feat: signing and provisioning #27
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Regenerate OpenAPI clients for AppsAPI, ProvisioningAPI, and TestflightAPI with latest schema updates. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add async/await support to API layers - Update CLI commands with proper actor isolation - Fix JWT provider for async credential handling - Update existing domain stages for concurrency safety Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
altool is deprecated in favor of App Store Connect API. All uploads now use the API-based uploader. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement App Store Connect provisioning APIs: - Device registration and listing - Certificate creation, listing, and revocation - Provisioning profile creation, listing, and deletion - Bundle ID lookup Add supporting types: - Platform enum (ios, macos, tvos, catalyst) - CertificateType and ProfileType enums - Device, Certificate, Profile data models - Protocols for dependency injection Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- FileEncrypter: AES-256-GCM encryption with PBKDF2 key derivation - OpenSSLCertificateGenerator: CSR and P12 generation via openssl P12 files are protected with user-provided passphrase for secure keychain import. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Coordinates provisioning operations: - Ensures valid certificates exist in storage and Developer Portal - Creates/regenerates provisioning profiles with proper devices - Stores encrypted P12 files in git-managed storage - Supports force regeneration and optional push to remote Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Blimp.Maintenance provides high-level operations: - Device registration and listing - Certificate generation, listing, and revocation - Profile sync, listing, and removal - Local storage initialization with optional remote Supports secure passphrase handling via environment variable (BLIMP_PASSPHRASE) for CI or interactive prompt. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New commands under 'blimp maintenance': - init: Initialize local storage - set-remote: Configure remote git repository - register-device: Register device in Developer Portal - list-devices: List registered devices - generate-cert: Generate and store certificate - revoke-cert: Revoke certificate by name - list-certs: List certificates - sync: Sync profiles for bundle IDs - list-profiles: List provisioning profiles - remove-profile: Remove profile by name CLI improvements: - Human-readable enum values (ios, development, appstore) - Secure passphrase input with BLIMP_PASSPHRASE env support - Optional --push flag (disabled by default) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- ProvisioningAPITests: API layer tests with mocks - ProvisioningCoordinatorTests: Sync logic tests - FileEncrypterTests: Encryption round-trip tests - Update existing tests for Swift 6 concurrency Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update Package.swift for Swift 6 and Gito dependency - Add VSCode launch configuration - Add CLAUDE.md project documentation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use lowercase case names (ios, macos, tvos, catalyst) to match CLI argument format. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive certificate and provisioning profile management capabilities to Blimp, implementing a "match-like" workflow for iOS/macOS development. The changes enable managing signing certificates, provisioning profiles, and devices through both CLI commands and BlimpKit, with encrypted Git storage.
Changes:
- Implements full provisioning workflow: device registration, certificate generation/revocation, and profile management
- Adds encrypted Git storage for certificates and profiles using AES-256-GCM
- Introduces 9 new CLI commands under
blimp maintenancesubcommand - Updates OpenAPI configurations to use idiomatic naming strategy
- Removes deprecated AltoolUploader implementation
- Adds comprehensive test coverage for new provisioning features
Reviewed changes
Copilot reviewed 53 out of 60 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| Sources/Domain/BlimpKit/Stages/1_Maintenance.swift | Implements core provisioning management functionality with device, certificate, and profile operations |
| Sources/Domain/BlimpKit/ProvisioningCoordinator.swift | Orchestrates sync workflow for certificates and profiles with Git storage |
| Sources/Domain/BlimpKit/Encryption/FileEncrypter.swift | Implements AES-256-GCM encryption with PBKDF2 key derivation for secure file storage |
| Sources/Domain/BlimpKit/Encryption/OpenSSLCertificateGenerator.swift | Generates CSRs and P12 files using OpenSSL commands |
| Sources/API/ProvisioningAPI/ProvisioningAPI.swift | Complete implementation of Apple Developer Portal provisioning API with pagination support |
| Sources/API/ProvisioningAPI/ProvisioningProtocols.swift | Defines service protocols for encryption, certificate generation, and provisioning |
| Sources/CLI/BlimpCLI/Subcommands/Maintenance/* | New CLI commands for device, certificate, and profile management |
| Sources/CLI/BlimpCLI/CLITypes.swift | Shared CLI utilities including passphrase resolution and type conversions |
| Tests/Domain/BlimpKit/ProvisioningCoordinatorTests.swift | Test coverage for sync workflows including fresh, existing, and force scenarios |
| Package.swift | Updates Swift tools version to 6.2 and adds Gito dependency |
| CLAUDE.md | Development guide for modern Swift 6 CLI patterns and concurrency |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sources/Domain/BlimpKit/Encryption/OpenSSLCertificateGenerator.swift
Outdated
Show resolved
Hide resolved
Sources/Domain/BlimpKit/Encryption/OpenSSLCertificateGenerator.swift
Outdated
Show resolved
Hide resolved
havebeenfitz
force-pushed
the
feature/provisioning-signing
branch
from
b7f3bf0 to
8717239
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 53 out of 60 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Sources/CLI/BlimpCLI/Subcommands/Maintenance/Subcommands/Certs/GenerateCertificate.swift
Fixed
Show fixed
Hide fixed
Sources/CLI/BlimpCLI/Subcommands/Maintenance/Subcommands/Certs/GenerateCertificate.swift
Fixed
Show fixed
Hide fixed
Sources/CLI/BlimpCLI/Subcommands/Maintenance/Subcommands/Certs/ListCertificates.swift
Dismissed
Show dismissed
Hide dismissed
Sources/CLI/BlimpCLI/Subcommands/Maintenance/Subcommands/Certs/ListCertificates.swift
Dismissed
Show dismissed
Hide dismissed
Sources/CLI/BlimpCLI/Subcommands/Maintenance/Subcommands/Certs/ListCertificates.swift
Dismissed
Show dismissed
Hide dismissed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Full cert/provisioning management feature
Usable from both blimp CLI and blimp kit.
CLAUDE.md was left in git intentionally.
Full list of implemented commands:
Closes:
#15
#16