sbycrosz · September 20, 2022 03:03
diff --git a/export-fastlane-match.rb b/export-fastlane-match.rb
 # Export iOS code signing as p12 and mobileprovision file for usage in Appcenter
 # Manual decryption as described on https://docs.fastlane.tools/actions/match/

 desc "Export fastlane match signing credentials for AppCenter"
 lane :export_code_signing do
  ensure_env_vars(
    env_vars: [
      "MATCH_GIT_URL",
      "MATCH_PASSWORD",
    ]
  )
  work_dir = "./.tmp"
  output_dir = "./.out"
  # Recreate working directory
  sh("rm -rf #{work_dir} #{output_dir}", log: false)
  sh("mkdir -p #{work_dir}", log: false)
  sh("mkdir -p #{output_dir}", log: false)

  # Download code signing repository
  sh("git archive --remote=#{ENV["MATCH_GIT_URL"]} HEAD certs profiles | tar -x -C #{work_dir}")
  # Decrypt provisioning profiles
  profiles = sh("find #{work_dir} -type f -name *.mobileprovision").split(/\n/)
  profiles.each do |profile|
    filename, = profile.match(/([^\/]+)$/).captures
    sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{profile}' -out '#{output_dir}/#{filename}' -a -d", log: false)
  end
  # Decrypt certificates and private-keys, then export them as p12
  certs = sh("find #{work_dir} -type f -name *.cer").split(/\n/)
  certs.each do |cert|
    certType, certID = cert.match(/(\w+)\/(\w+).cer$/).captures
   # Decrypt cert as pem file
    sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.cer' -out '#{work_dir}/cert.der' -a -d -md md5", log: false)
    sh("openssl x509 -inform der -in '#{work_dir}/cert.der' -out '#{work_dir}/cert.pem'", log: false)

   # Decrypt private key as pem file
    sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.p12' -out '#{work_dir}/key.pem' -a -d -md md5", log: false)

   # Generate p12 file for appcenter
    sh("openssl pkcs12 -export -out '#{output_dir}/#{certType}-#{certID}.p12' -inkey '#{work_dir}/key.pem' -in '#{work_dir}/cert.pem' -password pass:'#{ENV["MATCH_PASSWORD"]}'", log: false)
  end
  UI.success "🎉 Signing credentials are ready at: #{File.expand_path(output_dir)}"
  UI.success "Password: #{ENV["MATCH_PASSWORD"]}"
 end
	# Export iOS code signing as p12 and mobileprovision file for usage in Appcenter
	# Manual decryption as described on https://docs.fastlane.tools/actions/match/

	desc "Export fastlane match signing credentials for AppCenter"
	lane :export_code_signing do
	ensure_env_vars(
	env_vars: [
	"MATCH_GIT_URL",
	"MATCH_PASSWORD",
	]
	)
	work_dir = "./.tmp"
	output_dir = "./.out"
	# Recreate working directory
	sh("rm -rf #{work_dir} #{output_dir}", log: false)
	sh("mkdir -p #{work_dir}", log: false)
	sh("mkdir -p #{output_dir}", log: false)

	# Download code signing repository
	sh("git archive --remote=#{ENV["MATCH_GIT_URL"]} HEAD certs profiles \| tar -x -C #{work_dir}")
	# Decrypt provisioning profiles
	profiles = sh("find #{work_dir} -type f -name *.mobileprovision").split(/\n/)
	profiles.each do \|profile\|
	filename, = profile.match(/([^\/]+)$/).captures
	sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{profile}' -out '#{output_dir}/#{filename}' -a -d", log: false)
	end
	# Decrypt certificates and private-keys, then export them as p12
	certs = sh("find #{work_dir} -type f -name *.cer").split(/\n/)
	certs.each do \|cert\|
	certType, certID = cert.match(/(\w+)\/(\w+).cer$/).captures
	# Decrypt cert as pem file
	sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.cer' -out '#{work_dir}/cert.der' -a -d -md md5", log: false)
	sh("openssl x509 -inform der -in '#{work_dir}/cert.der' -out '#{work_dir}/cert.pem'", log: false)

	# Decrypt private key as pem file
	sh("openssl aes-256-cbc -k '#{ENV["MATCH_PASSWORD"]}' -in '#{work_dir}/certs/#{certType}/#{certID}.p12' -out '#{work_dir}/key.pem' -a -d -md md5", log: false)

	# Generate p12 file for appcenter
	sh("openssl pkcs12 -export -out '#{output_dir}/#{certType}-#{certID}.p12' -inkey '#{work_dir}/key.pem' -in '#{work_dir}/cert.pem' -password pass:'#{ENV["MATCH_PASSWORD"]}'", log: false)
	end
	UI.success "🎉 Signing credentials are ready at: #{File.expand_path(output_dir)}"
	UI.success "Password: #{ENV["MATCH_PASSWORD"]}"
	end