Allow empty certificate passphrase (#286)

* Allow empty certificate passphrase

* Fix step inputs

* Remove dead code, fix lint warnings

* Use latest go-xcode release

Author: ofalvai

README.md

@@ -86,7 +86,7 @@ You can also run this step directly with [Bitrise CLI](https://github.com/bitris
 | `register_test_devices` | If this input is set, the Step will register the known test devices on Bitrise from team members with the Apple Developer Portal.  Note that setting this to yes may cause devices to be registered against your limited quantity of test devices in the Apple Developer Portal, which can only be removed once annually during your renewal window. | required | `no` |
 | `min_profile_validity` | If this input is set to >0, the managed Provisioning Profile will be renewed if it expires within the configured number of days.  Otherwise the Step renews the managed Provisioning Profile if it is expired. | required | `0` |
 | `certificate_url_list` | URL of the code signing certificate to download.  Multiple URLs can be specified, separated by a pipe (`\|`) character.  Local file path can be specified, using the `file://` URL scheme. | required, sensitive | `$BITRISE_CERTIFICATE_URL` |
-| `passphrase_list` | Passphrases for the provided code signing certificates.  Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`\|`) character. | required, sensitive | `$BITRISE_CERTIFICATE_PASSPHRASE` |
+| `passphrase_list` | Passphrases for the provided code signing certificates.  Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`\|`) character.  Certificates without a passphrase: for using a single certificate, leave this step input empty. For multiple certificates, use the separator as if there was a passphrase (examples: `pass\|`, `\|pass\|`, `\|`) | sensitive | `$BITRISE_CERTIFICATE_PASSPHRASE` |
 | `keychain_path` | Path to the Keychain where the code signing certificates will be installed. | required | `$HOME/Library/Keychains/login.keychain` |
 | `keychain_password` | Password for the provided Keychain. | required, sensitive | `$BITRISE_KEYCHAIN_PASSWORD` |
 | `export_development_team` | The Developer Portal team to use for this export  Defaults to the team used to build the archive.  Defining this is also required when Automatic Code Signing is set to `apple-id` and the connected account belongs to multiple teams. |  |  |

e2e/bitrise.yml

@@ -9,13 +9,42 @@ app:
   - BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_URL_LIST
   - BITFALL_APPLE_IOS_CERTIFICATE_URL_LIST: $BITFALL_APPLE_IOS_CERTIFICATE_URL_LIST
   - BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST: $BITFALL_APPLE_APPLE_CERTIFICATE_PASSPHRASE_LIST
+  - BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL: $BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL
   - BITFALL_APPLE_IOS_CERTIFICATE_PASSPHRASE_LIST: $BITFALL_APPLE_IOS_CERTIFICATE_PASSPHRASE_LIST
   - BITFALL_APPLE_PROVISIONING_PROFILE_URL_LIST: $BITFALL_APPLE_PROVISIONING_PROFILE_URL_LIST
 
   - BITFALL_APPSTORECONNECT_API_KEY_URL: $BITFALL_APPSTORECONNECT_API_KEY_URL
   - BITFALL_APPSTORECONNECT_API_KEY_ISSUER_ID: $BITFALL_APPSTORECONNECT_API_KEY_ISSUER_ID
 
 workflows:
+  test_single_certificate_no_passphrase:
+    steps:
+    - script:
+        inputs:
+        - content: |-
+            #!/bin/bash
+            set -ex
+            rm -rf "./_tmp"
+            mkdir -p "./_tmp"
+    - git::https://github.com/bitrise-steplib/bitrise-step-simple-git-clone.git@master:
+        inputs:
+        - repository_url: https://github.com/bitrise-io/sample-apps-ios-simple-objc.git
+        - branch: bundle_id
+        - clone_into_dir: ./_tmp
+    - path::./:
+        title: Execute step
+        inputs:
+        - project_path: ./_tmp/ios-simple-objc/ios-simple-objc.xcodeproj
+        - scheme: ios-simple-objc
+        - automatic_code_signing: api-key
+        - certificate_url_list: $BITFALL_APPLE_IOS_CERTIFICATE_NOPASSPHRASE_URL
+        - passphrase_list: ""
+        - distribution_method: development
+        - export_development_team: 72SA8V3WYL
+        - verbose_log: "yes"
+        - keychain_path: $BITRISE_KEYCHAIN_PATH
+        - keychain_password: $BITRISE_KEYCHAIN_PASSWORD
+
   test_manual_signing:
     description: Tests the case when automatic code signing is disabled and the certificate installer step is used to set up code signing assets
     envs:

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/bitrise-io/go-utils v1.0.1
 	github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2
 	github.com/bitrise-io/go-xcode v1.0.5
-	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9
+	github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/stretchr/testify v1.7.0
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b

go.sum

@@ -10,20 +10,10 @@ github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.1/go.mod h1:sy+Ir1X8P3tAAx/qU/r+h
 github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2 h1:w3fwgLLmxMOpYNa6W5aLtJZE8M8+qGE5VPOcr+st59c=
 github.com/bitrise-io/go-utils/v2 v2.0.0-alpha.2/go.mod h1:sy+Ir1X8P3tAAx/qU/r+hqDjHDcrMjIzDEvId1wqNc4=
 github.com/bitrise-io/go-xcode v1.0.1/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.4 h1:9i3VlaUX46LqdDKnjFd8aYRmzqUKp9wFKEoBYhNWfao=
-github.com/bitrise-io/go-xcode v1.0.4/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303150513-eacbb0ea3534 h1:yK80oQf8EB3Bp3JFQ6rigrt+zSSobdzz9uIWqtA47sE=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303150513-eacbb0ea3534/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303155724-31843c88e3b2 h1:/koeN8V5K5YEn2zdLA/EiaK0f5KG208DGiljheX9hjA=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303155724-31843c88e3b2/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303165703-cd3a6caa0c7a h1:IRwm19YLJBh0Mf+cJB5n+gUT1CEG2RHwJFVmV4tc+xM=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220303165703-cd3a6caa0c7a/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220304085114-810880454edb h1:G4EpFGZSnBEaSjviYhRkgcs4W009rqTWV3RBu+78paI=
-github.com/bitrise-io/go-xcode v1.0.5-0.20220304085114-810880454edb/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
 github.com/bitrise-io/go-xcode v1.0.5 h1:T0I1ED5oDifbO57VSNxhLh+8T9vcdGt+5U/kOrzFKeQ=
 github.com/bitrise-io/go-xcode v1.0.5/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9 h1:zBb8U+i6LrZXdTSh+FrXhb/ivw/ghnLVmhU5mjQIOSM=
-github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.9/go.mod h1:6YbvyYwZgSTt96CQSQ6QlrkcRiv3ssX8zLijh2TPnbU=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10 h1:fL+rOyxRXZADO3o4UKCUFsO3Fr83G+r8fbH4BnzOvls=
+github.com/bitrise-io/go-xcode/v2 v2.0.0-alpha.10/go.mod h1:6YbvyYwZgSTt96CQSQ6QlrkcRiv3ssX8zLijh2TPnbU=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 h1:kmvU8AxrNTxXsVPKepBHD8W+eCVmeaKyTkRuUJB2K38=
 github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8/go.mod h1:UiXKNs0essbC14a2TvGlnUKo9isP9m4guPrp8KJHJpU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

main.go

@@ -528,7 +528,7 @@ func (s XcodeArchiveStep) xcodeArchive(opts xcodeArchiveOpts) (xcodeArchiveOutpu
 	var swiftPackagesPath string
 	if opts.XcodeMajorVersion >= 11 {
 		var err error
-		if swiftPackagesPath, err = cache.SwiftPackagesPath(opts.ProjectPath); err != nil {
+		if swiftPackagesPath, err = cache.NewSwiftPackageCache().SwiftPackagesPath(opts.ProjectPath); err != nil {
 			return out, fmt.Errorf("failed to get Swift Packages path, error: %s", err)
 		}
 	}
@@ -575,7 +575,7 @@ The log file will be stored in $BITRISE_DEPLOY_DIR, and its full path will be av
 
