config.go

package main

import (
	"fmt"
	"net/http"
	"strings"

	"github.com/bitrise-io/go-steputils/v2/stepconf"
	"github.com/bitrise-io/go-utils/v2/retryhttp"
	"github.com/bitrise-io/go-xcode/appleauth"
	"github.com/bitrise-io/go-xcode/devportalservice"
	"github.com/kballard/go-shellquote"
)

// Inputs ...
type Inputs struct {
	InputWorkDir string `env:"work_dir,dir"`
	Lane         string `env:"lane,required"`

	BitriseConnection   bitriseConnection `env:"connection,opt[automatic,api_key,apple_id,off]"`
	AppleID             string            `env:"apple_id"`
	Password            stepconf.Secret   `env:"password"`
	AppSpecificPassword stepconf.Secret   `env:"app_password"`
	APIKeyPath          stepconf.Secret   `env:"api_key_path"`
	APIIssuer           string            `env:"api_issuer"`

	UpdateFastlane bool `env:"update_fastlane,opt[true,false]"`
	VerboseLog     bool `env:"verbose_log,opt[yes,no]"`
	EnableCache    bool `env:"enable_cache,opt[yes,no]"`

	GemHome string `env:"GEM_HOME"`

	// Used to get Bitrise Apple Developer Portal Connection
	BuildURL      string          `env:"BITRISE_BUILD_URL"`
	BuildAPIToken stepconf.Secret `env:"BITRISE_BUILD_API_TOKEN"`
}

// Config contains inputs parsed from environment variables
type Config struct {
	Inputs
	WorkDir         string
	AuthCredentials appleauth.Credentials
	LaneOptions     []string
	GemVersions     gemVersions
}

// ProcessConfig ...
func (f FastlaneRunner) ProcessConfig() (Config, error) {
	var inputs Inputs
	if err := f.inputParser.Parse(&inputs); err != nil {
		return Config{}, err
	}
	stepconf.Print(inputs)
	f.logger.Println()

	config := Config{Inputs: inputs}
	f.logger.EnableDebugLog(config.VerboseLog)

	authInputs, err := f.validateAuthInputs(config)
	if err != nil {
		return Config{}, fmt.Errorf("Issue with authentication related inputs: %v", err)
	}

	authSources, err := f.parseAuthSources(config.BitriseConnection)
	if err != nil {
		return Config{}, fmt.Errorf("Invalid Input: %v", err)
	}

	f.validateGemHome(config)

	workDir, err := f.getWorkDir(config)
	if err != nil {
		return Config{}, err
	}
	config.WorkDir = workDir

	// Select and fetch Apple authenication source
	authConfig, err := f.selectAppleAuthSource(config, authSources, authInputs)
	if err != nil {
		return Config{}, err
	}
	config.AuthCredentials = authConfig

	// Split lane option
	laneOptions, err := shellquote.Split(config.Lane)
	if err != nil {
		return Config{}, fmt.Errorf("Failed to parse lane (%s), error: %s", config.Lane, err)
	}
	config.LaneOptions = laneOptions

	// Determine desired Fastlane version
	f.logger.Println()
	f.logger.Infof("Determine desired Fastlane version")
	gemVersions, err := f.parseGemfileLock(config.WorkDir)
	if err != nil {
		return Config{}, err
	}
	config.GemVersions = gemVersions

	return config, nil
}

func (f FastlaneRunner) validateAuthInputs(config Config) (appleauth.Inputs, error) {
	authInputs := appleauth.Inputs{
		Username:            config.AppleID,
		Password:            string(config.Password),
		AppSpecificPassword: string(config.AppSpecificPassword),
		APIIssuer:           config.APIIssuer,
		APIKeyPath:          string(config.APIKeyPath),
	}
	if err := authInputs.Validate(); err != nil {
		return appleauth.Inputs{}, err
	}
	return authInputs, nil
}

type bitriseConnection string

const (
	automatic = "automatic"
	apiKey    = "api_key"
	appleID   = "apple_id"
	off       = "off"
)

