From 9318f8fb38c8e704a07787460cd1e5e18522b294 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Mon, 11 Sep 2023 17:32:54 -0700 Subject: [PATCH 01/20] Add SPM sample project for App Attest example Also base .xcodeproj for CocoaPods sample on SPR project --- Package.swift | 2 +- .../project.pbxproj | 199 +++++++- .../xcschemes/AppAttestExample.xcscheme | 22 +- .../AppAttestExample.xctestplan | 36 ++ .../AppCheckSecretReader.swift | 12 + .../project.pbxproj | 459 ++++++++++++++++++ .../xcschemes/AppAttestExample.xcscheme | 113 +++++ .../AppAttestExampleTests.swift | 30 ++ Samples/Swift/AppAttestExample/Podfile | 4 +- 9 files changed, 853 insertions(+), 24 deletions(-) create mode 100644 Samples/Swift/AppAttestExample/AppAttestExample.xctestplan create mode 100644 Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj create mode 100644 Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme create mode 100644 Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift diff --git a/Package.swift b/Package.swift index be46e8bd..827ffde3 100644 --- a/Package.swift +++ b/Package.swift @@ -48,7 +48,7 @@ let package = Package( .package( name: "AppCheck", url: "https://github.com/google/app-check.git", - .branch("CocoaPods-0.1.0-alpha.6")), + .branch("CocoaPods-0.1.0-alpha.9")), .package( name: "GTMAppAuth", url: "https://github.com/google/GTMAppAuth.git", diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index e976444d..419bcc57 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -7,16 +7,32 @@ objects = { /* Begin PBXBuildFile section */ - 4D8DB53AAE2F7D0055DCEA7F /* Pods_AppAttestExample.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 91F3A930BB86D9E0648046BC /* Pods_AppAttestExample.framework */; }; + 1A2F00DF92FDD776B365CB5E /* Pods_AppAttestExample.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 91F3A930BB86D9E0648046BC /* Pods_AppAttestExample.framework */; }; + 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */; }; + 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73080B382AAF9F1400DEF667 /* GoogleSignIn */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */; }; 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */; }; 73A464062A1C3B3400BA8528 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464052A1C3B3400BA8528 /* ContentView.swift */; }; 73A4640B2A1C3B3500BA8528 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 73A4640A2A1C3B3500BA8528 /* Preview Assets.xcassets */; }; + 73CD4AB22AAF915900642462 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73CD4AB12AAF915900642462 /* GoogleSignIn */; }; + 73CD4AB42AAF915F00642462 /* GoogleSignInSwift in Frameworks */ = {isa = PBXBuildFile; productRef = 73CD4AB32AAF915F00642462 /* GoogleSignInSwift */; }; /* End PBXBuildFile section */ +/* Begin PBXContainerItemProxy section */ + 73080B352AAF9EAD00DEF667 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 73A463F82A1C3B3400BA8528 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 73A463FF2A1C3B3400BA8528; + remoteInfo = AppAttestExample; + }; +/* End PBXContainerItemProxy section */ + /* Begin PBXFileReference section */ 1C96B5B2B34E31F1A1CEE95E /* Pods-AppAttestExample.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AppAttestExample.release.xcconfig"; path = "Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample.release.xcconfig"; sourceTree = ""; }; + 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = AppAttestExampleTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; + 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = AppCheckSecrets.xcconfig; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; @@ -26,16 +42,28 @@ 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleApp.swift; sourceTree = ""; }; 73A464052A1C3B3400BA8528 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; 73A4640A2A1C3B3500BA8528 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; + 73CD4AB02AAF8C8500642462 /* GoogleSignIn-iOS */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = "GoogleSignIn-iOS"; path = ../../..; sourceTree = ""; }; + 73D87D512AAFE0FE002D841C /* AppAttestExample.xctestplan */ = {isa = PBXFileReference; lastKnownFileType = text; path = AppAttestExample.xctestplan; sourceTree = ""; }; 7D9832F2FFAF408698660CA8 /* Pods-AppAttestExample.