Merge pull request #17100 from wordpress-mobile/fix/secrets-oss

.gitignore

@@ -90,11 +90,15 @@ Artifacts
 WordPress/Resources/AppImages.xcassets/AppIcon-Internal.appiconset
 WordPress/Resources/Icons-Internal
 
-# All secrets should be stored under .configure-files
+# All encrypted secrets should be stored under .configure-files
 # Everything without a .enc extension is ignored
 .configure-files/*
 !.configure-files/*.enc
 
+# A file external contributors can have locally to provide their own credentials.
+# This file is created during the `rake init:oss` task, based on the Secrets-example.swift file.
+WordPress/Credentials/Secrets.swift
+
 # Ignoring old locations to be sure they aren't commited accidentally
 WordPress/Credentials/wpcom_app_credentials
 WordPress/Credentials/wpcom_alpha_app_credentials

Rakefile

@@ -526,7 +526,7 @@ namespace :credentials do
       .gsub('let client = "0"', "let client=\"#{id}\"")
       .gsub('let secret = "your-secret-here"', "let secret=\"#{secret}\"")
 
-    File.open('.configure-files/WordPress-Secrets.swift', 'w') { |file| 
+    File.open('WordPress/Credentials/Secrets.swift', 'w') { |file| 
       file.puts replaced_text
     }
 

Scripts/BuildPhases/ApplyConfiguration.sh → Scripts/BuildPhases/GenerateCredentials.sh

@@ -92,8 +92,16 @@ if [ -f "$JETPACK_SECRETS_FILE" ] && [ "${BUILD_SCHEME}" == "Jetpack" ]; then
     exit 0
 fi
 
+EXTERNAL_CONTRIBUTOR_RELEASE_MSG="External contributors should not need to perform a Release build"
+
 # If the developer has a local secrets file, use it
 if [ -f "$LOCAL_SECRETS_FILE" ]; then
+    if [[ $CONFIGURATION == Release* ]]; then
+      echo "error: You can't do a Release build when using local Secrets (from $LOCAL_SECRETS_FILE). $EXTERNAL_CONTRIBUTOR_RELEASE_MSG."
+      exit 1
+    fi
+
+    echo "warning: Using local Secrets from $LOCAL_SECRETS_FILE. If you are an external contributor, this is expected and you can ignore this warning. If you are an internal contributor, make sure to use our shared credentials instead."
     echo "Applying Local Secrets"
     cp -v "$LOCAL_SECRETS_FILE" "${SECRETS_DESTINATION_FILE}"
     exit 0
@@ -103,19 +111,20 @@ fi
 # resort, unless building for Release.
 
 COULD_NOT_FIND_SECRET_MSG="Could not find secrets file at ${SECRETS_DESTINATION_FILE}. This is likely due to the source secrets being missing from ${SECRETS_ROOT}"
-INTERNAL_CONTRIBUTOR_MSG="If you are an internal contributor, run \`bundle exec fastlane run configure_apply\` to update your secrets"
+INTERNAL_CONTRIBUTOR_MSG="If you are an internal contributor, run \`bundle exec fastlane run configure_apply\` to update your secrets and try again"
+EXTERNAL_CONTRIBUTOR_MSG="If you are an external contributor, run \`bundle exec rake init:oss\` to set up and use your own credentials"
 
 case $CONFIGURATION in
   Release*)
     # There are three release configurations: Release, Release-Alpha, and
     # Release-Internal. Since they all start with "Release" we can use a
     # pattern to check for them.
-    echo "error: $COULD_NOT_FIND_SECRET_MSG. Cannot continue Release build. $INTERNAL_CONTRIBUTOR_MSG and try again. External contributors should not need to perform a Release build."
+    echo "error: $COULD_NOT_FIND_SECRET_MSG. Cannot continue Release build. $INTERNAL_CONTRIBUTOR_MSG. $EXTERNAL_CONTRIBUTOR_RELEASE_MSG."
     exit 1
     ;;
   *)
-    echo "warning: $COULD_NOT_FIND_SECRET_MSG. Falling back to $EXAMPLE_SECRETS_FILE. In a Release build, this would be an error. $INTERNAL_CONTRIBUTOR_MSG and try again. If you are an external contributor, you can ignore this warning."
+    echo "warning: $COULD_NOT_FIND_SECRET_MSG. Falling back to $EXAMPLE_SECRETS_FILE. In a Release build, this would be an error. $INTERNAL_CONTRIBUTOR_MSG. $EXTERNAL_CONTRIBUTOR_MSG."
     echo "Applying Example Secrets"
-    cp -v "$EXAMPLE_SECRETS_FILE" "$SECRETS_DESTINATION_FILE"
+    cp -v "$EXAMPLE_SECRETS_FILE" "${SECRETS_DESTINATION_FILE}"
     ;;
 esac

