj",
      scheme: "SampleIOSApp",
      output_name: "SampleIOSApp.ipa",
      export_method: "development",
      export_options: {
         provisioningProfiles: {
         "com.example.SampleIOSApp" => "Venafi Profile"
         }
      }
    )

Contributing to the FastLane actions for Venafi CodeSign Protect

Venafi welcomes contributions from the developer community.

Fork it to your account (https://github.com/Venafi/fastlane-action-csp/fork)
Clone your fork (git clone [email protected]:youracct/fastlane-action-csp.git)
Create a feature branch (git checkout -b your-branch-name)
Implement and test your changes
Commit your changes (git commit -am 'Added some cool functionality')
Push to the branch (git push origin your-branch-name)
Create a new Pull Request (https://github.com/youracct/fastlane-action-csp/pull/new/your-branch-name)

License

fastlane-action-csp is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Please direct questions/comments to [email protected].

venafi / fastlane-action-csp Goto Github PK

fastlane-action-csp's Introduction

Automate Apple Code Signing with Venafi CodeSign Protect and Fastlane

Issue Apple Code Signing Certificate

Sign with CodeSign Protect:

Contributing to the FastLane actions for Venafi CodeSign Protect

License

fastlane-action-csp's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent