ci: distribute alpha demo application for feature validation (#13) (#49)

Closes #13

The aim of this commit is to provide an alpha version of the application, built using sources of a specific GitHub branch, so as to test few features for validation people.
The CI/CD chain is today based on GitLab CI with our internal runners so as to keep in our side the certificates and profiles.

This commit brings:
- update of documentation (both for dev team and release process)
- Fastlane lanes and features to allow builds and uploads
- Xcode configuration to be compliant with TestFlight and to use and display builds metadata

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

.github/DEVELOP.md

@@ -1,6 +1,21 @@
 # Developer guide
 
-## Check preconditions
+- [Technical preconditions](#technical-preconditions)
+- [Build showcase demo app](#build-showcase-demo-app)
+- [Documentation](#documentation)
+- [Build phases](#build-phases)
+- [Targets](#targets)
+- [Certificates, profiles and identifiers](#certificates-profiles-and-identifiers)
+- [Update dependencies with Renovate](#update-dependencies-with-renovate)
+- [Developer Certificate of Origin](#developer-certificate-of-origin)
+- [Commits, changelog, release note, versioning](#commits-changelog-release-note-versioning)
+  * [About commits](#about-commits)
+  * [About release note](#about-release-note)
+  * [About changelog](#about-changelog)
+- [Use of Gitleaks](#use-of-gitleaks)
+- [CI/CD](#cicd)
+
+## Technical preconditions
 
 You should check wether or not you have the tools in use in the project like _Fastlane_, _SwiftLint_, _SwiftFormat_, etc.
 You can have a look for example in thr **THIRD\_PARTY.md** file which lists any dependencies and tools we use are different levels (SDK, showcase app, projects).
@@ -14,14 +29,14 @@ bundle install
 bundle exec pod install
 
 # Some dependencies must be downloaded by hand:
-
 # For Periphery (https://github.com/peripheryapp/periphery) (dead code hunt)
 brew install peripheryapp/periphery/periphery
-
 # For gitleaks (https://github.com/gitleaks/gitleaks) (secrets leaks)
 brew install gitleaks
 ```
 
+We use also for our GitLab CI runners **Xcode 15.3**, we suggest you use this version or newer if you want but beware.
+
 ## Build showcase demo app
 
 To build the demo application follow those steps:
@@ -51,58 +66,33 @@ The Xcode project contains two targets:
 1. _Showcase_ for the demo application
 2. _Periphery_ to look for dead code in the source code
 
-## Use of Gitleaks
-
-[Gitleaks](https://gitleaks.io/) can be used to check if secrets can be leaked or not.
-A [GitHub Action](https://github.com/gitleaks/gitleaks-action) has been integrated to the repository with a configuration file defined in _/github/workflows_ named _gitleaks-action.yaml_.
-It will launch the _Gitleaks_ tool automatically.
-
-Howevere this tool does not detect plain API key mixed in URL, that is a reason why _Gitleaks_ can be called in a pre-commit hook, using the _giteaks.toml_ at the root of the prokect.
-To call _Gitleaks_ in pre-commit hooks, create a file named **pre-commit** inside _.git/hooks_ (then run `chmod u+x` in the file).
-The place the bash code bellow in this file:
-
-```bash
-# Run Gitleaks before commits
-echo "Running pre-commit hook: Use of gitleaks"
-gitleaks detect -v -l debug --source .
-
-# If the command fails, prevent the commit
-if [ $? -ne 0 ]; then
-  echo "Pre-commit hook failed. Aborting commit."
-  exit 1
-fi
-```
-
-Or just run when you want the command:
-
-```shell
-gitleaks detect -v -l debug --source .
-```
+## Certificates, profiles and identifiers
 
-Note that we face some issues about the use of _Gitleaks GitHub Action_ and _Gitleaks_ as CLI command, for fur further details see [#131](https://github.com/gitleaks/gitleaks-action/issues/131), [#132](https://github.com/gitleaks/gitleaks-action/issues/132) and [#1331](https://github.com/gitleaks/gitleaks/issues/1331).
+We choose to use Xcode automatic signing for debug builds of the app so as to make easier onboarding of newcomers in development team, and also to prevent to update provisioning profiles with individual developers certificates each team someone wants to build the app and also to prevent to register each new build device). You may need to be part of our team if you want to build in debug mode.
+Note the bundle identifier here for lcoal builds is **com.orange.ouds.demoapp-debug**, with a **-debug** suffix so as to prevent any local build to be replaced by TestFlight builds which have **com.orange.ouds.demoapp** identifiers.  
 
-_Gitleaks_ is also used in GitHub project side thanks to the [dedicated GitHub Action](https://github.com/marketplace/actions/gitleaks).
+However for release builds we use a dedicated _provisioning profile_ built with of course a _distribution certificate_(.p12 format with private key, not .cer) and the _bundle identifier_ `com.orange.ouds.demoapp` for our _Apple Team_ `France Telecom (MG2LSJNJB6)`. Thus you won't be able to build and sign in release mode without this provisioning profile and this distribution certificate. These elements are stored in our local GitLab CI runners and must not be available outside.
 
-## Update dependencies (Renovate)
+## Update dependencies with Renovate
 
 Sometimes dependencies should be updated, with for example warnings of [Renovate bot](https://github.com/apps/renovate).
 
 Here is the list of files to update to keep the project clean:
 - CHANGELOG (to note for releases the update of the version)
-- THIRD_PARTY (because we list all third-party components)
-- Of course, update and save in your VSC the new states of the Podfile, Package.swift or Gemfile (and do not forget locks!)
+- THIRD_PARTY (because we list all third-party components and their versions, it is a good practice)
+- Of course, update and save in your VCS the new states of the _Podfile_, _Package.swift_ or _Gemfile_ (and do not forget locks!)
 
 Maybe you will need to update your pods repo before if you updated a Pod:
 