func (f FastlaneRunner) parseAuthSources(connection bitriseConnection) ([]appleauth.Source, error) {
	switch connection {
	case automatic:
		return []appleauth.Source{
			&appleauth.ConnectionAPIKeySource{},
			&appleauth.ConnectionAppleIDFastlaneSource{},
			&appleauth.InputAPIKeySource{},
			&appleauth.InputAppleIDFastlaneSource{},
		}, nil
	case apiKey:
		return []appleauth.Source{&appleauth.ConnectionAPIKeySource{}}, nil
	case appleID:
		return []appleauth.Source{&appleauth.ConnectionAppleIDFastlaneSource{}}, nil
	case off:
		return []appleauth.Source{
			&appleauth.InputAPIKeySource{},
			&appleauth.InputAppleIDFastlaneSource{},
		}, nil
	default:
		return nil, fmt.Errorf("invalid connection input: %s", connection)
	}
}

func (f FastlaneRunner) validateGemHome(config Config) {
	if strings.TrimSpace(config.GemHome) == "" {
		return
	}
	f.logger.Warnf("GEM_HOME environment variable is set to:\n%s\nThis can lead to errors as gem lookup path may not contain GEM_HOME.", config.GemHome)
}

func (f FastlaneRunner) getWorkDir(config Config) (string, error) {
	f.logger.Infof("Expand WorkDir")

	workDir := config.InputWorkDir
	if workDir == "" {
		f.logger.Printf("WorkDir not set, using CurrentWorkingDirectory...")
		currentDir, err := f.pathModifier.AbsPath(".")
		if err != nil {
			return "", fmt.Errorf("Failed to get current dir, error: %s", err)
		}
		workDir = currentDir
	} else {
		absWorkDir, err := f.pathModifier.AbsPath(workDir)
		if err != nil {
			return "", fmt.Errorf("Failed to expand path (%s), error: %s", workDir, err)
		}
		workDir = absWorkDir
	}

	f.logger.Donef("Expanded WorkDir: %s", workDir)
	return workDir, nil
}

func (f FastlaneRunner) selectAppleAuthSource(config Config, authSources []appleauth.Source, authInputs appleauth.Inputs) (appleauth.Credentials, error) {
	f.logger.Println()
	f.logger.Infof("Reading Apple Developer Portal authentication data")

	var devportalConnectionProvider *devportalservice.BitriseClient
	if config.BuildURL != "" && config.BuildAPIToken != "" {
		devportalConnectionProvider = devportalservice.NewBitriseClient(retryhttp.NewClient(f.logger).StandardClient(), config.BuildURL, string(config.BuildAPIToken))
	} else {
		f.logger.Warnf("Connected Apple Developer Portal Account not found. Step is not running on bitrise.io: BITRISE_BUILD_URL and BITRISE_BUILD_API_TOKEN envs are not set")
	}
	var conn *devportalservice.AppleDeveloperConnection
	if config.BitriseConnection != "off" && devportalConnectionProvider != nil {
		var err error
		conn, err = devportalConnectionProvider.GetAppleDeveloperConnection()
		if err != nil {
			f.handleSessionDataError(err)
		}
	}

	authConfig, err := appleauth.Select(conn, authSources, authInputs)
	if err != nil {
		if _, ok := err.(*appleauth.MissingAuthConfigError); !ok {
			return appleauth.Credentials{}, fmt.Errorf("Could not configure Apple Service authentication: %v", err)
		}
		f.logger.Warnf("No authentication data found matching the selected Apple Service authentication method (%s).", config.BitriseConnection)
		if conn != nil && (conn.APIKeyConnection == nil && conn.AppleIDConnection == nil) {
			f.logger.Warnf("%s", notConnected)
		}
	}
	return authConfig, nil
}

const notConnected = `Connected Apple Developer Portal Account not found.
Most likely because there is no Apple Developer Portal Account connected to the build.
Read more: https://devcenter.bitrise.io/getting-started/configuring-bitrise-steps-that-require-apple-developer-account-data/`

func (f FastlaneRunner) handleSessionDataError(err error) {
	if err == nil {
		return
	}

	if networkErr, ok := err.(devportalservice.NetworkError); ok && networkErr.Status == http.StatusUnauthorized {
		f.logger.Warnf("%s", "Unauthorized to query Connected Apple Developer Portal Account. This happens by design, with a public app's PR build, to protect secrets.")
		return
	}

	f.logger.Warnf("Failed to activate Bitrise Apple Developer Portal connection: %s", err)
	f.logger.Warnf("Read more: https://devcenter.bitrise.io/getting-started/configuring-bitrise-steps-that-require-apple-developer-account-data/")
}