Tweak code signing lanes naming and make them all public (#23991)

* Use block named parameters in code signing lanes * Use hierarchical names in code signing lanes This way, we can better code complete * Rename `alpha_code_sign` to `..._wordpress_enterprise` Full name `update_certs_and_profiles_wordpress_enterprise` * Rename `appstore_code_sign` to `..._wordpress_app_store` Full name `update_certs_and_profiles_wordpress_app_store` * Rename `jetpack_alpha_code_sign` to `..._jetpack_enterprise` Full name `update_certs_and_profiles_jetpack_enterprise` * Rename `jetpack_appstore_code_sign` to `..._jetpack_app_store` Full name `update_certs_and_profiles_jetpack_app_store` * Make app-x-account specific code sign lanes public This way, we can call them when it's time to regenerate the profiles for one single combination without hacking the `Fastfile`. * Add lanes code signing lanes to Enterprise and App Store only combos * Configure code signing bucket `s3_region` to `us-east-2` This will avoid API redirects * Extract code signing S3 settings in constant Next step... move the constant to release toolkit?
wordpress-mobile · Jan 21, 2025 · 4546518 · 4546518
1 parent a1c1616
commit 4546518
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 29 deletions.
diff --git a/fastlane/lanes/build.rb b/fastlane/lanes/build.rb
@@ -169,7 +169,7 @@
 
     sentry_check_cli_installed
 
-    appstore_code_signing
+    update_certs_and_profiles_wordpress_app_store
 
     build_app(
       scheme: 'WordPress',
@@ -235,7 +235,7 @@
   lane :build_and_upload_jetpack_for_app_store do
     sentry_check_cli_installed
 
-    jetpack_appstore_code_signing
+    update_certs_and_profiles_jetpack_app_store
 
     build_app(
       scheme: 'Jetpack',
@@ -285,7 +285,7 @@
   lane :build_and_upload_wordpress_prototype_build do
     sentry_check_cli_installed
 
-    alpha_code_signing
+    update_certs_and_profiles_wordpress_enterprise
 
     build_and_upload_prototype_build(
       scheme: 'WordPress Alpha',
@@ -305,7 +305,7 @@
   lane :build_and_upload_jetpack_prototype_build do
     sentry_check_cli_installed
 
-    jetpack_alpha_code_signing
+    update_certs_and_profiles_jetpack_enterprise
 
     build_and_upload_prototype_build(
       scheme: 'Jetpack',

diff --git a/fastlane/lanes/codesign.rb b/fastlane/lanes/codesign.rb
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+CODE_SIGNING_STORAGE_OPTIONS = {
+  storage_mode: 's3',
+  s3_bucket: 'a8c-fastlane-match',
+  s3_region: 'us-east-2'
+}.freeze
+
 # Lanes related to Code Signing and Provisioning Profiles
 #
 platform :ios do
@@ -9,43 +15,39 @@
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
   lane :update_certs_and_profiles do |options|
-    update_wordpress_certs_and_profiles(options)
-    update_jetpack_certs_and_profiles(options)
+    update_certs_and_profiles_wordpress(options)
+    update_certs_and_profiles_jetpack(options)
   end
 
   # Downloads all the required certificates and profiles (using `match`) for all WordPress variants.
   # Optionally, it can create any new necessary certificate or profile.
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  lane :update_wordpress_certs_and_profiles do |options|
-    alpha_code_signing(options)
-    appstore_code_signing(options)
+  lane :update_certs_and_profiles_wordpress do |readonly: true|
+    update_certs_and_profiles_wordpress_enterprise(readonly: readonly)
+    update_certs_and_profiles_wordpress_app_store(readonly: readonly)
   end
 
   # Downloads all the required certificates and profiles (using `match`) for all Jetpack variants.
   # Optionally, it can create any new necessary certificate or profile.
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  lane :update_jetpack_certs_and_profiles do |options|
-    jetpack_alpha_code_signing(options)
-    jetpack_appstore_code_signing(options)
+  lane :update_certs_and_profiles_jetpack do |readonly: true|
+    update_certs_and_profiles_jetpack_enterprise(readonly: readonly)
+    update_certs_and_profiles_jetpack_app_store(readonly: readonly)
   end
 
-  ########################################################################
-  # Private lanes
-  ########################################################################
-
   # Downloads all the required certificates and profiles (using `match``) for the WordPress Alpha builds (`org.wordpress.alpha`) in the Enterprise account
   # Optionally, it can create any new necessary certificate or profile.
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :alpha_code_signing do |options|
+  lane :update_certs_and_profiles_wordpress_enterprise do |readonly: true|
     update_code_signing_enterprise(
       app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS.map { |id| id.sub(WORDPRESS_BUNDLE_IDENTIFIER, 'org.wordpress.alpha') },
-      readonly: options.fetch(:readonly, true)
+      readonly: readonly
     )
   end
 
@@ -54,10 +56,10 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :appstore_code_signing do |options|
+  lane :update_certs_and_profiles_wordpress_app_store do |readonly: true|
     update_code_signing_app_store(
-      readonly: options.fetch(:readonly, true),
-      app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS
+      app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS,
+      readonly: readonly
     )
   end
 
@@ -66,10 +68,10 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :jetpack_alpha_code_signing do |options|
+  lane :update_certs_and_profiles_jetpack_enterprise do |readonly: true|
     update_code_signing_enterprise(
       app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS.map { |id| id.sub(JETPACK_BUNDLE_IDENTIFIER, 'com.jetpack.alpha') },
-      readonly: options.fetch(:readonly, true)
+      readonly: readonly
     )
   end
 
@@ -78,12 +80,32 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :jetpack_appstore_code_signing do |options|
+  lane :update_certs_and_profiles_jetpack_app_store do |readonly: true|
     update_code_signing_app_store(
-      readonly: options.fetch(:readonly, true),
-      app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS
+      app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS,
+      readonly: readonly
     )
   end
+
+  # Downloads all the required certificates and profiles (using `match`) for both Jetpack and WordPress App Store variants.
+  # Optionally, it can create any new necessary certificate or profile.
+  #
+  # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
+  #
+  lane :update_certs_and_profiles_app_store do |readonly: true|
+    update_certs_and_profiles_jetpack_app_store(readonly: readonly)
+    update_certs_and_profiles_wordpress_app_store(readonly: readonly)
+  end
+
+  # Downloads all the required certificates and profiles (using `match`) for both Jetpack and WordPress Enterprise variants.
+  # Optionally, it can create any new necessary certificate or profile.
+  #
+  # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
+  #
+  lane :update_certs_and_profiles_enterprise do |readonly: true|
+    update_certs_and_profiles_jetpack_enterprise(readonly: readonly)
+    update_certs_and_profiles_wordpress_enterprise(readonly: readonly)
+  end
 end
 
 def update_code_signing_enterprise(readonly:, app_identifiers:)
@@ -124,13 +146,12 @@ def update_code_signing(type:, team_id:, readonly:, app_identifiers:, api_key_pa
   # NOTE: It might be neccessary to add `force: true` alongside `readonly: true` in order to regenerate some provisioning profiles.
   # If this turns out to be a hard requirement, we should consider updating the method with logic to toggle the two setting based on whether we're fetching or renewing.
   match(
-    storage_mode: 's3',
-    s3_bucket: 'a8c-fastlane-match',
     type: type,
     team_id: team_id,
     readonly: readonly,
     app_identifier: app_identifiers,
-    api_key_path: api_key_path
+    api_key_path: api_key_path,
+    **CODE_SIGNING_STORAGE_OPTIONS
   )
 end