tofucodes diary

にほんごのほう

Apple IDの2FA必須化に伴うCI環境でのfastlane実行の問題と対応

ios devops trouble-shooting

問題

Travis CIでfastlaneの実行に利用していたApple ID(foo@example.comとする)に2FAを設定したらfastlaneがうまいこと動かなくなった。

対策1

fastlane公式ドキュメントにちゃんと対応方法が書いてある👏

docs.fastlane.tools

以下の2つの環境変数を利用して2FAのアカウントを利用する際の対応方法を試してみた。

  • FASTLANE_SESSION
  • FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD

ところが、結局毎回6digitコードを聞かれてしまいダメだった。

[06:10:52]: Login to App Store Connect (foo@example.com)
Two Factor Authentication for account 'foo@example.com' is enabled
If you're running this in a non-interactive session (e.g. server or CI)
check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
Please enter the 6 digit code: 

No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.
Check the details on how to adjust your build configuration on: https://docs.travis-ci.com/user/common-build-problems/#Build-times-out-because-no-output-was-received

The build has been terminated

対策2

公式マニュアルより

The easiest way to get fastlane running on a CI system is to create a separate Apple ID that doesn't have 2-factor authentication enabled - doesn't have the Account Holder role

  • Account Holderじゃなくて
  • 2FAを設定してない

別のApple IDを利用するのが一番簡単とのこと。

別のApple ID(bar@example.comとする)を試してみる。

そして、エラーになる。

[09:00:07]: Making sure the latest version on App Store Connect matches '1.9.9' from the ipa file...
[09:00:08]: '1.9.9' is the latest version on App Store Connect
[09:00:11]: Uploading metadata to App Store Connect
[09:00:13]: Successfully uploaded set of metadata to App Store Connect
[09:00:14]: Starting with the upload of screenshots...
[09:00:14]: Successfully uploaded screenshots to App Store Connect
[09:00:14]: Uploading binary to App Store Connect
[09:00:16]: Fetching password for transporter from environment variable named `FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD`
[09:00:16]: Going to upload updated app to App Store Connect
[09:00:16]: This might take a few minutes. Please don't interrupt the script.
[09:00:21]: [Transporter Error Output]: Your Apple ID or password was entered incorrectly. (-20101)
-------------------------------------------------------------------------------------
Please provide your Apple Developer Program account credentials
The login information you enter will be stored in your macOS Keychain
You can also pass the password using the `FASTLANE_PASSWORD` environment variable
See more information about it on GitHub: https://github.com/fastlane/fastlane/tree/master/credentials_manager
-------------------------------------------------------------------------------------
The login credentials for 'bar@example.com' seem to be wrong
The password was taken from the environment variable
Please make sure it is correct
[09:06:08]: Please run this tool again to apply the new password
[09:06:08]: Transporter transfer failed.
[09:06:08]:
[09:06:08]: Your Apple ID or password was entered incorrectly. (-20101)
[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter StatisticsPreviousCallDurationInSecs = 0.338798522

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter TransporterArguments = -m upload -u bar@example.com -p **hidden value** -f /tmp/1220373112.itmsp -t DAV -t Signiant -k 100000

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter Version = 1.13.0

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter iTMSTransporterMode = upload

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main>  INFO: id = 20190328090021-173

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main>  INFO: iTMSTransporter Correlation Key: 16925438-6961-40a7-a474-0b6386e4ea3e

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X: Apple's web service operation return value:

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter Errors = [Your Apple ID or password was entered incorrectly. (-20101)]

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter EnableJWTForAllCalls = false

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter RestartClient = false

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter ErrorCode = -20101

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter ErrorMessage = Your Apple ID or password was entered incorrectly. (-20101)

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X:   parameter Success = false

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> ERROR: Your Apple ID or password was entered incorrectly. (-20101)

[09:06:08]: [iTMSTransporter] [2019-03-28 09:00:21 GMT] <main> DBG-X: Returning 1

[09:06:08]: iTunes Transporter output above ^
[09:06:08]: Your Apple ID or password was entered incorrectly. (-20101)
Return status of iTunes Transporter was 1: Your Apple ID or password was entered incorrectly. (-20101)
The call to the iTMSTransporter completed with a non-zero exit status: 1. This indicates a failure.

CredentialsManagerを試してみる

See more information about it on GitHub: https://github.com/fastlane/fastlane/tree/master/credentials_manager

ということなのでリンク先を参考にfastlane-credentialを試してみる。

Traviss-Mac-6:ios-app travis$ fastlane fastlane-credentials add --username bar@example.com
[✔]
Password: ************
Credential bar@example.com:************ added to keychain.

が結果は変わらず。

想像力を働かせる

[09:00:14]: Uploading binary to App Store Connect
[09:00:16]: Fetching password for transporter from environment variable named FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD
...
The login credentials for 'bar@example.com' seem to be wrong

ビルドログを何度も眺め直してから、ある仮説を立てる。

  • ipaのアップロードにFASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORDを利用してるようだ
  • このパスワードはAccount Holderのfoo@example.comApple IDで作成したもの
  • でもfastlane deliverbar@example.comのアカウントで行うように設定してる
  • つまりFASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORDがなにか余計なことしてる?

ということで対策1で環境変数にセットしていたFASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORDを削除してみたところ、無事にipaのアップロードに成功🎉

結論

  • 2FA設定してるApple IDでfastlane deliverが動かない(たぶん自分の設定が悪いけど原因わからない)
  • 2FA設定してないApple IDでfastlane deliverするときは環境変数FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORDセットしちゃうとAppStoreConnectにログインできないので注意