WordPress/secrets-manifest.xcfilelist → Scripts/BuildPhases/GenerateCredentials.xcfilelist

@@ -5,6 +5,11 @@ ${HOME}/.configure/wordpress-ios/secrets/WordPress-Secrets-Internal.swift
 ${HOME}/.configure/wordpress-ios/secrets/WordPress-Secrets-Alpha.swift
 ${HOME}/.configure/wordpress-ios/secrets/Jetpack-Secrets.swift
 
+# Local Secrets file that external contributors can use to specify their own
+# ClientID and Secrets. This file is created by the Rakefile when external
+# contributors run the `init:oss` task and provide their own credentials.
+${SRCROOT}/Credentials/Secrets.swift
+
 # Example secrets file, we fallback to this if none of the above is avaiable.
 # That usually happens on new machines, to external contributors, or in CI
 # builds that don't need access to secrets, such as the unit tests.

WordPress/WordPress.xcodeproj/project.pbxproj

@@ -3,10 +3,21 @@
 	archiveVersion = 1;
 	classes = {
 	};
-	objectVersion = 52;
+	objectVersion = 54;
 	objects = {
 
 /* Begin PBXAggregateTarget section */
+		096A92F526E29FFF00448C68 /* GenerateCredentials */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 096A92FA26E2A00000448C68 /* Build configuration list for PBXAggregateTarget "GenerateCredentials" */;
+			buildPhases = (
+				096A92FB26E2A05400448C68 /* Generate Secrets / Credentials */,
+			);
+			dependencies = (
+			);
+			name = GenerateCredentials;
+			productName = GenerateCredentials;
+		};
 		A2795807198819DE0031C6A3 /* OCLint */ = {
 			isa = PBXAggregateTarget;
 			buildConfigurationList = A279580C198819DE0031C6A3 /* Build configuration list for PBXAggregateTarget "OCLint" */;
@@ -4448,6 +4459,20 @@
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
+		096A92FC26E2A0AE00448C68 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 29B97313FDCFA39411CA2CEA /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 096A92F526E29FFF00448C68;
+			remoteInfo = GenerateCredentials;
+		};
+		096A92FE26E2A0C000448C68 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 29B97313FDCFA39411CA2CEA /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 096A92F526E29FFF00448C68;
+			remoteInfo = GenerateCredentials;
+		};
 		3F526C5A2538CF2B0069706C /* PBXContainerItemProxy */ = {
 			isa = PBXContainerItemProxy;
 			containerPortal = 29B97313FDCFA39411CA2CEA /* Project object */;
@@ -4976,7 +5001,6 @@
 		24AD674E25FC262E0056102C /* tr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = tr; path = tr.lproj/Sites.strings; sourceTree = "<group>"; };
 		24AD675025FC262F0056102C /* cy */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = cy; path = cy.lproj/Sites.strings; sourceTree = "<group>"; };
 		24ADA24B24F9A4CB001B5DAE /* RemoteFeatureFlagStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RemoteFeatureFlagStore.swift; sourceTree = "<group>"; };
-		24AE9C262649ECF400AC7F15 /* secrets-manifest.xcfilelist */ = {isa = PBXFileReference; lastKnownFileType = text.xcfilelist; path = "secrets-manifest.xcfilelist"; sourceTree = "<group>"; };