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AppAttestExample.debug.xcconfig"; path = "Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample.debug.xcconfig"; sourceTree = ""; }; 91F3A930BB86D9E0648046BC /* Pods_AppAttestExample.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_AppAttestExample.framework; sourceTree = BUILT_PRODUCTS_DIR; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ + 73080B252AAF9BDE00DEF667 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 73A463FD2A1C3B3400BA8528 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - 4D8DB53AAE2F7D0055DCEA7F /* Pods_AppAttestExample.framework in Frameworks */, + 73CD4AB22AAF915900642462 /* GoogleSignIn in Frameworks */, + 73CD4AB42AAF915F00642462 /* GoogleSignInSwift in Frameworks */, + 1A2F00DF92FDD776B365CB5E /* Pods_AppAttestExample.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -51,10 +79,21 @@ path = Pods; sourceTree = ""; }; + 73080B292AAF9BDE00DEF667 /* AppAttestExampleTests */ = { + isa = PBXGroup; + children = ( + 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */, + ); + path = AppAttestExampleTests; + sourceTree = ""; + }; 73A463F72A1C3B3400BA8528 = { isa = PBXGroup; children = ( + 73D87D512AAFE0FE002D841C /* AppAttestExample.xctestplan */, + 73CD4AAF2AAF8C8500642462 /* Packages */, 73A464022A1C3B3400BA8528 /* AppAttestExample */, + 73080B292AAF9BDE00DEF667 /* AppAttestExampleTests */, 73A464012A1C3B3400BA8528 /* Products */, 6B1005926777EEB3C903F93A /* Pods */, A73FBC2B93918F4B411815A1 /* Frameworks */, @@ -65,6 +104,7 @@ isa = PBXGroup; children = ( 73A464002A1C3B3400BA8528 /* AppAttestExample.app */, + 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */, ); name = Products; sourceTree = ""; @@ -92,6 +132,14 @@ path = "Preview Content"; sourceTree = ""; }; + 73CD4AAF2AAF8C8500642462 /* Packages */ = { + isa = PBXGroup; + children = ( + 73CD4AB02AAF8C8500642462 /* GoogleSignIn-iOS */, + ); + name = Packages; + sourceTree = ""; + }; A73FBC2B93918F4B411815A1 /* Frameworks */ = { isa = PBXGroup; children = ( @@ -103,21 +151,46 @@ /* End PBXGroup section */ /* Begin PBXNativeTarget section */ + 73080B272AAF9BDE00DEF667 /* AppAttestExampleTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 73080B302AAF9BDE00DEF667 /* Build configuration list for PBXNativeTarget "AppAttestExampleTests" */; + buildPhases = ( + 73080B242AAF9BDE00DEF667 /* Sources */, + 73080B252AAF9BDE00DEF667 /* Frameworks */, + 73080B262AAF9BDE00DEF667 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + 73080B362AAF9EAD00DEF667 /* PBXTargetDependency */, + ); + name = AppAttestExampleTests; + packageProductDependencies = ( + 73080B382AAF9F1400DEF667 /* GoogleSignIn */, + ); + productName = AppAttestExampleTests; + productReference = 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; 73A463FF2A1C3B3400BA8528 /* AppAttestExample */ = { isa = PBXNativeTarget; buildConfigurationList = 73A4640E2A1C3B3500BA8528 /* Build configuration list for PBXNativeTarget "AppAttestExample" */; buildPhases = ( - D6AEC62E9810AEFD4C28F50F /* [CP] Check Pods Manifest.lock */, + 3183FF6EC2A0A2FE6C4A317F /* [CP] Check Pods Manifest.lock */, 73A463FC2A1C3B3400BA8528 /* Sources */, 73A463FD2A1C3B3400BA8528 /* Frameworks */, 73A463FE2A1C3B3400BA8528 /* Resources */, - C031D9D83F25CB0CD2512F23 /* [CP] Copy Pods Resources */, + C0679656EB58F5128B795D24 /* [CP] Copy Pods Resources */, ); buildRules = ( ); dependencies = ( ); name = AppAttestExample; + packageProductDependencies = ( + 73CD4AB12AAF915900642462 /* GoogleSignIn */, + 73CD4AB32AAF915F00642462 /* GoogleSignInSwift */, + ); productName = AppAttestExample; productReference = 73A464002A1C3B3400BA8528 /* AppAttestExample.app */; productType = "com.apple.product-type.application"; @@ -132,6 +205,10 @@ LastSwiftUpdateCheck = 1430; LastUpgradeCheck = 1430; TargetAttributes = { + 73080B272AAF9BDE00DEF667 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 73A463FF2A1C3B3400BA8528; + }; 73A463FF2A1C3B3400BA8528 = { CreatedOnToolsVersion = 14.3; }; @@ -151,11 +228,19 @@ projectRoot = ""; targets = ( 73A463FF2A1C3B3400BA8528 /* AppAttestExample */, + 73080B272AAF9BDE00DEF667 /* AppAttestExampleTests */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ + 73080B262AAF9BDE00DEF667 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; 73A463FE2A1C3B3400BA8528 /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; @@ -167,48 +252,56 @@ /* End PBXResourcesBuildPhase section */ /* Begin PBXShellScriptBuildPhase section */ - C031D9D83F25CB0CD2512F23 /* [CP] Copy Pods Resources */ = { + 3183FF6EC2A0A2FE6C4A317F /* [CP] Check Pods Manifest.lock */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( ); inputFileListPaths = ( - "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-input-files.xcfilelist", ); - name = "[CP] Copy Pods Resources"; + inputPaths = ( + "${PODS_PODFILE_DIR_PATH}/Podfile.lock", + "${PODS_ROOT}/Manifest.lock", + ); + name = "[CP] Check Pods Manifest.lock"; outputFileListPaths = ( - "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-output-files.xcfilelist", + ); + outputPaths = ( + "$(DERIVED_FILE_DIR)/Pods-AppAttestExample-checkManifestLockResult.txt", ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources.sh\"\n"; + shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; showEnvVarsInLog = 0; }; - D6AEC62E9810AEFD4C28F50F /* [CP] Check Pods Manifest.lock */ = { + C0679656EB58F5128B795D24 /* [CP] Copy Pods Resources */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( ); inputFileListPaths = ( + "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-input-files.xcfilelist", ); - inputPaths = ( - "${PODS_PODFILE_DIR_PATH}/Podfile.lock", - "${PODS_ROOT}/Manifest.lock", - ); - name = "[CP] Check Pods Manifest.lock"; + name = "[CP] Copy Pods Resources"; outputFileListPaths = ( - ); - outputPaths = ( - "$(DERIVED_FILE_DIR)/Pods-AppAttestExample-checkManifestLockResult.txt", + "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-output-files.xcfilelist", ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; + shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources.sh\"\n"; showEnvVarsInLog = 0; }; /* End PBXShellScriptBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ + 73080B242AAF9BDE00DEF667 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 73A463FC2A1C3B3400BA8528 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; @@ -222,7 +315,49 @@ }; /* End PBXSourcesBuildPhase section */ +/* Begin PBXTargetDependency section */ + 73080B362AAF9EAD00DEF667 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 73A463FF2A1C3B3400BA8528 /* AppAttestExample */; + targetProxy = 73080B352AAF9EAD00DEF667 /* PBXContainerItemProxy */; + }; +/* End PBXTargetDependency section */ + /* Begin XCBuildConfiguration section */ + 73080B2E2AAF9BDE00DEF667 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = com.google.AppAttestExampleTests; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/AppAttestExample.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/AppAttestExample"; + }; + name = Debug; + }; + 73080B2F2AAF9BDE00DEF667 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = com.google.AppAttestExampleTests; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/AppAttestExample.