0

Currently I am using fastlane to build an iOS app on a local gitlab runner.

Here is the part of the script my question is focused on:

    - bundle exec fastlane cert -u ${ENTERPRISE_APPLE_ID}
    - bundle exec fastlane sigh -a ${PROVISIONING_PROFILE_IDENTIFIER} username:${ENTERPRISE_APPLE_ID}
    - bundle exec fastlane gym --clean --export_method enterprise --output_name "APP-${TAG}"

There is a lot of answers on this site related to fastlane and authentication such as this but they mostly focus on App Store Connect, not enterprise accounts. Currently I am following the suggestions from the fastlane docs about storing a session on my ci machine.

The problem is after a month the session expires and the fastlane command keeps trying to auth via two factor leading to me being temporarily locked out of my account for too many attempts within 24 hours. See below for the CI logs.

18:27:18]: Starting login with user 'my@apple.id'
Available session is not valid any more. Continuing with normal login.
Session loaded from environment variable is not valid. Continuing with normal login.
Two-factor Authentication (6 digits code) is enabled for account 'my@apple.id'
More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915
If you're running this in a non-interactive session (e.g. server or CI)
check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
Please enter the 6 digit code you received at +1 (•••) •••-••14:
Requesting session...
Error: Incorrect verification code
Please enter the 6 digit code you received at +1 (•••) •••-••14:
Requesting session...
Error: Incorrect verification code
Please enter the 6 digit code you received at +1 (•••) •••-••14:
Requesting session...

My question is: is it possible to tell if this command is requiring user input so I can just exit the command and then manually refresh the session?

danielsmith1789
  • 1,056
  • 1
  • 12
  • 25
  • You could probably script it with `expect` or something, but that just feels wrong. The best solution would be if the command had an option to abort if the session expires. – tripleee Nov 15 '21 at 20:33

1 Answers1

1

Noninteractive mode in Fastlane

Set the environment variable SPACESHIP_ONLY_ALLOW_INTERACTIVE_2FA to true which will only allow 2FA prompt in an interactive environment. Additionally, set FASTLANE_IS_INTERACTIVE to false to tell fastlane that you can't interact with it.

variables:
  SPACESHIP_ONLY_ALLOW_INTERACTIVE_2FA: "true"
  FASTLANE_IS_INTERACTIVE: "false"

The combination of these environment variables should cause an error to be raised instead of prompting for 2FA.

See:

Dealing with interactive prompts generically

But to answer the more generic question: 'can you exit a program if it is awaiting input'.

As far as I know, you can't generically determine if a program is reading stdin or not. However, one way to do this might be able to do this is to look at the stdout of the command for the text of the input prompt. In your case, you may look for the text Please enter the 6 digit code and bail out if it's found.

So a bash script for that might look something like this:

prompt="Please enter the 6 digit code"
program_that_might_prompt_for_input > output.txt 2>&1  &
command_pid=$!
sleep 5 # probably a more elegant way to do this
output="$(cat output.txt)"
if grep -q "$prompt" <<< "$output"; then
  echo '2FA prompt detected. bailing.' > /dev/stderr
  kill $command_pid  # if you need to
  exit 1
fi
wait # wait for command to finish
# rest of script
sytech
  • 29,298
  • 3
  • 45
  • 86
  • 1
    Great suggestion on Fastlane - I updated the script. I am going to mark as accepted because you solved my issue. This is a case of the XY problem for sure. Still leaving the question up as there might be value in determining if a script is awaiting input from stdin. – danielsmith1789 Nov 15 '21 at 22:41