GithubHelp home page GithubHelp logo

Comments (7)

doomsayer13 avatar doomsayer13 commented on June 1, 2024 1

Hi @KoCMoHaBTa,
Thanks for reporting, we will check it ASAP.

from steps-ios-auto-provision.

godrei avatar godrei commented on June 1, 2024

Hi @KoCMoHaBTa

thanks for the detailed description of your idea!

Regarding to: Connecting Apple Developer account

I agree that using service accounts to manage various services is a good idea and yes currently on Bitrise you can only wire in Developer Portal account through an organisation member with admin role.

We decided to solve it this way, since organisation members with member role can not touch the project settings. If we would allow to use a member role user's Developer Portal account, that user could not see / modify in which Bitrise projects his portal account is used.

We are iterating on this feature and we will try to create a smoother process when connecting service accounts to Bitrise projects.

Regarding to: Xcode Automatic Code Signing and Provisioning

One of the main reasons that lead us to wire in the auto provision feature was to let our users to manage profiles (including new test devices, set new services, ...) used by the build without leaving Bitrise.

If we would use Xcode's auto provisioning feature you would still need to register your new tester's device on the Developer Portal (in order to have it included it in the Profiles) and on Bitrise as well (for being able to install the ipa through Bitrise).

Also when you use Xcode's auto provisioning feature it also registers the managed code signing files for your account, but does not allow you to see these files on the Developer Portal. For example if you create a new project and set Automatically manage signing in Xcode, Xcode will register an App ID with your project's bundle id. This bundle id will be locked, you cannot see or manage it on the Developer Portal, but if you decide to manually manage your code signing files you can not register an App ID with the same bundle id. If you would try it, you would see:

There were errors in the data supplied. Please correct and re-submit.
An App ID with Identifier 'my.new.project.bundle.id' is not available. Please enter a different string.

So Xcode definitely touches your Developer Portal account, but does not allows you to see / modify the managed files.

Regarding to: security concern

Even if we would use Xcode's auto provision you still would need to provide your Developer Portal credentials. We are researching how we could make use of (app-specific passwords)[https://support.apple.com/en-us/HT204397] to solve the auto provision,
this would decrease the security concerns.

I hope this helps, but let me know if you need more info!

from steps-ios-auto-provision.

KoCMoHaBTa avatar KoCMoHaBTa commented on June 1, 2024

Hi, @doomsayer13

Thanks for the detailed response.
I would like to add few more points of clarification on the topic.

Regarding to: Connecting Apple Developer account

I'm looking forward to see, how this will go.
Probably connecting the Apple Developer account to the project directly by an admin account, instead of linking an account connected to an Admin user - might be more flexible, since there could be different apple developer accounts for the different repositories.
Otherwise, this would require to add users for each apple developer account that might be connected.

Regarding to: Xcode Automatic Code Signing and Provisioning

Thanks for the clarification about the goal of the step.
If I understand it correctly, from your details, it is to have single data flow that is from Bitrise to Apple Developer Portal in order to keep things simple and try to solve the struggling with apple certificates and provisioning profiles for most of the peoples. Something like "With this step, Bitrise will be able to handle everything related to provisioning and developers should not be bothered".

The idea was about having, exactly the opposite - the ability for Bitrise to only read from Apple. We leave Xcode to handle the Apple Developer Portal management and Bitrise to use what's in there. So adding a device, would require only adding it on the Apple Developer Portal and Bitrise would just start using it.
The point was to allow the users to use the step's reading functionality without using the writing one, since it does it anyway.
In case my idea is totally not the goal of the step - probably you could point me to another one that exists out there that provides this behaviour, or creation of such could be considered.

In regards to

So Xcode definitely touches your Developer Portal account ...

Yes it correct that xcode touches the Developer Portal account and since it is the only official way of doing it (the iTunes Connect API is not yet public) - we prefer to use it.

However regarding

... but does not allows you to see / modify the managed files.

This is true, only for personal free accounts - company accounts can see and modify everything that was managed by Xcode and also, any change Xcode request to do, requires explicit action from the developer.

Regarding to: security concern
Its about permissions to write to the portal - having different kind of authentication would not prevent the step from modifying stuffs from the Apple Developer Portal.

from steps-ios-auto-provision.

godrei avatar godrei commented on June 1, 2024

Hi @KoCMoHaBTa ,
thanks fo the infos! I will talk this through with the team.

from steps-ios-auto-provision.

yonaskolb avatar yonaskolb commented on June 1, 2024

Hi. Are there any updates on this? Has anything in this space changed since Dec?

from steps-ios-auto-provision.

godrei avatar godrei commented on June 1, 2024

Hi @yonaskolb , yesterday we released a new version: 1.0.0. The new version prepares the step to work with Xcode managed signing enabled iOS projects.

If you want to avoid to let the step generate codesign resources for you, use Xcode managed signing in your project, this way the step just registers the Bitrise test devices (if any missing in from the Developer portal) and downloads the Xcode managed profiles for your project.

I'll close this issue, but if you need more info/help just let us know and we'll reopen it!

from steps-ios-auto-provision.

KoCMoHaBTa avatar KoCMoHaBTa commented on June 1, 2024

Sounds promising, just a quick question - i know that admin access is needed to register a new device, so the question is - if the user does not have admin access, will it at least download the Xcode managed profiles?

from steps-ios-auto-provision.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.