fastlane / fastlane

🚀 The easiest way to automate building and releasing your iOS and Android apps

Home Page:https://fastlane.tools

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

`setup_ci` interferes with host keychains, permanently changes default keychain

WoodyWoodsta opened this issue · comments

New Issue Checklist

Issue Description

setup_ci kindly creates a temporary keychain for use in the CI environment, so as to not require user interaction or login passwords. However, it makes it the default keychain and does not appear to delete it after fastlane has finished. Some CI environments are persistent, such as Self-hosted Github Action Runners, meaning that if the "temporary" keychain is left, further actions will interact with the keychain. Further, some CI environments perform multiple different jobs; each might have different keychains and keychain behaviour requirements. In my case, I have a Github Action Runner installed on my Macbook, and applications interact with the keychain if it is made the default and left over.

My questions:

  1. Should setup_ci not be cleaning up the temp keychain after use?
  2. Why does fastlane require the temp keychain to be the default one? Surely with MATCH_KEYCHAIN_NAME set here, it does not need to list the keychain as being the default one?

Environment

fastlane environment

Stack

Key Value
OS 12.4
Ruby 3.0.1
Bundler? true
Git git version 2.36.1
Installation Source ~/.rvm/gems/ruby-3.0.1/bin/fastlane
Host macOS 12.4 (21F79)
Ruby Lib Dir ~/.rvm/rubies/ruby-3.0.1/lib
OpenSSL Version OpenSSL 1.1.1k 25 Mar 2021
Is contained false
Is homebrew false
Is installed via Fabric.app false
Xcode Path /Applications/Xcode.app/Contents/Developer/
Xcode Version 13.4.1
Swift Version 5.6.1

System Locale

Variable Value
LANG en_GB.UTF-8
LC_ALL
LANGUAGE

fastlane gems

Gem Version Update-Status
fastlane 2.206.2 Up-To-Date

Loaded fastlane plugins:

Plugin Version Update-Status
fastlane-plugin-versioning_android 0.1.0 Up-To-Date
Loaded gems
Gem Version
did_you_mean 1.5.0
bundler 2.3.15
tsort 0.1.0
uri 0.10.1
pathname 0.1.0
rake 13.0.6
rexml 3.2.5
CFPropertyList 3.0.5
concurrent-ruby 1.1.10
i18n 1.10.0
minitest 5.15.0
tzinfo 2.0.4
zeitwerk 2.5.4
activesupport 6.1.6
public_suffix 4.0.7
addressable 2.8.0
httpclient 2.8.3
json 2.6.2
algoliasearch 1.27.5
artifactory 3.0.15
atomos 0.1.3
aws-eventstream 1.2.0
aws-partitions 1.598.0
aws-sigv4 1.5.0
jmespath 1.6.1
aws-sdk-core 3.131.1
aws-sdk-kms 1.57.0
aws-sdk-s3 1.114.0
babosa 1.0.4
claide 1.1.0
fuzzy_match 2.0.4
nap 1.1.0
netrc 0.11.0
ffi 1.15.5
ethon 0.15.0
typhoeus 1.4.0
cocoapods-core 1.11.3
cocoapods-deintegrate 1.0.5
cocoapods-downloader 1.6.3
cocoapods-plugins 1.0.0
cocoapods-search 1.0.1
cocoapods-trunk 1.6.0
cocoapods-try 1.2.0
colored2 3.1.2
escape 0.0.4
fourflusher 2.3.1
gh_inspector 1.1.3
molinillo 0.8.0
ruby-macho 2.5.1
nanaimo 0.3.0
xcodeproj 1.21.0
cocoapods 1.11.3
colored 1.2
highline 2.0.3
commander 4.6.0
declarative 0.0.20
digest-crc 0.6.4
unf_ext 0.0.8.2
unf 0.1.4
domain_name 0.5.20190701
dotenv 2.7.6
emoji_regex 3.2.3
excon 0.92.3
faraday-em_http 1.0.0
faraday-em_synchrony 1.0.0
faraday-excon 1.1.0
faraday-httpclient 1.0.1
multipart-post 2.0.0
faraday-multipart 1.0.4
faraday-net_http 1.0.1
faraday-net_http_persistent 1.2.0
faraday-patron 1.0.0
faraday-rack 1.0.0
faraday-retry 1.0.3
ruby2_keywords 0.0.5
faraday 1.10.0
http-cookie 1.0.5
faraday-cookie_jar 0.0.7
faraday_middleware 1.2.0
fastimage 2.2.6
jwt 2.4.1
memoist 0.16.2
multi_json 1.15.0
os 1.1.4
signet 0.16.1
googleauth 1.1.3
mini_mime 1.1.2
trailblazer-option 0.1.2
uber 0.1.0
representable 3.2.0
retriable 3.1.2
webrick 1.7.0
google-apis-core 0.5.0
google-apis-androidpublisher_v3 0.21.0
google-apis-playcustomapp_v1 0.7.0
google-apis-iamcredentials_v1 0.10.0
google-apis-storage_v1 0.14.0
google-cloud-env 1.6.0
google-cloud-errors 1.2.0
google-cloud-core 1.6.0
google-cloud-storage 1.36.2
mini_magick 4.11.0
naturally 2.2.1
optparse 0.1.1
plist 3.6.0
rubyzip 2.3.2
security 0.1.3
simctl 1.6.8
terminal-notifier 2.0.0
unicode-display_width 1.8.0
terminal-table 1.8.0
tty-screen 0.8.1
tty-cursor 0.7.1
tty-spinner 0.9.3
word_wrap 1.0.0
rouge 2.0.7
xcpretty 0.3.0
xcpretty-travis-formatter 1.0.1
fastlane-plugin-versioning_android 0.1.0

generated on: 2022-06-11

I also just ran into this.

In addition, setting a custom default keychain removes the login keychain from the search list while the xcode build is running. It would be very useful if fastlane would keep the login keychain in the search list while running, so that Swift Package Manager could still get passwords from it, it does this for non-git authenticated hosts.

ezoic increase your site revenue