 ```shell
 bundle exec pod install --repo-update
 ```
 
-## Developer Certificate of Origine (DCO Bot)
+## Developer Certificate of Origin
 
 A [GitHub Action bot](https://probot.github.io/apps/dco/) has been plugged in the repository so as to check wether or not the DCO is applied for commits.
 
-## Commits, changelog, versioning
+## Commits, changelog, release note, versioning
 
 ### About commits
 
@@ -111,10 +101,10 @@ Keep in mind to have your commits well prefixed, and with the issue number betwe
 If your commits embed contributions for other people, do not forget to [add them as co-authors](https://docs.github.com/fr/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors).
 All of you should also comply to DCO.
 
-For example, given a commit to fix the issue n°43, the commit should be like:
+For example, given a commit to fix the issue n°42, the commit should be like:
 
 ```text
-fix: title of your commit (#43)
+fix: title of your commit (#42)
 
 Some details about the fix you propose
 
@@ -125,7 +115,7 @@ Signed-off-by: First author firstname and lastname <first author email>
 Signed-off-by: Second author firstname and lastname <second author email>
 ```
 
-You can also if you want and used to hooks add a commit hook locally on your computer to check commit messages before saving them.
+You can also, if you want and used to hooks, add a commit hook locally on your computer to check commit messages before saving them.
 To do that create first a hook and give to it execution grant:
 
 ```shell
@@ -171,11 +161,11 @@ fi
 exit 0
 ```
 
-### About changelogs
+### About release note
 
-We try also to apply [keep a changelog](https://keepachangelog.com/en/1.0.0/), and [semantic versioning](https://semver.org/spec/v2.0.0.html) and [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/).
+We try also to apply [keep a changelog](https://keepachangelog.com/en/1.0.0/), and [semantic versioning](https://semver.org/spec/v2.0.0.html) both with [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/).
 
-You can generate a RELEASE_NOTE.md file using your Git history and [git cliff](https://git-cliff.org/) tool.
+You can generate a `RELEASE_NOTE.md` file using your Git history and [git cliff](https://git-cliff.org/) tool.
 Define first a `cliff.toml` configuration file containing the code bellow.
 
 ```toml
@@ -257,8 +247,10 @@ Then run the following command to build a release note from tag1 to tag2 (or HEA
 git cliff --config cliff.toml --output RELEASE_NOTE.md tag1..tag2
 ```
 
+### About changelog
+
 You can use the same tool for CHANGELOG if you want to keep only one CHANGELOG, but this tool is not suitable if several CHANGELOG exist (like one per module).
-In case you want one CHANGELOG, apply the following .toml file and run `git-cliff`.
+In case you want one CHANGELOG, apply the following `.toml` file and run `git-cliff`.
 
