starred/App-Store-Connect-CLI
1
0
Fork 0
mirror of https://github.com/rudrankriyam/App-Store-Connect-CLI.git synced 2026-04-25 15:45:48 +03:00
Code Issues 2 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #565] Profiles: add local install/list/cleanup commands for provisioning profiles #156

New issue
Closed
opened 2026-02-26 21:33:49 +03:00 by kerem · 0 comments
kerem commented 2026-02-26 21:33:49 +03:00
Owner
Copy link

Originally created by @rudrankriyam on GitHub (Feb 16, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/565

Summary

Add first-class commands for local provisioning profile management:

  • install .mobileprovision files into the standard Xcode location
  • list installed profiles with parsed metadata
  • clean up expired / unwanted profiles with safe, non-interactive semantics

This is explicitly about local disk state, not App Store Connect API resources.

Why this matters

Provisioning profiles are frequently the hidden source of build/signing failures:

  • CI machines need repeatable profile installation (no Xcode UI steps).
  • Developers end up with stale/expired profiles that cause confusing signing resolution.
  • A deterministic, inspectable local profile inventory is valuable for agents (preflight + remediation).

Current state (verified)

  • asc profiles download --id "PROFILE_ID" --output "./profile.mobileprovision" exists.
  • asc signing fetch writes .mobileprovision files into an output directory.
  • There is no asc profiles install or any command that targets:
    • ~/Library/MobileDevice/Provisioning Profiles/
    • local listing/cleanup of installed profiles

Proposed UX

Introduce a local subcommand group to avoid ambiguity with API-backed profiles list/get/...:

  • asc profiles local install
  • asc profiles local list
  • asc profiles local clean

Install

# Install a downloaded profile file
asc profiles local install --path "./MyProfile.mobileprovision"

# Download from ASC then install (single step)
asc profiles local install --id "PROFILE_ID"

# Replace existing installed profile (explicit)
asc profiles local install --path "./MyProfile.mobileprovision" --force

List

asc profiles local list --output json
asc profiles local list --bundle-id "com.example.app" --output table
asc profiles local list --expired --output json

Clean

# Show plan only
asc profiles local clean --expired --dry-run

# Actually delete expired profiles
asc profiles local clean --expired --confirm

Flags (proposal)

Shared:

  • --output json|table|markdown (default json)
  • --pretty

install:

  • --path local .mobileprovision path (optional if --id is used)
  • --id profile ID to download then install (optional if --path is used)
  • --install-dir override install directory (default: ~/Library/MobileDevice/Provisioning Profiles)
  • --force overwrite if the target UUID already exists (default false)

list:

  • --install-dir (same default)
  • --bundle-id filter (best-effort; derived from entitlements)
  • --team-id filter
  • --expired show only expired

clean:

  • --install-dir
  • --expired (phase 1)
  • --dry-run show deletions without mutating disk
  • --confirm required for deletion

Behavior requirements

  • No interactive prompts.
  • Install uses the canonical filename convention: <UUID>.mobileprovision.
  • Safe file operations:
    • refuse to follow symlinks in the install dir
    • refuse overwrite by default; require --force
    • write atomically where possible
  • Non-darwin behavior:
    • if --install-dir is not provided and OS is not macOS, return a clear, deterministic error
    • if --install-dir is provided, allow operation (useful for CI/tests), but document that the default path is macOS-specific

Parsing requirements

To support list/filtering and correct install naming, parse .mobileprovision:

  • decode CMS/PKCS7 container
  • extract embedded plist
  • parse key fields:
    • UUID, Name, TeamIdentifier, ExpirationDate, CreationDate
    • best-effort derive bundle id / application identifier from Entitlements

Implementation should not require Keychain UI.

Output model

Install

Return a structured summary:

  • uuid, name, teamId, expiresAt
  • source (path or profile ID)
  • installedPath
  • action: installed, replaced, already_present, skipped

List

Return an array of installed profiles with the parsed metadata above + the on-disk path.

