Merge pull request #1364 from jbennett/manage-secrets
Generalize handling of secrets and keys
This commit is contained in:
commit
748f4e64d3
|
@ -69,3 +69,7 @@ fastlane/Preview.html
|
||||||
fastlane/screenshots
|
fastlane/screenshots
|
||||||
fastlane/test_output
|
fastlane/test_output
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/Shared/Secrets.swift
|
||||||
|
*.py[cod]
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
objects = {
|
objects = {
|
||||||
|
|
||||||
/* Begin PBXBuildFile section */
|
/* Begin PBXBuildFile section */
|
||||||
|
3B3A33E7238D3D6800314204 /* Secrets.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B3A33E6238D3D6800314204 /* Secrets.swift */; };
|
||||||
3B826DA72385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826D9E2385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift */; };
|
3B826DA72385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826D9E2385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift */; };
|
||||||
3B826DA82385C81C00FC1ADB /* FeedWranglerFeedItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826D9F2385C81C00FC1ADB /* FeedWranglerFeedItem.swift */; };
|
3B826DA82385C81C00FC1ADB /* FeedWranglerFeedItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826D9F2385C81C00FC1ADB /* FeedWranglerFeedItem.swift */; };
|
||||||
3B826DA92385C81C00FC1ADB /* FeedWranglerAPICaller.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826DA02385C81C00FC1ADB /* FeedWranglerAPICaller.swift */; };
|
3B826DA92385C81C00FC1ADB /* FeedWranglerAPICaller.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3B826DA02385C81C00FC1ADB /* FeedWranglerAPICaller.swift */; };
|
||||||
|
@ -219,6 +220,7 @@
|
||||||
/* End PBXContainerItemProxy section */
|
/* End PBXContainerItemProxy section */
|
||||||
|
|
||||||
/* Begin PBXFileReference section */
|
/* Begin PBXFileReference section */
|
||||||
|
3B3A33E6238D3D6800314204 /* Secrets.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; name = Secrets.swift; path = ../../Shared/Secrets.swift; sourceTree = "<group>"; };
|
||||||
3B826D9E2385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerAuthorizationResult.swift; sourceTree = "<group>"; };
|
3B826D9E2385C81C00FC1ADB /* FeedWranglerAuthorizationResult.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerAuthorizationResult.swift; sourceTree = "<group>"; };
|
||||||
3B826D9F2385C81C00FC1ADB /* FeedWranglerFeedItem.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerFeedItem.swift; sourceTree = "<group>"; };
|
3B826D9F2385C81C00FC1ADB /* FeedWranglerFeedItem.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerFeedItem.swift; sourceTree = "<group>"; };
|
||||||
3B826DA02385C81C00FC1ADB /* FeedWranglerAPICaller.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerAPICaller.swift; sourceTree = "<group>"; };
|
3B826DA02385C81C00FC1ADB /* FeedWranglerAPICaller.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FeedWranglerAPICaller.swift; sourceTree = "<group>"; };
|
||||||
|
@ -563,6 +565,7 @@
|
||||||
848934EC1F62484F00CEBD24 = {
|
848934EC1F62484F00CEBD24 = {
|
||||||
isa = PBXGroup;
|
isa = PBXGroup;
|
||||||
children = (
|
children = (
|
||||||
|
3B3A33E6238D3D6800314204 /* Secrets.swift */,
|
||||||
848935101F62486800CEBD24 /* Account.swift */,
|
848935101F62486800CEBD24 /* Account.swift */,
|
||||||
841974241F6DDCE4006346C4 /* AccountDelegate.swift */,