 ```toml
 # git-cliff ~ configuration file
@@ -354,3 +346,43 @@ topo_order = false
 # sort the commits inside sections by oldest/newest order
 sort_commits = "oldest"
 ```
+
+## Use of Gitleaks
+
+[Gitleaks](https://gitleaks.io/) can be used to check if secrets can be leaked or not.
+A [GitHub Action](https://github.com/gitleaks/gitleaks-action) has been integrated to the repository with a configuration file defined in _/github/workflows_ named _gitleaks-action.yaml_.
+It will launch the _Gitleaks_ tool automatically.
+
+Howevere this tool does not detect plain API key mixed in URL, that is a reason why _Gitleaks_ can be called in a pre-commit hook, using the _giteaks.toml_ at the root of the prokect.
+To call _Gitleaks_ in pre-commit hooks, create a file named **pre-commit** inside _.git/hooks_ (then run `chmod u+x` in the file).
+Then place the bash code bellow in this file:
+
+```bash
+# Run Gitleaks before commits
+echo "Running pre-commit hook: Use of gitleaks"
+gitleaks detect -v -l debug --source .
+
+# If the command fails, prevent the commit
+if [ $? -ne 0 ]; then
+  echo "Pre-commit hook failed. Aborting commit."
+  exit 1
+fi
+```
+
+Or just run when you want the command:
+
+```shell
+gitleaks detect -v -l debug --source .
+```
+
+Note that we face some issues about the use of _Gitleaks GitHub Action_ and _Gitleaks_ as CLI command, for fur further details see [#131](https://github.com/gitleaks/gitleaks-action/issues/131), [#132](https://github.com/gitleaks/gitleaks-action/issues/132) and [#1331](https://github.com/gitleaks/gitleaks/issues/1331).
+
+Remember _Gitleaks_ is also used in GitHub project side thanks to the [dedicated GitHub Action](https://github.com/marketplace/actions/gitleaks) but these controls are done online once commits have left the local environment.
+
+## CI/CD
+
+We use GitLab CI for CI/CD with our own runners so as to keep private our sensitive files likes certificates and provisioning profiles.
+Our currant plan does not allow to make GitHub mirroring, so we use GitHub HTTP REST API to download sources, before using Xcode to build and sign.
+If you want to set up your runners, feel free to have a look on */docs_release/README.md*
+However of course you will have to define all the variables, secrets and have the mandatory files listed above.
+

.gitignore

@@ -20,12 +20,12 @@
 /Brewfile.lock.json
 
 # Produced by CocoaPods
-Showcase/Pods/
+/Showcase/Pods/
 
 # Produced by Xcode
-Showcase/Showcase.xcodeproj/xcuserdata/
-Showcase/Showcase.xcworkspace/xcuserdata/
-DerivedData/
+/Showcase/Showcase.xcodeproj/xcuserdata/
+/Showcase/Showcase.xcworkspace/xcuserdata/
+/DerivedData/
 
 # Produced by Swift Package Manager
 .swiftpm/xcode/xcuserdata/

CHANGELOG.md

@@ -8,7 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- [Library] Create the basic architecture of the library ([#46](https://github.com/Orange-OpenSource/ouds-ios/issues/46))
+- [Showcase] Distribute demo app for feature validation ([#13](https://github.com/Orange-OpenSource/ouds-ios/issues/13))
+- [Library] Define Swift Package library for OUDS ([#46](https://github.com/Orange-OpenSource/ouds-ios/issues/46))
 - [Showcase] Create the basic architecture of the demo application ([#6](https://github.com/Orange-OpenSource/ouds-ios/issues/6))
 
 ### Changed

NOTICE.txt

@@ -8,6 +8,64 @@ in whole or part of, in any medium, except as required for reasonable and custom
 and reproducing the content of the NOTICE and DOCUMENTATION files.
 Any use or displaying shall constitute an infringement under intellectual property laws of France and international conventions.
 
+
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconDev.appiconset/[email protected]
+
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconRelease.appiconset/[email protected]
+
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+./Showcase/Showcase/Resources/Assets.xcassets/AppIconQualif.appiconset/[email protected]
+
 ./Showcase/Showcase/Resources/Assets.xcassets/ic_guideline_dna.imageset/ic_guideline_dna.svg
 ./Showcase/Showcase/Resources/Assets.xcassets/ic_component_atom.imageset/ic_component_atom.svg
 ./Showcase/Showcase/Resources/Assets.xcassets/ic_info.imageset/ic_info.svg