UNPKG

@capgo/cli

Version:

A CLI to upload to capgo servers

github.com/Cap-go/capgo/tree/main/cli

Cap-go/capgo

141 lines (140 loc) 7.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
export type Platform = 'ios' | 'android'; export interface OnboardingCompletionSummary { /** The Capgo dashboard build URL, when a build was kicked off. */ buildUrl?: string; /** One-line CI-secret upload summary, when secrets were pushed. */ ciSecretUploadSummary?: string | null; /** Path to the generated GitHub Actions workflow file, when written. */ workflowFilePath?: string | null; /** Path to the exported .env file, when the user chose the env-export fallback. */ envExportPath?: string | null; /** The "run anytime" build-request command shown on the final screen. */ buildRequestCommand?: string; } export interface OnboardingResult { outcome: 'completed' | 'cancelled'; /** Present only when outcome === 'completed'. */ summary?: OnboardingCompletionSummary; } export type OnboardingStep = 'welcome' | 'resume-prompt' | 'platform-select' | 'adding-platform' | 'credentials-exist' | 'backing-up' | 'setup-method-select' | 'import-scanning' | 'import-distribution-mode' | 'import-pick-identity' | 'import-pick-profile' | 'import-validating-all-certs' | 'import-checking-apple-cert' | 'import-no-match-recovery' | 'import-portal-explanation' | 'import-provide-profile-path' | 'import-create-profile-only' | 'import-export-warning' | 'import-compiling-helper' | 'import-exporting' | 'api-key-instructions' | 'p8-method-select' | 'input-p8-path' | 'input-key-id' | 'input-issuer-id' | 'verifying-key' | 'verify-app' | 'creating-certificate' | 'cert-limit-prompt' | 'revoking-certificate' | 'creating-profile' | 'duplicate-profile-prompt' | 'deleting-duplicate-profiles' | 'saving-credentials' | 'detecting-ci-secrets' | 'ci-secrets-setup' | 'ci-secrets-target-select' | 'ask-ci-secrets' | 'checking-ci-secrets' | 'confirm-ci-secret-overwrite' | 'uploading-ci-secrets' | 'ci-secrets-failed' | 'ask-github-actions-setup' | 'confirm-secrets-push' | 'ask-export-env' | 'exporting-env' | 'confirm-env-export-overwrite' | 'overwrite-and-export-env' | 'pick-package-manager' | 'pick-build-script' | 'pick-build-script-custom' | 'preview-workflow-file' | 'view-workflow-diff' | 'writing-workflow-file' | 'ask-build' | 'requesting-build' | 'ai-analysis-prompt' | 'ai-analysis-running' | 'ai-analysis-result' | 'ai-analysis-result-scroll' | 'build-complete' | 'no-platform' | 'error'; export type OnboardingErrorCategory = 'apple_api_unauthorized' | 'apple_api_rate_limited' | 'cert_limit_reached' | 'profile_creation_failed' | 'p8_invalid' | 'keychain_no_identities' | 'keychain_export_failed' | 'keychain_helper_compile_failed' | 'profile_no_match' | 'profile_read_failed' | 'unknown'; export interface ApiKeyData { keyId: string; issuerId: string; } /** * Per-identity result of the eager Apple-side validation run. Populated by * the `import-validating-all-certs` step useEffect, consumed by the two- * table picker in `import-pick-identity`. Kept here (alongside the Step * type) so the renderer and the validation logic share a single shape. */ export interface EnrichedIdentityAvailability { /** True when Apple's API returned a SHA1 match for this identity. */ available: boolean; /** * Stable reason code for unavailable identities. Drives the per-reason * detail rendering in the unavailable table (e.g. notice about the * Apple-managed signing constraint, or about private-key-missing). */ reason?: 'expired' | 'managed' | 'not-visible' | 'check-failed' | 'no-private-key'; /** One-line summary shown in the Reason column of the unavailable table. */ reasonText?: string; /** When available — Apple-side cert resource id, reused downstream. */ appleCertId?: string; /** * Apple-side cert name as returned by /v1/certificates. Useful when * the local Keychain name differs from the portal name (e.g. multiple * "iOS Distribution" certs in the same team — the portal column says * exactly which one). */ appleCertName?: string; /** * ISO timestamp from Apple's expiration field. Shown in the manual- * portal walkthrough so the user can tell which row to click when * multiple certs are listed. */ appleCertExpirationDate?: string; /** * Full serial number from Apple. The portal shows it in the cert * detail view; surfacing the last 8 chars here gives the user a * concrete disambiguator without leaking the full 40-byte serial * into the terminal. */ appleCertSerialNumber?: string; } export interface CertificateData { certificateId: string; expirationDate: string; teamId: string; p12Base64: string; } export interface ProfileData { profileId: string; profileName: string; profileBase64: string; } export interface OnboardingProgress { platform: Platform; appId: string; startedAt: string; /** Path to the .p8 file on disk (content is NOT stored, only the path) */ p8Path?: string; /** Partial input — saved incrementally so resume works mid-flow */ keyId?: string; issuerId?: string; /** * Records which fork the user picked at `setup-method-select`. Crucial for * resume — without this, a partial import-flow run would resume at * `creating-certificate` (the create-new path) and immediately hit the * Apple cert-limit error. * * Absent on legacy progress files (created before this field existed) → * resume defaults to `create-new` for backward compatibility. */ setupMethod?: 'create-new' | 'import-existing'; /** * Records the distribution mode picked at `import-distribution-mode`. * * Persisted (not derived from .p8 presence) because ad_hoc users can * legitimately enter a one-shot .p8 during no-match recovery, which would * otherwise make .p8-presence-implies-app_store an incorrect heuristic. On * resume the UI hydrates `importDistribution` from this field so the * `verifying-key` branch and `doSaveCredentials` route correctly. * * Only meaningful when `setupMethod === 'import-existing'`. */ importDistribution?: 'app_store' | 'ad_hoc'; /** * The resolved iOS bundle id (the authoritative Release * `PRODUCT_BUNDLE_IDENTIFIER`) when it differs from `capacitor.config.appId`. * Used for Apple-side operations (cert lookup, profile filtering, * `ensureBundleId`, `createProfile`) and as the key in the provisioning_map. * The progress-file key and Capgo SaaS API calls still use `appId` so existing * build commands keep finding these credentials without editing * `capacitor.config`. * * Persisted so verify-app / redirectIfMismatch don't re-resolve on resume — * once set, the override sticks unless the configuration context (see * `iosBundleIdContextAppId`) changes between CLI runs. */ iosBundleIdOverride?: string; /** * Snapshot of `config.appId` at the time the `iosBundleIdOverride` was * resolved. On the next run we compare this to the current `config.appId`; * if it changed (user renamed the app, added/removed a dev-tunnel suffix, * etc.) the saved override is stale and we re-resolve / re-verify via the * verify-app step. Without this we'd silently keep using a bundle id the * user already moved on from. */ iosBundleIdContextAppId?: string; completedSteps: { apiKeyVerified?: ApiKeyData; certificateCreated?: CertificateData; profileCreated?: ProfileData; }; /** Temporary — wiped after .p12 creation */ _privateKeyPem?: string; } /** Maps each step to a progress percentage (0-100) */ export declare const STEP_PROGRESS: Record<OnboardingStep, number>; export declare function getPhaseLabel(step: OnboardingStep): string;