 	// Cache swift PM
 	if opts.XcodeMajorVersion >= 11 && opts.CacheLevel == "swift_packages" {
-		if err := cache.CollectSwiftPackages(opts.ProjectPath); err != nil {
+		if err := cache.NewSwiftPackageCache().CollectSwiftPackages(opts.ProjectPath); err != nil {
 			logger.Warnf("Failed to mark swift packages for caching, error: %s", err)
 		}
 	}
@@ -650,7 +650,7 @@ func (s XcodeArchiveStep) xcodeIPAExport(opts xcodeIPAExportOpts) (xcodeIPAExpor
 
 		archiveExportMethod := opts.Archive.Application.ProvisioningProfile.ExportType
 
-		exportMethod, err := determineExportMethod(opts.ExportMethod, exportoptions.Method(archiveExportMethod))
+		exportMethod, err := determineExportMethod(opts.ExportMethod, archiveExportMethod)
 		if err != nil {
 			return out, err
 		}

step.yml

@@ -241,7 +241,9 @@ inputs:
       Passphrases for the provided code signing certificates.
 
       Specify as many passphrases as many Code signing certificate URL provided, separated by a pipe (`|`) character.
-    is_required: true
+
+      Certificates without a passphrase: for using a single certificate, leave this step input empty. For multiple certificates, use the separator as if there was a passphrase (examples: `pass|`, `|pass|`, `|`)
+    is_required: false  # A single cert with an empty passphrase is allowed too
     is_sensitive: true
 
 - keychain_path: $HOME/Library/Keychains/login.keychain

utils/export.go

@@ -17,7 +17,7 @@ func zip(cmdFactory command.Factory, sourceDir, destinationZipPth string) error
 	cmd := cmdFactory.Create("/usr/bin/zip", []string{"-rTy", destinationZipPth, dirName}, &command.Opts{Dir: parentDir})
 	out, err := cmd.RunAndReturnTrimmedCombinedOutput()
 	if err != nil {
-		return fmt.Errorf("Failed to zip dir: %s, output: %s, error: %s", sourceDir, out, err)
+		return fmt.Errorf("failed to zip dir: %s, output: %s, error: %s", sourceDir, out, err)
 	}
 
 	return nil

utils/platform_test.go

@@ -35,7 +35,7 @@ func TestBuildableTargetPlatform(t *testing.T) {
 			xcodeProj: &xcodeproj.XcodeProj{
 				Proj: xcodeproj.Proj{
 					Targets: []xcodeproj.Target{
-						xcodeproj.Target{
+						{
 							ID: "target_id",
 						},
 					},
@@ -44,7 +44,7 @@ func TestBuildableTargetPlatform(t *testing.T) {
 			scheme: &xcscheme.Scheme{
 				BuildAction: xcscheme.BuildAction{
 					BuildActionEntries: []xcscheme.BuildActionEntry{
-						xcscheme.BuildActionEntry{
+						{
 							BuildForArchiving: "YES",
 							BuildableReference: xcscheme.BuildableReference{
 								BuildableName:       "bitrise.app",
@@ -64,7 +64,7 @@ func TestBuildableTargetPlatform(t *testing.T) {
 			xcodeProj: &xcodeproj.XcodeProj{
 				Proj: xcodeproj.Proj{
 					Targets: []xcodeproj.Target{
-						xcodeproj.Target{
+						{
 							ID: "target_id",
 						},
 					},
@@ -73,7 +73,7 @@ func TestBuildableTargetPlatform(t *testing.T) {
 			scheme: &xcscheme.Scheme{
 				BuildAction: xcscheme.BuildAction{
 					BuildActionEntries: []xcscheme.BuildActionEntry{
-						xcscheme.BuildActionEntry{
+						{
 							BuildForArchiving: "YES",
 							BuildableReference: xcscheme.BuildableReference{
 								BuildableName:       "bitrise.app",