Any more comprehensive examples of usage?
bdruth opened this issue · 2 comments
Sorry if I'm just dense, but I'm not understanding how to use this to manage the private bits in my Android project. I have a keystore I've used to sign the app bundle and I have an API key .json that I use to push the bundle up to the Play Store API - this is all working well. However, I need to share these protected resources and I was looking to take a similar approach to what fastlane match does on the iOS side with this plugin. Can I use the same GitHub repo as we're using for match? Can I use the same OpenSSL key as we're using for match? I assume I need to create a .zip of the existing .keystore and .json files, which cryptex will then save to the GitHub repo, but I'm a bit lost as to what I need to do where and how to incorporate it in the Fastfile lanes. I'm quite new to fastlane overall. Has anyone written a more granular how-to?
Sorry for the n00b post, I'm just a bit lost :(
Yep same... we operate in a monorepo too so there's that.
Currently my process is this:
- Create new files for the new app
- Create some additional tooling shortcuts (because monorepo)
- get the initial app store entry created on the various app stores:
fastlane produce ... - generate the certs for the app
fastlane match init - generate a set of profiles
fastlane match developmentetc
At this point i have a git repo with encrypted certs and profiles for the new app (this repo may already have other certs and profiles)
What I'd like to know is where cryptex fits in here?
Ok so i've since started uncovering more details:
our directory structure looks like:
package.json
.yarnrc
yarn.lock
README.md
apps/
OneOfOurApps/
ios/
android/
keys/
dist/
fastlane/
AppFile
FastFile
MatchFIle
packages.json
designsystem/
demo/
ios/
android/
keys/
dist/
fastlane/
AppFile
FastFile
MatchFIle
package.json
packages/
avatar/
package.json
...
our root package.json > scripts has :
...
"ds:fastlane": "yarn workspace @us/designsystemdemo fastlane"
...get the initial app store entry created on the various app stores
You need to manually do this. because: google.
generate the certs etc for the app
you have two options here:
1. use an existing keystore you get from the google developers dashboard
# designsystem/demo/fastlane/Fastfile
platform :android do
desc "Encrypt and store the android codesigning keystore"
lane :keystore_update do
key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)
cryptex(
git_url: "github.com:you/codesigning.git",
type: "import",
in: "keys/upload.keystore",
key: "#{key_name}.keystore"
)
end
endour designsystem/demo/package.json > scripts has this:
{
"name": "@us/designsystemdemo",
...
"scripts": {
"fastlane": "bundle exec fastlane"
}
...so when we run from our repo root:
$ yarn ds:fastlane android keystore_updateSeveral things happen:
- the git repo is pulled down
- the keystore is updated
- the keystore is encrypted
- the keystore is commited
- the repo is pushed back up
2. generate new ones with cryptex
# designsystem/demo/fastlane/Fastfile
platform :android do
desc "Encrypt and store the android codesigning keystore"
lane :keystore_generate do
key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)
cryptex_generate_keystore(
destination: "keys/upload.keystore",
alias: "#{key_name}.keystore"
)
cryptex(
git_url: "github.com:you/codesigning.git",
type: "import",
in: "keys/upload.keystore",
key: "#{key_name}.keystore"
)
end
endso when we run from our repo root:
$ yarn ds:fastlane android keystore_generateSeveral things happen:
- a keystore is generated
- the git repo is pulled down
- the keystore is encrypted
- the keystore is commited
- the repo is pushed back up
So @bdruth I'd imagine if you want to also include your api key too, i think (correct me if I'm wrong), but we just need to remember that cryptex_generate_keystore is the only "keystore" orientated command, where as cryptex is a generic command for adding/extracting files from our codesigning repo.
So you could do something like:
# designsystem/demo/fastlane/Fastfile
platform :android do
desc "Encrypt and store the android codesigning keystore"
lane :keystore_update do
key_name = CredentialsManager::AppfileConfig.try_fetch_value(:package_name)
cryptex(
git_url: "github.com:you/codesigning.git",
type: "import",
in: "keys/upload.keystore",
key: "#{key_name}.keystore"
)
cryptex(
git_url: "github.com:you/codesigning.git",
type: "import",
in: "keys/api.json",
key: "#{key_name}.api
)
end
end