|
841974241F6DDCE4006346C4 /* AccountDelegate.swift */,
|
||||||
51BB7B83233531BC008E8144 /* AccountBehaviors.swift */,
|
51BB7B83233531BC008E8144 /* AccountBehaviors.swift */,
|
||||||
|
@ -773,10 +776,8 @@
|
||||||
buildConfigurationList = 8489350A1F62485000CEBD24 /* Build configuration list for PBXNativeTarget "Account" */;
|
buildConfigurationList = 8489350A1F62485000CEBD24 /* Build configuration list for PBXNativeTarget "Account" */;
|
||||||
buildPhases = (
|
buildPhases = (
|
||||||
9E964EBB2375512300A7AF2E /* Run Script: Update OAuthAuthorizationClient+Feedly.swift */,
|
9E964EBB2375512300A7AF2E /* Run Script: Update OAuthAuthorizationClient+Feedly.swift */,
|
||||||
3B826DCF2385CE1B00FC1ADB /* Run Script: Update FeedWranglerConfig.swift */,
|
|
||||||
848934F11F62484F00CEBD24 /* Sources */,
|
848934F11F62484F00CEBD24 /* Sources */,
|
||||||
9E964EBC2375517100A7AF2E /* Run Script: Reset OAuthAuthorizationClient+Feedly.swift */,
|
9E964EBC2375517100A7AF2E /* Run Script: Reset OAuthAuthorizationClient+Feedly.swift */,
|
||||||
3B826DD02385CE9500FC1ADB /* Run Script: Reset FeedWranglerConfig.swift */,
|
|
||||||
848934F21F62484F00CEBD24 /* Frameworks */,
|
848934F21F62484F00CEBD24 /* Frameworks */,
|
||||||
848934F31F62484F00CEBD24 /* Headers */,
|
848934F31F62484F00CEBD24 /* Headers */,
|
||||||
848934F41F62484F00CEBD24 /* Resources */,
|
848934F41F62484F00CEBD24 /* Resources */,
|
||||||
|
@ -931,42 +932,6 @@
|
||||||
/* End PBXResourcesBuildPhase section */
|
/* End PBXResourcesBuildPhase section */
|
||||||
|
|
||||||
/* Begin PBXShellScriptBuildPhase section */
|
/* Begin PBXShellScriptBuildPhase section */
|
||||||
3B826DCF2385CE1B00FC1ADB /* Run Script: Update FeedWranglerConfig.swift */ = {
|
|
||||||
isa = PBXShellScriptBuildPhase;
|
|
||||||
buildActionMask = 2147483647;
|
|
||||||
files = (
|
|
||||||
);
|
|
||||||
inputFileListPaths = (
|
|
||||||
);
|
|
||||||
inputPaths = (
|
|
||||||
);
|
|
||||||
name = "Run Script: Update FeedWranglerConfig.swift";
|
|
||||||
outputFileListPaths = (
|
|
||||||
);
|
|
||||||
outputPaths = (
|
|
||||||
);
|
|
||||||
runOnlyForDeploymentPostprocessing = 0;
|
|
||||||
shellPath = /bin/sh;
|
|
||||||
shellScript = "FAILED=false\n\nif [ -z \"${FEED_WRANGLER_KEY}\" ]; then\nFAILED=true\nfi\n\nif [ \"$FAILED\" = true ]; then\necho \"Missing Feed Wrangler Key. FeedWranglerConfig.swift not changed.\"\nexit 0\nfi\n\nsed -i .tmp \"s|{FEEDWRANGLERKEY}|${FEED_WRANGLER_KEY}|g; s|{FEEDWRANGLERKEY}|${FEED_WRANGLER_KEY}|g\" \"${SRCROOT}/FeedWrangler/FeedWranglerConfig.swift\"\n\nrm -f \"${SRCROOT}/FeedWrangler/FeedWranglerConfig.swift.tmp\"\n\necho \"All Feed Wrangler env values found!\"\n\n";
|
|
||||||
};
|
|
||||||
3B826DD02385CE9500FC1ADB /* Run Script: Reset FeedWranglerConfig.swift */ = {
|
|
||||||
isa = PBXShellScriptBuildPhase;
|
|
||||||
buildActionMask = 2147483647;
|
|
||||||
files = (
|
|
||||||
);
|
|
||||||
inputFileListPaths = (
|
|
||||||
);
|
|
||||||
inputPaths = (
|
|
||||||
);
|
|
||||||
name = "Run Script: Reset FeedWranglerConfig.swift";
|
|
||||||
outputFileListPaths = (
|
|
||||||
);
|
|
||||||
outputPaths = (
|
|
||||||
);
|
|
||||||
runOnlyForDeploymentPostprocessing = 0;
|
|
||||||
shellPath = /bin/sh;
|
|
||||||
shellScript = "git checkout \"${SRCROOT}/FeedWrangler/FeedWranglerConfig.swift\"\n";
|
|
||||||
};
|
|
||||||
