Move Fastlane secrets outside of repository #1011
Conversation
mokagio
added
the
tooling
| "encrypt": true | ||
| }, | ||
| { | ||
| "file": "iOS/app_store_connect_fastlane_api_key.json", | ||
| "destination": ".configure-files/app_store_connect_fastlane_api_key.json", | ||
| "destination": "~/.configure/simplenote-macos/secrets/app_store_connect_fastlane_api_key.json", |
There was a problem hiding this comment.
At some point in the future, we'll add some kind of files_to_remove annotation to clean up the devs' local repo. See also https://github.com/woocommerce/woocommerce-ios/pull/4576/files#r670733139.
There was a problem hiding this comment.
FYI, this idea is also tracked in Automattic/configure#19
| @@ -2,6 +2,6 @@ | |||
| # | |||
| # Ensure this file is checked in to source control! | |||
|
|
|||
| gem 'fastlane-plugin-wpmreleasetoolkit', git: 'https://github.com/wordpress-mobile/release-toolkit', tag: '0.18.1' | |||
| gem 'fastlane-plugin-wpmreleasetoolkit', '~> 1.3' | |||
| # Store certs/profiles encrypted in Google Cloud | ||
| storage_mode("google_cloud") | ||
| google_cloud_bucket_name("a8c-fastlane-match") | ||
| google_cloud_keys_file(".configure-files/google_cloud_keys.json") |
There was a problem hiding this comment.
Sorry for the noise in the diff. While I was on this file, I converted Ruby "" into '', which is the recommended syntax for strings that don't use interpolation.
Ohhh that's what this email was about! Was about to post a message in our Slack to warn about the Apple rejection, but now I see that it came from here and that there's nothing to worry about 👍 |
There was a problem hiding this comment.
Code looks good, and given you mentioned that you tested it in #999 already, I think it's ok to 
| "encrypt": true | ||
| }, | ||
| { | ||
| "file": "iOS/app_store_connect_fastlane_api_key.json", | ||
| "destination": ".configure-files/app_store_connect_fastlane_api_key.json", | ||
| "destination": "~/.configure/simplenote-macos/secrets/app_store_connect_fastlane_api_key.json", |
There was a problem hiding this comment.
FYI, this idea is also tracked in Automattic/configure#19
Similar to wordpress-mobile/WordPress-iOS#16780.
Moves the Fastlane-related secrets outside of the repository into
~/.configure/simplenote-macos/secrets/To test locally, checkout this branch, run
bundle exec run configure_applyand then inspect the content of~/.configure/simplenote-macos/secrets/:I also opened #999 to test these changes. It exercises each secret by:
matchfor each build configuration, to test thegoogle_cloud_keys.jsonlocationReview
Only one developer required to review these changes, but anyone can perform the review.
Release
These changes do not require release notes.