 		24AE9E66264B34E500AC7F15 /* Secrets-example.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Secrets-example.swift"; sourceTree = "<group>"; };
 		24B1AE3024FEC79900B9F334 /* RemoteFeatureFlagTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RemoteFeatureFlagTests.swift; sourceTree = "<group>"; };
 		24B54FAD2624F8350041B18E /* JetpackRelease-Internal.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "JetpackRelease-Internal.entitlements"; sourceTree = "<group>"; };
@@ -13706,7 +13730,6 @@
 			isa = PBXGroup;
 			children = (
 				24AE9E66264B34E500AC7F15 /* Secrets-example.swift */,
-				24AE9C262649ECF400AC7F15 /* secrets-manifest.xcfilelist */,
 			);
 			path = Credentials;
 			sourceTree = "<group>";
@@ -14601,7 +14624,6 @@
 			buildConfigurationList = 1D6058960D05DD3E006BFB54 /* Build configuration list for PBXNativeTarget "WordPress" */;
 			buildPhases = (
 				E00F6488DE2D86BDC84FBB0B /* [CP] Check Pods Manifest.lock */,
-				24AE9E53264B312000AC7F15 /* Apply Configuration Secrets */,
 				825F0EBF1F7EBF7C00321528 /* App Icons: Add Version For Internal Releases */,
 				1D60588D0D05DD3D006BFB54 /* Resources */,
 				F9C5CF0222CD5DB0007CEF56 /* Copy Alternate Internal Icons (if needed) */,
@@ -14615,6 +14637,7 @@
 			buildRules = (
 			);
 			dependencies = (
+				096A92FD26E2A0AE00448C68 /* PBXTargetDependency */,
 				FFC3F6FC1B0DBF7200EFC359 /* PBXTargetDependency */,
 				93E5284519A7741A003A1A9C /* PBXTargetDependency */,
 				93E5284819A7741A003A1A9C /* PBXTargetDependency */,
@@ -14873,7 +14896,6 @@
 			buildConfigurationList = FABB264D2602FC2C00C8785C /* Build configuration list for PBXNativeTarget "Jetpack" */;
 			buildPhases = (
 				FABB1FA72602FC2C00C8785C /* [CP] Check Pods Manifest.lock */,
-				FABB1FA82602FC2C00C8785C /* Apply Configuration Secrets */,
 				FABB1FA92602FC2C00C8785C /* App Icons: Add Version For Internal Releases */,
 				FABB1FAA2602FC2C00C8785C /* Resources */,
 				FABB20C12602FC2C00C8785C /* Copy Alternate Internal Icons (if needed) */,
@@ -14887,6 +14909,7 @@
 			buildRules = (
 			);
 			dependencies = (
+				096A92FF26E2A0C000448C68 /* PBXTargetDependency */,
 				FABB1F902602FC2C00C8785C /* PBXTargetDependency */,
 			);
 			name = Jetpack;
@@ -14949,6 +14972,9 @@
 				LastUpgradeCheck = 0930;
 				ORGANIZATIONNAME = WordPress;
 				TargetAttributes = {
+					096A92F526E29FFF00448C68 = {
+						CreatedOnToolsVersion = 12.5;
+					};
 					1D6058900D05DD3D006BFB54 = {
 						DevelopmentTeam = PZYM8XX95Q;
 						LastSwiftMigration = 1000;
@@ -15152,6 +15178,7 @@
 				E16AB92914D978240047A2E5 /* WordPressTest */,
 				FF27168E1CAAC87A0006E2D4 /* WordPressUITests */,
 				8511CFB51C607A7000B7CEED /* WordPressScreenshotGeneration */,
+				096A92F526E29FFF00448C68 /* GenerateCredentials */,
 				A2795807198819DE0031C6A3 /* OCLint */,
 				FFC3F6F41B0DBF0900EFC359 /* UpdatePlistPreprocessor */,
 				FFA8E22A1F94E3DE0002170F /* SwiftLint */,
@@ -15898,6 +15925,28 @@
 /* End PBXResourcesBuildPhase section */
 
