[GH-ISSUE #733] feat(signing): Phase 1 Git-backed encrypted readonly sync (match-style MVP) #201

New issue

Closed

opened 2026-02-26 21:33:59 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:33:59 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Feb 23, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/733

Problem

asc has strong API-level signing commands (certificates, profiles, devices, signing fetch), but it does not yet provide the core fastlane match value: team-wide, shared, encrypted signing state with one-command sync.

Without this, teams still do manual signing bootstrapping per machine/CI runner and risk configuration drift.

Phase 1 Goal

Ship a Git-backed, encrypted, readonly signing sync MVP that can bootstrap a machine/CI runner from an existing signing repository.

Proposed CLI (Phase 1)

asc signing sync \
  --bundle-id com.example.app \
  --profile-type IOS_APP_STORE \
  --git-url "git@github.com:org/signing.git" \
  --git-branch main \
  --readonly \
  --passphrase-env ASC_SIGNING_PASSPHRASE \
  --output ./signing

Optional flags for local profile installation:

• --install-profiles (bool)
• --install-dir (defaults to macOS provisioning profiles dir)

Scope

1. Add asc signing sync command (readonly path only).
2. Implement Git storage adapter for pull/checkout of signing repo.
3. Implement encrypted store read/decrypt layer for signing artifacts.
4. Resolve matching profile + certificates from decrypted store for requested bundle/profile type.
5. Materialize files to --output and optionally install provisioning profile locally.
6. Emit deterministic JSON/table/markdown summary output.

Implementation Notes

• Keep CLI non-interactive.
• Require passphrase via env variable/flag indirection (--passphrase-env) rather than prompt.
• Use explicit long flags only.
• Use shared.ContextWithTimeout for network operations.
• Keep filesystem operations symlink-safe and non-overwriting by default.

Suggested package boundaries:

• internal/cli/signing/sync.go (command + orchestration)
• internal/signing/store/git (clone/pull/branch handling)
• internal/signing/crypto (decrypt read path)
• internal/signing/reconcile (artifact matching)

Test Plan (TDD)

• Command validation tests:
  • missing required flags -> exit code 2
  • invalid profile type -> exit code 2
• Git adapter tests:
  • clone/read branch success path
  • missing branch/auth failure errors are actionable
• Crypto tests:
  • decrypt success
  • wrong passphrase error path
• Sync tests:
  • deterministic output ordering
  • no file overwrite without explicit force mode
• Local install tests:
  • profile install path handling on macOS
  • non-macOS requires explicit --install-dir

Always run:

• make format
• make lint
• ASC_BYPASS_KEYCHAIN=1 make test

Acceptance Criteria

• asc signing sync exists and is documented in --help.
• Readonly sync works end-to-end from existing Git encrypted signing repo.
• Outputs include profile/certificate IDs and local file paths.
• No interactive prompts.
• Validation errors return exit code 2.
• Tests and lint/format pass.

Out of Scope (Phase 2+)

• Creating missing profiles/certificates.
• Pushing changes back to Git.
• Non-Git backends (S3/GCS/GitLab).
• Keychain certificate (.p12) installation.

Originally created by @rudrankriyam on GitHub (Feb 23, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/733 ## Problem `asc` has strong API-level signing commands (`certificates`, `profiles`, `devices`, `signing fetch`), but it does not yet provide the core `fastlane match` value: **team-wide, shared, encrypted signing state with one-command sync**. Without this, teams still do manual signing bootstrapping per machine/CI runner and risk configuration drift. ## Phase 1 Goal Ship a **Git-backed, encrypted, readonly signing sync** MVP that can bootstrap a machine/CI runner from an existing signing repository. ## Proposed CLI (Phase 1) ~~~bash asc signing sync \ --bundle-id com.example.app \ --profile-type IOS_APP_STORE \ --git-url "git@github.com:org/signing.git" \ --git-branch main \ --readonly \ --passphrase-env ASC_SIGNING_PASSPHRASE \ --output ./signing ~~~ Optional flags for local profile installation: - `--install-profiles` (bool) - `--install-dir` (defaults to macOS provisioning profiles dir) ## Scope 1. Add `asc signing sync` command (readonly path only). 2. Implement Git storage adapter for pull/checkout of signing repo. 3. Implement encrypted store read/decrypt layer for signing artifacts. 4. Resolve matching profile + certificates from decrypted store for requested bundle/profile type. 5. Materialize files to `--output` and optionally install provisioning profile locally. 6. Emit deterministic JSON/table/markdown summary output. ## Implementation Notes - Keep CLI non-interactive. - Require passphrase via env variable/flag indirection (`--passphrase-env`) rather than prompt. - Use explicit long flags only. - Use `shared.ContextWithTimeout` for network operations. - Keep filesystem operations symlink-safe and non-overwriting by default. Suggested package boundaries: - `internal/cli/signing/sync.go` (command + orchestration) - `internal/signing/store/git` (clone/pull/branch handling) - `internal/signing/crypto` (decrypt read path) - `internal/signing/reconcile` (artifact matching) ## Test Plan (TDD) - Command validation tests: - missing required flags -> exit code `2` - invalid profile type -> exit code `2` - Git adapter tests: - clone/read branch success path - missing branch/auth failure errors are actionable - Crypto tests: - decrypt success - wrong passphrase error path - Sync tests: - deterministic output ordering - no file overwrite without explicit force mode - Local install tests: - profile install path handling on macOS - non-macOS requires explicit `--install-dir` Always run: - `make format` - `make lint` - `ASC_BYPASS_KEYCHAIN=1 make test` ## Acceptance Criteria - [ ] `asc signing sync` exists and is documented in `--help`. - [ ] Readonly sync works end-to-end from existing Git encrypted signing repo. - [ ] Outputs include profile/certificate IDs and local file paths. - [ ] No interactive prompts. - [ ] Validation errors return exit code `2`. - [ ] Tests and lint/format pass. ## Out of Scope (Phase 2+) - Creating missing profiles/certificates. - Pushing changes back to Git. - Non-Git backends (S3/GCS/GitLab). - Keychain certificate (`.p12`) installation.

kerem 2026-02-26 21:33:59 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-02-26 21:33:59 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Feb 26, 2026):

Closing for now due scope/priority. We can reopen when this work is prioritized again.

<!-- gh-comment-id:3964494476 --> @rudrankriyam commented on GitHub (Feb 26, 2026): Closing for now due scope/priority. We can reopen when this work is prioritized again.

kerem referenced this issue 2026-02-26 21:34:47 +03:00

[PR #216] [MERGED] Add app tags CLI support #360

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#201

No description provided.