51C8F34C234FB14B0048ED95 /* Run Script: Verify No Build Settings */ = {
|
51C8F34C234FB14B0048ED95 /* Run Script: Verify No Build Settings */ = {
|
||||||
isa = PBXShellScriptBuildPhase;
|
isa = PBXShellScriptBuildPhase;
|
||||||
buildActionMask = 2147483647;
|
buildActionMask = 2147483647;
|
||||||
|
@ -1115,6 +1080,7 @@
|
||||||
9EAEC62823331C350085D7C9 /* FeedlyCategory.swift in Sources */,
|
9EAEC62823331C350085D7C9 /* FeedlyCategory.swift in Sources */,
|
||||||
3B826DAE2385C81C00FC1ADB /* FeedWranglerSubscriptionsRequest.swift in Sources */,
|
3B826DAE2385C81C00FC1ADB /* FeedWranglerSubscriptionsRequest.swift in Sources */,
|
||||||
9E964EB823754AC400A7AF2E /* OAuthAuthorizationClient+Feedly.swift in Sources */,
|
9E964EB823754AC400A7AF2E /* OAuthAuthorizationClient+Feedly.swift in Sources */,
|
||||||
|
3B3A33E7238D3D6800314204 /* Secrets.swift in Sources */,
|
||||||
9EF1B10923590E93000A486A /* FeedlyStreamIds.swift in Sources */,
|
9EF1B10923590E93000A486A /* FeedlyStreamIds.swift in Sources */,
|
||||||
84D09623217418DC00D77525 /* FeedbinTagging.swift in Sources */,
|
84D09623217418DC00D77525 /* FeedbinTagging.swift in Sources */,
|
||||||
84CAD7161FDF2E22000F0755 /* FeedbinEntry.swift in Sources */,
|
84CAD7161FDF2E22000F0755 /* FeedbinEntry.swift in Sources */,
|
||||||
|
|
|
@ -10,7 +10,7 @@ import Foundation
|
||||||
|
|
||||||
enum FeedWranglerConfig {
|
enum FeedWranglerConfig {
|
||||||
static let pageSize = 100
|
static let pageSize = 100
|
||||||
static let clientKey = "{FEEDWRANGLERKEY}" // Add FEED_WRANGLER_KEY = XYZ to SharedXcodeSettings/DeveloperSettings.xcconfig
|
static let clientKey = Secrets.feedWranglerKey // Add FEED_WRANGLER_KEY = XYZ to SharedXcodeSettings/DeveloperSettings.xcconfig
|
||||||
static let clientPath = "https://feedwrangler.net/api/v2/"
|
static let clientPath = "https://feedwrangler.net/api/v2/"
|
||||||
static let clientURL = {
|
static let clientURL = {
|
||||||
URL(string: FeedWranglerConfig.clientPath)!
|
URL(string: FeedWranglerConfig.clientPath)!
|
||||||
|
|
|
@ -2890,6 +2890,7 @@
|
||||||
isa = PBXNativeTarget;
|
isa = PBXNativeTarget;
|
||||||
buildConfigurationList = 849C647A1ED37A5D003D8FC0 /* Build configuration list for PBXNativeTarget "NetNewsWire" */;
|
buildConfigurationList = 849C647A1ED37A5D003D8FC0 /* Build configuration list for PBXNativeTarget "NetNewsWire" */;
|
||||||
buildPhases = (
|
buildPhases = (
|
||||||
|
3B3A341B238D3FB200314204 /* Run Script: Update Secrets */,
|
||||||
51D6803823330CFF0097A009 /* Run Script: Update ArticleExtractorConfig.swift */,
|
51D6803823330CFF0097A009 /* Run Script: Update ArticleExtractorConfig.swift */,
|
||||||
849C645C1ED37A5D003D8FC0 /* Sources */,
|
849C645C1ED37A5D003D8FC0 /* Sources */,
|
||||||
517D2D82233A53D600FF3E35 /* Run Script: Reset ArticleExtractorConfig.swift */,
|
517D2D82233A53D600FF3E35 /* Run Script: Reset ArticleExtractorConfig.swift */,
|
||||||
|
@ -3509,6 +3510,24 @@
|
||||||
/* End PBXResourcesBuildPhase section */
|
/* End PBXResourcesBuildPhase section */
|
||||||
|
|
||||||
/* Begin PBXShellScriptBuildPhase section */
|
/* Begin PBXShellScriptBuildPhase section */
|
||||||
|
3B3A341B238D3FB200314204 /* Run Script: Update Secrets */ = {
|
||||||
|
isa = PBXShellScriptBuildPhase;
|
||||||
|
buildActionMask = 2147483647;
|
||||||
|
files = (
|
||||||
|
);
|
||||||
|
inputFileListPaths = (
|
||||||
|
);
|
||||||
|