 /* Begin PBXShellScriptBuildPhase section */
+		096A92FB26E2A05400448C68 /* Generate Secrets / Credentials */ = {
+			isa = PBXShellScriptBuildPhase;
+			alwaysOutOfDate = 1;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputFileListPaths = (
+				"$(SRCROOT)/../Scripts/BuildPhases/GenerateCredentials.xcfilelist",
+			);
+			inputPaths = (
+			);
+			name = "Generate Secrets / Credentials";
+			outputFileListPaths = (
+			);
+			outputPaths = (
+				"$(BUILD_DIR)/Secrets/Secrets.swift",
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "$SRCROOT/../Scripts/BuildPhases/GenerateCredentials.sh\n";
+			showEnvVarsInLog = 0;
+		};
 		0AA1A8899C01FEF3599F6FCF /* [CP] Check Pods Manifest.lock */ = {
 			isa = PBXShellScriptBuildPhase;
 			buildActionMask = 2147483647;
@@ -15942,26 +15991,6 @@
 			shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-WordPressStatsWidgets/Pods-WordPressStatsWidgets-resources.sh\"\n";
 			showEnvVarsInLog = 0;
 		};
-		24AE9E53264B312000AC7F15 /* Apply Configuration Secrets */ = {
-			isa = PBXShellScriptBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-			);
-			inputFileListPaths = (
-				"$(SRCROOT)/secrets-manifest.xcfilelist",
-			);
-			inputPaths = (
-			);
-			name = "Apply Configuration Secrets";
-			outputFileListPaths = (
-			);
-			outputPaths = (
-				"$(BUILD_DIR)/Secrets/Secrets.swift",
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-			shellPath = /bin/sh;
-			shellScript = "export PROJECT_ROOT=$(dirname $SRCROOT)\n$PROJECT_ROOT/Scripts/BuildPhases/ApplyConfiguration.sh\n";
-		};
 		2ACEBC2718E9AC320D2B2858 /* [CP] Copy Pods Resources */ = {
 			isa = PBXShellScriptBuildPhase;
 			buildActionMask = 2147483647;
@@ -16576,25 +16605,6 @@
 			shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n    # print error to STDERR\n    echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n    exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n";
 			showEnvVarsInLog = 0;
 		};
-		FABB1FA82602FC2C00C8785C /* Apply Configuration Secrets */ = {
-			isa = PBXShellScriptBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-			);
-			inputFileListPaths = (
-				"$(SRCROOT)/secrets-manifest.xcfilelist",
-			);
-			inputPaths = (
-			);
-			name = "Apply Configuration Secrets";
-			outputPaths = (
-				"$(BUILD_DIR)/Secrets/Secrets.swift",
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-			shellPath = /bin/sh;
-			shellScript = "export PROJECT_ROOT=$(dirname $SRCROOT)\n$PROJECT_ROOT/Scripts/BuildPhases/ApplyConfiguration.sh\n";
-			showEnvVarsInLog = 0;
-		};
 		FABB1FA92602FC2C00C8785C /* App Icons: Add Version For Internal Releases */ = {
 			isa = PBXShellScriptBuildPhase;
 			buildActionMask = 2147483647;
@@ -20602,6 +20612,16 @@
 /* End PBXSourcesBuildPhase section */
 
 /* Begin PBXTargetDependency section */
+		096A92FD26E2A0AE00448C68 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 096A92F526E29FFF00448C68 /* GenerateCredentials */;
+			targetProxy = 096A92FC26E2A0AE00448C68 /* PBXContainerItemProxy */;
+		};
+		096A92FF26E2A0C000448C68 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 096A92F526E29FFF00448C68 /* GenerateCredentials */;
+			targetProxy = 096A92FE26E2A0C000448C68 /* PBXContainerItemProxy */;
+		};
 		3F526C5B2538CF2B0069706C /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			target = 3F526C4B2538CF2A0069706C /* WordPressStatsWidgets */;
@@ -21007,6 +21027,38 @@
 /* End PBXVariantGroup section */
 
 /* Begin XCBuildConfiguration section */
+		096A92F626E2A00000448C68 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Automatic;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+			};
+			name = Debug;
+		};
+		096A92F726E2A00000448C68 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Automatic;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+			};
+			name = Release;
+		};
+		096A92F826E2A00000448C68 /* Release-Internal */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Automatic;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+			};
+			name = "Release-Internal";
+		};
+		096A92F926E2A00000448C68 /* Release-Alpha */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CODE_SIGN_STYLE = Automatic;
+				PRODUCT_NAME = "$(TARGET_NAME)";
+			};
+			name = "Release-Alpha";
+		};
 		1D6058940D05DD3E006BFB54 /* Debug */ = {
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = 75305C06D345590B757E3890 /* Pods-Apps-WordPress.debug.xcconfig */;
@@ -24726,6 +24778,17 @@
 /* End XCBuildConfiguration section */
 
 /* Begin XCConfigurationList section */
+		096A92FA26E2A00000448C68 /* Build configuration list for PBXAggregateTarget "GenerateCredentials" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				096A92F626E2A00000448C68 /* Debug */,
+				096A92F726E2A00000448C68 /* Release */,
+				096A92F826E2A00000448C68 /* Release-Internal */,
+				096A92F926E2A00000448C68 /* Release-Alpha */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
 		1D6058960D05DD3E006BFB54 /* Build configuration list for PBXNativeTarget "WordPress" */ = {
 			isa = XCConfigurationList;
 			buildConfigurations = (