Clean

Return:

  • deleted[] (paths + uuid/name)
  • skipped[] (reason)
  • counts

Detailed implementation plan (TDD-first)

  • Add profiles local subcommand group under internal/cli/profiles/.
  • Implement profile parsing helper (CMS -> plist -> struct). Prefer a pure-Go approach so tests can run cross-platform.
    • Use howett.net/plist (already in repo) for plist decode.
    • Use a small PKCS7/CMS decoder dependency or equivalent.
  • Implement install:
    • validate input
    • parse UUID
    • compute destination path
    • write securely (--force gating)
  • Implement list:
    • scan install dir
    • parse each profile
    • apply filters
    • deterministic ordering (e.g., by expiration date, then UUID)
  • Implement clean:
    • build deletion plan
    • --dry-run prints plan
    • --confirm required to delete
  • Add cmdtests:
    • install writes <UUID>.mobileprovision into --install-dir temp dir
    • list returns deterministic JSON and supports filters
    • clean requires --confirm and respects --dry-run

Acceptance criteria

  • asc profiles local install|list|clean --help exists and is self-documenting.
  • Installs profiles with safe defaults (no overwrite unless --force).
  • Deletions require --confirm.
  • Outputs are deterministic and JSON-first.
  • make test passes with new cmdtest coverage.
Originally created by @rudrankriyam on GitHub (Feb 16, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/565 ## Summary Add first-class commands for **local** provisioning profile management: - install `.mobileprovision` files into the standard Xcode location - list installed profiles with parsed metadata - clean up expired / unwanted profiles with safe, non-interactive semantics This is explicitly about **local disk state**, not App Store Connect API resources. ## Why this matters Provisioning profiles are frequently the hidden source of build/signing failures: - CI machines need repeatable profile installation (no Xcode UI steps). - Developers end up with stale/expired profiles that cause confusing signing resolution. - A deterministic, inspectable local profile inventory is valuable for agents (preflight + remediation). ## Current state (verified) - `asc profiles download --id "PROFILE_ID" --output "./profile.mobileprovision"` exists. - `asc signing fetch` writes `.mobileprovision` files into an output directory. - There is no `asc profiles install` or any command that targets: - `~/Library/MobileDevice/Provisioning Profiles/` - local listing/cleanup of installed profiles ## Proposed UX Introduce a `local` subcommand group to avoid ambiguity with API-backed `profiles list/get/...`: - `asc profiles local install` - `asc profiles local list` - `asc profiles local clean` ### Install ```bash # Install a downloaded profile file asc profiles local install --path "./MyProfile.mobileprovision" # Download from ASC then install (single step) asc profiles local install --id "PROFILE_ID" # Replace existing installed profile (explicit) asc profiles local install --path "./MyProfile.mobileprovision" --force ``` ### List ```bash asc profiles local list --output json asc profiles local list --bundle-id "com.example.app" --output table asc profiles local list --expired --output json ``` ### Clean ```bash # Show plan only asc profiles local clean --expired --dry-run # Actually delete expired profiles asc profiles local clean --expired --confirm ``` ## Flags (proposal) Shared: - `--output json|table|markdown` (default json) - `--pretty` `install`: - `--path` local `.mobileprovision` path (optional if `--id` is used) - `--id` profile ID to download then install (optional if `--path` is used) - `--install-dir` override install directory (default: `~/Library/MobileDevice/Provisioning Profiles`) - `--force` overwrite if the target UUID already exists (default false) `list`: - `--install-dir` (same default) - `--bundle-id` filter (best-effort; derived from entitlements) - `--team-id` filter - `--expired` show only