I have a multi-target/variant React Native project that uses Fastlane to build and deploy it. The focus of this question is iOS-related; specifically, I'm trying to understand how to use Fastlane Match to manage certificates.
I have two repositories in a single Azure DevOps project, one for the code and one for the certificates. I've set up SSH Git access for Azure and, when run locally, am able to use a git@ URL in my match configuration to successfully clone the repo and update certs:
$ bundle exec fastlane update_certs
...
INFO [2024-03-06 10:12:50.94]: Cloning remote git repo...
INFO [2024-03-06 10:12:50.94]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
INFO [2024-03-06 10:12:50.94]: $ git clone git@ssh.dev.azure.com:v3/<MY COMPANY>/<PROJECT>/<REPO> /var/folders/_l/5tqpmd_d6x5176yqdp77gr_c0000gp/T/d20240306-8899-1fyv6tu
INFO [2024-03-06 10:12:50.96]: ▸ Cloning into '/var/folders/_l/5tqpmd_d6x5176yqdp77gr_c0000gp/T/d20240306-8899-1fyv6tu'...
INFO [2024-03-06 10:12:51.23]: ▸ remote: Azure Repos
INFO [2024-03-06 10:12:51.25]: ▸ remote: Found 14 objects to send. (25 ms)
INFO [2024-03-06 10:12:51.27]: ▸ Receiving objects: 100% (14/14), 17.46 KiB | 17.46 MiB/s, done.
INFO [2024-03-06 10:12:51.28]: $ git --no-pager branch --list origin/master --no-color -r
INFO [2024-03-06 10:12:51.30]: ▸ origin/master
INFO [2024-03-06 10:12:51.30]: Checking out branch master...
INFO [2024-03-06 10:12:51.30]: $ git checkout master
INFO [2024-03-06 10:12:51.31]: ▸ branch 'master' set up to track 'origin/master'.
INFO [2024-03-06 10:12:51.31]: ▸ Switched to a new branch 'master'
INFO [2024-03-06 10:12:51.35]: 🔓 Decrypted '<CERT>.cer'
INFO [2024-03-06 10:12:51.35]: 🔓 Decrypted '<CERT>.p12'
INFO [2024-03-06 10:12:51.35]: 🔓 Decrypted 'AppStore_com.<ID>.mobileprovision'
INFO [2024-03-06 10:12:51.35]: 🔓 Successfully decrypted certificates repo
If I try the same in an Azure Pipeline the build hangs at the initial clone step. I've tried including the secrets repository with some resources: repositories: YAML, and adding a InstallSSHKey@0 task to the pipeline that appears to succeed, but neither addition helps.
The match docs state that when using Azure I may want to use bearer token authentication but don't really offer any more details.
My understanding is that this means to use the equivalent https:// Git URL, and provide match with a git_bearer_authorization parameter, like so:
match(
type: "appstore",
app_identifier: <BUNDLE ID>,
api_key: <API KEY>,
git_bearer_authorization: <WHAT GOES HERE?>,
git_url: "https://<ORG>@dev.azure.com/<ORG>/<PROJECT>/_git/<REPO>",
)
I've tried creating a Personal Access Token and using that (with and without base64 encoding, with and without the org name Azure suggests after the https://, above) but am still asked for username and password. The git command generated by match adds a -c http.extraheader='Authorization: Bearer <CONTENTS OF git_bearer_authorization> to the git command.
How do I generate a bearer token, and how can I use that locally and in CI? Explicit steps to a working match would be really really appreciated! Alternatively, has anyone managed to get SSH access (i.e. git@ URL) working with match in an Azure Pipeline, and if so, how?
TIA!
You can use DevOps https url, and system.accesstoken as the bear token in pipeline.
Please check the similar link for your reference. And existing yaml here.