inputPaths = (
|
||||||
|
);
|
||||||
|
name = "Run Script: Update Secrets";
|
||||||
|
outputFileListPaths = (
|
||||||
|
);
|
||||||
|
outputPaths = (
|
||||||
|
);
|
||||||
|
runOnlyForDeploymentPostprocessing = 0;
|
||||||
|
shellPath = /bin/sh;
|
||||||
|
shellScript = "./updateSecrets.sh\n\n";
|
||||||
|
};
|
||||||
515D50802326D02600EE1167 /* Run Script: Verify No Build Settings */ = {
|
515D50802326D02600EE1167 /* Run Script: Verify No Build Settings */ = {
|
||||||
isa = PBXShellScriptBuildPhase;
|
isa = PBXShellScriptBuildPhase;
|
||||||
buildActionMask = 2147483647;
|
buildActionMask = 2147483647;
|
||||||
|
|
|
@ -1,10 +1,28 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Scheme
|
<Scheme
|
||||||
LastUpgradeVersion = "0830"
|
LastUpgradeVersion = "0830"
|
||||||
version = "1.3">
|
version = "1.7">
|
||||||
<BuildAction
|
<BuildAction
|
||||||
parallelizeBuildables = "YES"
|
parallelizeBuildables = "YES"
|
||||||
buildImplicitDependencies = "YES">
|
buildImplicitDependencies = "YES">
|
||||||
|
<PreActions>
|
||||||
|
<ExecutionAction
|
||||||
|
ActionType = "Xcode.IDEStandardExecutionActionsCore.ExecutionActionType.ShellScriptAction">
|
||||||
|
<ActionContent
|
||||||
|
title = "Run Script"
|
||||||
|
scriptText = ""${PROJECT_DIR}/updateSecrets.sh" ">
|
||||||
|
<EnvironmentBuildable>
|
||||||
|
<BuildableReference
|
||||||
|
BuildableIdentifier = "primary"
|
||||||
|
BlueprintIdentifier = "65ED3FA2235DEF6C0081F399"
|
||||||
|
BuildableName = "NetNewsWire.app"
|
||||||
|
BlueprintName = "NetNewsWire MAS"
|
||||||
|
ReferencedContainer = "container:NetNewsWire.xcodeproj">
|
||||||
|
</BuildableReference>
|
||||||
|
</EnvironmentBuildable>
|
||||||
|
</ActionContent>
|
||||||
|
</ExecutionAction>
|
||||||
|
</PreActions>
|
||||||
<BuildActionEntries>
|
<BuildActionEntries>
|
||||||
<BuildActionEntry
|
<BuildActionEntry
|
||||||
buildForTesting = "YES"
|
buildForTesting = "YES"
|
||||||
|
|
|
@ -1,10 +1,28 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Scheme
|
<Scheme
|
||||||
LastUpgradeVersion = "1100"
|
LastUpgradeVersion = "1100"
|
||||||
version = "1.3">
|
version = "1.7">
|
||||||
<BuildAction
|
<BuildAction
|
||||||
parallelizeBuildables = "YES"
|
parallelizeBuildables = "YES"
|
||||||
buildImplicitDependencies = "YES">
|
buildImplicitDependencies = "YES">
|
||||||
|
<PreActions>
|
||||||
|
<ExecutionAction
|
||||||
|
ActionType = "Xcode.IDEStandardExecutionActionsCore.ExecutionActionType.ShellScriptAction">
|
||||||
|
<ActionContent
|
||||||
|
title = "Run Script"
|
||||||
|
scriptText = ""${PROJECT_DIR}/updateSecrets.sh" ">
|
||||||
|
<EnvironmentBuildable>
|
||||||
|
<BuildableReference
|
||||||
|
BuildableIdentifier = "primary"
|
||||||
|
BlueprintIdentifier = "840D617B2029031C009BC708"
|
||||||
|
BuildableName = "NetNewsWire.app"
|
||||||
|
BlueprintName = "NetNewsWire-iOS"
|
||||||
|
ReferencedContainer = "container:NetNewsWire.xcodeproj">
|
||||||
|
</BuildableReference>
|
||||||
|
</EnvironmentBuildable>
|
||||||
|
</ActionContent>
|
||||||
|
</ExecutionAction>
|
||||||
|
</PreActions>
|
||||||
<BuildActionEntries>
|
<BuildActionEntries>
|
||||||
<BuildActionEntry
|
<BuildActionEntry
|
||||||
buildForTesting = "YES"
|
buildForTesting = "YES"
|
||||||
|
|
|
@ -1,10 +1,28 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Scheme
|
<Scheme
|
||||||
LastUpgradeVersion = "1100"
|
