fix: keychain access controll

CHANGELOG.md

@@ -1,3 +1,8 @@
+# 0.10.6
+
+# Fix:
+- Keychain should be accessible to all from ci/cd plugin
+
 # 0.10.5
 
 # Fix:

lib/src/integrations/apple_certificate/plugin/mac_os_keychain_plugin.dart

@@ -20,44 +20,22 @@ class MacOsKeyChainPlugin extends ImpaktfullCliPlugin {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
     final originalKeyChains = await _getUserKeyChains();
     if (originalKeyChains.contains(fullKeyChainName)) {
-      throw ImpaktfullCliError(
-          '$fullKeyChainName already exists, make sure to remove it first.');
+      throw ImpaktfullCliError('$fullKeyChainName already exists, make sure to remove it first.');
     }
 
     ImpaktfullCliLogger.debug('Create Apple KeyChain ($fullKeyChainName)');
-    await processRunner.runProcess([
-      'security',
-      'create-keychain',
-      '-p',
-      '$globalKeyChainPassword',
-      fullKeyChainName
-    ]);
+    await processRunner.runProcess(['security', 'create-keychain', '-p', '$globalKeyChainPassword', fullKeyChainName]);
     final keyChain = await _getUserKeyChains();
-    await processRunner.runProcess([
-      'security',
-      'list-keychains',
-      '-d',
-      'user',
-      '-s',
-      fullKeyChainName,
-      ...keyChain
-    ]);
+    await processRunner.runProcess(['security', 'list-keychains', '-d', 'user', '-s', fullKeyChainName, ...keyChain]);
   }
 
   Future<void> unlockKeyChain(
     String keyChainName,
     Secret globalKeyChainPassword,
   ) async {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
-    await processRunner
-        .runProcess(['security', 'set-keychain-settings', fullKeyChainName]);
-    await processRunner.runProcess([
-      'security',
-      'unlock-keychain',
-      '-p',
-      '$globalKeyChainPassword',
-      fullKeyChainName
-    ]);
+    await processRunner.runProcess(['security', 'set-keychain-settings', fullKeyChainName]);
+    await processRunner.runProcess(['security', 'unlock-keychain', '-p', globalKeyChainPassword.value, fullKeyChainName]);
   }
 
   Future<void> addCertificateToKeyChain(
@@ -70,63 +48,39 @@ class MacOsKeyChainPlugin extends ImpaktfullCliPlugin {
     ],
   }) async {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
-    if (accessControlAll) {
-      await processRunner.runProcess([
-        'security',
-        'import',
-        (certFile.path),
-        '-k',
-        fullKeyChainName,
-        '-P',
-        certPassword.value,
-        '-A'
-      ]);
-    } else if (accessControlApplications.isNotEmpty) {
-      await processRunner.runProcess([
-        'security',
-        'import',
-        certFile.path,
-        '-k',
-        fullKeyChainName,
-        '-P',
-        certPassword.value,
+    await processRunner.runProcess([
+      'security',
+      'import',
+      certFile.path,
+      '-k',
+      fullKeyChainName,
+      '-P',
+      certPassword.value,
+      if (accessControlAll) ...[
+        '-A',
+      ] else ...[
         for (final application in accessControlApplications) ...[
           ...[
             '-T',
             application,
           ]
-        ]
-      ]);
-    } else {
-      await processRunner.runProcess([
-        'security',
-        'import',
-        certFile.path,
-        '-k',
-        fullKeyChainName,
-        '-P',
-        certPassword.value
-      ]);
-    }
+        ],
+      ],
+    ]);
   }
 
   Future<void> removeKeyChain(
     String keyChainName,
   ) async {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
     ImpaktfullCliLogger.debug('Remove Apple KeyChain ($fullKeyChainName)');
-    await processRunner
-        .runProcess(['security', 'delete-keychain', fullKeyChainName]);
+    await processRunner.runProcess(['security', 'delete-keychain', fullKeyChainName]);
   }
 
   Future<List<String>> _getUserKeyChains() async {
-    final keychainsString = await processRunner
-        .runProcess(['security', 'list-keychains', '-d', 'user']);
-    final keychainsList =
-        keychainsString.split('\n').where((element) => element.isNotEmpty);
-    return keychainsList
-        .map((keychain) => keychain.replaceAll('"', '').trim())
-        .toList();
+    final keychainsString = await processRunner.runProcess(['security', 'list-keychains', '-d', 'user']);
+    final keychainsList = keychainsString.split('\n').where((element) => element.isNotEmpty);
+    return keychainsList.map((keychain) => keychain.replaceAll('"', '').trim()).toList();
   }
 
   Future<void> printKeyChainList() async {

lib/src/integrations/ci_cd/plugin/ci_cd_plugin.dart

@@ -86,8 +86,7 @@ class CiCdPlugin extends ImpaktfullPlugin {
     if (playStoreUploadConfig != null) {
       await playStorePlugin.uploadToPlayStore(
         file: file,
-        serviceAccountCredentialsFile:
-            playStoreUploadConfig.serviceAccountCredentialsFile,
+        serviceAccountCredentialsFile: playStoreUploadConfig.serviceAccountCredentialsFile,
       );
     }
   }
@@ -149,8 +148,7 @@ class CiCdPlugin extends ImpaktfullPlugin {
       await testflightPlugin.uploadToTestflightWithEmailPassword(
         file: file,
         email: testflightUploadConfig.credentials?.userName,
-        appSpecificPassword:
-            testflightUploadConfig.credentials?.appSpecificPassword,
+        appSpecificPassword: testflightUploadConfig.credentials?.appSpecificPassword,
         type: testflightUploadConfig.type,
       );
     }
@@ -194,16 +192,12 @@ class CiCdPlugin extends ImpaktfullPlugin {
     Secret? globalKeyChainPassword,
   }) async {
     ImpaktfullCliEnvironment.requiresMacOs(reason: 'Building iOS/macOS apps');
-    final globalKeyChainPasswordSecret = globalKeyChainPassword ??
-        ImpaktfullCliEnvironmentVariables.getUnlockKeyChainPassword();
+    final globalKeyChainPasswordSecret = globalKeyChainPassword ?? ImpaktfullCliEnvironmentVariables.getUnlockKeyChainPassword();
 
-    await macOsKeyChainPlugin.createKeyChain(
-        keyChainName, globalKeyChainPasswordSecret);
+    await macOsKeyChainPlugin.createKeyChain(keyChainName, globalKeyChainPasswordSecret);
     try {
-      await macOsKeyChainPlugin.unlockKeyChain(
-          keyChainName, globalKeyChainPasswordSecret);
-      await macOsKeyChainPlugin.addCertificateToKeyChain(
-          keyChainName, certFile, certPassword);
+      await macOsKeyChainPlugin.unlockKeyChain(keyChainName, globalKeyChainPasswordSecret);
+      await macOsKeyChainPlugin.addCertificateToKeyChain(keyChainName, certFile, certPassword, accessControlAll: true);
       await onStartBuild();
     } catch (e) {
       rethrow;