expired `clean`: - `--install-dir` - `--expired` (phase 1) - `--dry-run` show deletions without mutating disk - `--confirm` required for deletion ## Behavior requirements - **No interactive prompts**. - Install uses the canonical filename convention: `<UUID>.mobileprovision`. - Safe file operations: - refuse to follow symlinks in the install dir - refuse overwrite by default; require `--force` - write atomically where possible - Non-darwin behavior: - if `--install-dir` is not provided and OS is not macOS, return a clear, deterministic error - if `--install-dir` is provided, allow operation (useful for CI/tests), but document that the default path is macOS-specific ## Parsing requirements To support list/filtering and correct install naming, parse `.mobileprovision`: - decode CMS/PKCS7 container - extract embedded plist - parse key fields: - `UUID`, `Name`, `TeamIdentifier`, `ExpirationDate`, `CreationDate` - best-effort derive bundle id / application identifier from `Entitlements` Implementation should not require Keychain UI. ## Output model ### Install Return a structured summary: - `uuid`, `name`, `teamId`, `expiresAt` - `source` (path or profile ID) - `installedPath` - `action`: `installed`, `replaced`, `already_present`, `skipped` ### List Return an array of installed profiles with the parsed metadata above + the on-disk path. ### Clean Return: - `deleted[]` (paths + uuid/name) - `skipped[]` (reason) - counts ## Detailed implementation plan (TDD-first) - [ ] Add `profiles local` subcommand group under `internal/cli/profiles/`. - [ ] Implement profile parsing helper (CMS -> plist -> struct). Prefer a pure-Go approach so tests can run cross-platform. - Use `howett.net/plist` (already in repo) for plist decode. - Use a small PKCS7/CMS decoder dependency or equivalent. - [ ] Implement install: - validate input - parse UUID - compute destination path - write securely (`--force` gating) - [ ] Implement list: - scan install dir - parse each profile - apply filters - deterministic ordering (e.g., by expiration date, then UUID) - [ ] Implement clean: - build deletion plan - `--dry-run` prints plan - `--confirm` required to delete - [ ] Add cmdtests: - install writes `<UUID>.mobileprovision` into `--install-dir` temp dir - list returns deterministic JSON and supports filters - clean requires `--confirm` and respects `--dry-run` ## Acceptance criteria - [ ] `asc profiles local install|list|clean --help` exists and is self-documenting. - [ ] Installs profiles with safe defaults (no overwrite unless `--force`). - [ ] Deletions require `--confirm`. - [ ] Outputs are deterministic and JSON-first. - [ ] `make test` passes with new cmdtest coverage.
kerem closed this issue 2026-02-26 21:33:49 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.1
1.1.0
1.0.1
1.0.0
0.49.1
0.49.0
0.48.1
0.48.0
0.47.1
0.47.0
0.46.2
0.46.1
0.46.0
0.45.4
0.45.3
0.45.2
0.45.1
0.45.0
0.44.2
0.44.1
0.44.0
0.43.0
0.42.0
0.41.4
0.41.3
0.41.2
0.41.1
0.41.0
0.40.1
0.40.0
0.39.1
0.39.0
0.38.3
0.38.2
0.38.1
0.38.0
0.37.3
0.37.2
0.37.1
0.37.0
0.36.3
0.36.2
0.36.1
0.36.0
0.35.3
0.35.2
0.35.1
0.35.0
0.34.1
0.34.0
0.33.2
0.33.1
0.33.0
0.32.0
0.31.3
0.31.2
0.31.1
0.31.0
0.30.0
0.29.3
0.29.2
0.29.1
0.29.0
0.28.14
0.28.13
0.28.12
0.28.11
0.28.10
0.28.9
0.28.8
0.28.7
0.28.6
0.28.5
0.28.4
0.28.3
0.28.2
0.28.1
0.28.0
0.27.0
0.26.4
0.26.3
0.26.2
0.26.1
0.26.0
0.25.4
0.25.3
0.25.1
0.25.0
0.24.3
0.24.2
0.24.1
0.24.0
0.23.5
0.23.4
0.23.3
0.23.2
0.23.1
0.23.0
0.22.1
0.22.0
0.21.0
0.20.2
0.20.1
0.20.0
0.19.3
0.19.2
0.19.1
0.19.0
0.18.2
0.18.1
0.18.0
0.17.0
0.16.0
0.15.0
0.14.0
0.13.0
0.12.4
0.12.3
0.12.2
0.12.1
0.12.0
0.11.0
0.10.2
0.10.1
0.10.0
0.9.0
0.8.1
0.8.0
0.7.0
0.6.0
0.5.0
0.3.1
0.3.0
0.2.0
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
Labels
Clear labels   
bug

   
bug

   
documentation

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
documentation
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/App-Store-Connect-CLI#156
No description provided.