LastUpgradeVersion = "1100"
|
||||||
version = "1.3">
|
version = "1.7">
|
||||||
<BuildAction
|
<BuildAction
|
||||||
parallelizeBuildables = "YES"
|
parallelizeBuildables = "YES"
|
||||||
buildImplicitDependencies = "YES">
|
buildImplicitDependencies = "YES">
|
||||||
|
<PreActions>
|
||||||
|
<ExecutionAction
|
||||||
|
ActionType = "Xcode.IDEStandardExecutionActionsCore.ExecutionActionType.ShellScriptAction">
|
||||||
|
<ActionContent
|
||||||
|
title = "Run Script"
|
||||||
|
scriptText = ""${PROJECT_DIR}/updateSecrets.sh" ">
|
||||||
|
<EnvironmentBuildable>
|
||||||
|
<BuildableReference
|
||||||
|
BuildableIdentifier = "primary"
|
||||||
|
BlueprintIdentifier = "849C645F1ED37A5D003D8FC0"
|
||||||
|
BuildableName = "NetNewsWire.app"
|
||||||
|
BlueprintName = "NetNewsWire"
|
||||||
|
ReferencedContainer = "container:NetNewsWire.xcodeproj">
|
||||||
|
</BuildableReference>
|
||||||
|
</EnvironmentBuildable>
|
||||||
|
</ActionContent>
|
||||||
|
</ExecutionAction>
|
||||||
|
</PreActions>
|
||||||
<BuildActionEntries>
|
<BuildActionEntries>
|
||||||
<BuildActionEntry
|
<BuildActionEntry
|
||||||
buildForTesting = "YES"
|
buildForTesting = "YES"
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
// Generated by Secrets.swift.gyb
|
||||||
|
%{
|
||||||
|
import os
|
||||||
|
|
||||||
|
secrets = ['FEED_WRANGLER_KEY']
|
||||||
|
|
||||||
|
def chunks(seq, size):
|
||||||
|
return (seq[i:(i + size)] for i in range(0, len(seq), size))
|
||||||
|
|
||||||
|
def encode(string, salt):
|
||||||
|
bytes = string.encode("UTF-8")
|
||||||
|
return [ord(bytes[i]) ^ salt[i % len(salt)] for i in range(0, len(bytes))]
|
||||||
|
|
||||||
|
def snake_to_camel(snake_str):
|
||||||
|
components = snake_str.split('_')
|
||||||
|
return components[0].lower() + ''.join(x.title() for x in components[1:])
|
||||||
|
|
||||||
|
salt = [ord(byte) for byte in os.urandom(64)]
|
||||||
|
}%
|
||||||
|
enum Secrets {
|
||||||
|
% for secret in secrets:
|
||||||
|
|
||||||
|
static var ${snake_to_camel(secret)}: String {
|
||||||
|
let encoded: [UInt8] = [
|
||||||
|
% for chunk in chunks(encode(os.environ.get(secret) or "", salt), 8):
|
||||||
|
${"".join(["0x%02x, " % byte for byte in chunk])}
|
||||||
|
% end
|
||||||
|
]
|
||||||
|
|
||||||
|
return decode(encoded, salt: salt)
|
||||||
|
}
|
||||||
|
% end
|
||||||
|
|
||||||
|
%{
|
||||||
|
# custom example: static let myVariable = "${os.environ.get('MY_CUSTOM_VARIABLE')}"
|
||||||
|
}%
|
||||||
|
}
|
||||||
|
|
||||||
|
private extension Secrets {
|
||||||
|
|
||||||
|
private static let salt: [UInt8] = [
|
||||||
|
% for chunk in chunks(salt, 8):
|
||||||
|
${"".join(["0x%02x, " % byte for byte in chunk])}
|
||||||
|
% end
|
||||||
|
]
|
||||||
|
|
||||||
|
private static func decode(_ encoded: [UInt8], salt: [UInt8]) -> String {
|
||||||
|
String(decoding: encoded.enumerated().map { (offset, element) in
|
||||||
|
element ^ salt[offset % salt.count]
|
||||||
|
}, as: UTF8.self)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/usr/bin/env python2.7
|
||||||
|
import gyb
|
||||||
|
gyb.main()
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
find "${PROJECT_DIR}" -name '*.gyb' |
|
||||||
|
while read file; do
|
||||||
|
echo "Generating ${file%.gyb}";
|
||||||
|
"${PROJECT_DIR}/Vendor/gyb" --line-directive '' -o "${file%.gyb}" "$file";
|
||||||
|
done
|
Loading…
Reference in New Issue