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/AppAttestExample"; + }; + name = Release; + }; 73A4640C2A1C3B3500BA8528 /* Debug */ = { isa = XCBuildConfiguration; baseConfigurationReference = 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */; @@ -355,6 +490,7 @@ DEVELOPMENT_TEAM = ""; "DEVELOPMENT_TEAM[sdk=iphoneos*]" = EQHXZ8M8AV; ENABLE_PREVIEWS = YES; + ENABLE_TESTING_SEARCH_PATHS = NO; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = AppAttestExample/Info.plist; INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; @@ -392,6 +528,7 @@ DEVELOPMENT_TEAM = ""; "DEVELOPMENT_TEAM[sdk=iphoneos*]" = EQHXZ8M8AV; ENABLE_PREVIEWS = YES; + ENABLE_TESTING_SEARCH_PATHS = NO; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = AppAttestExample/Info.plist; INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; @@ -417,6 +554,15 @@ /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ + 73080B302AAF9BDE00DEF667 /* Build configuration list for PBXNativeTarget "AppAttestExampleTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 73080B2E2AAF9BDE00DEF667 /* Debug */, + 73080B2F2AAF9BDE00DEF667 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; 73A463FB2A1C3B3400BA8528 /* Build configuration list for PBXProject "AppAttestExample" */ = { isa = XCConfigurationList; buildConfigurations = ( @@ -436,6 +582,21 @@ defaultConfigurationName = Release; }; /* End XCConfigurationList section */ + +/* Begin XCSwiftPackageProductDependency section */ + 73080B382AAF9F1400DEF667 /* GoogleSignIn */ = { + isa = XCSwiftPackageProductDependency; + productName = GoogleSignIn; + }; + 73CD4AB12AAF915900642462 /* GoogleSignIn */ = { + isa = XCSwiftPackageProductDependency; + productName = GoogleSignIn; + }; + 73CD4AB32AAF915F00642462 /* GoogleSignInSwift */ = { + isa = XCSwiftPackageProductDependency; + productName = GoogleSignInSwift; + }; +/* End XCSwiftPackageProductDependency section */ }; rootObject = 73A463F82A1C3B3400BA8528 /* Project object */; } diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme index f2c125f8..d6cfaf2a 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme @@ -26,8 +26,26 @@ buildConfiguration = "Debug" selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB" selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB" - shouldUseLaunchSchemeArgsEnv = "YES" - shouldAutocreateTestPlan = "YES"> + shouldUseLaunchSchemeArgsEnv = "YES"> + + + + + + + + + + /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; + showEnvVarsInLog = 0; + }; + D116F83514234BBFA76A4CC4 /* [CP] Copy Pods Resources */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + "${PODS_ROOT}/Target Support Files/Pods-AppAttestExampleForPod/Pods-AppAttestExampleForPod-resources-${CONFIGURATION}-input-files.xcfilelist", + ); + name = "[CP] Copy Pods Resources"; + outputFileListPaths = ( + "${PODS_ROOT}/Target Support Files/Pods-AppAttestExampleForPod/Pods-AppAttestExampleForPod-resources-${CONFIGURATION}-output-files.xcfilelist", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-AppAttestExampleForPod/Pods-AppAttestExampleForPod-resources.sh\"\n"; + showEnvVarsInLog = 0; + }; +/* End PBXShellScriptBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 73A463FC2A1C3B3400BA8528 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */, + 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */, + 73A464062A1C3B3400BA8528 /* ContentView.swift in Sources */, + 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 73A4640C2A1C3B3500BA8528 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + INFOPLIST_FILE = ""; + IPHONEOS_DEPLOYMENT_TARGET = 16.4; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = iphoneos; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 73A4640D2A1C3B3500BA8528 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + INFOPLIST_FILE = ""; + IPHONEOS_DEPLOYMENT_TARGET = 16.4; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = iphoneos; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + 73A4640F2A1C3B3500BA8528 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = E27EB8376FDCD7AB29F8A522 /* Pods-AppAttestExampleForPod.debug.xcconfig */; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_ENTITLEMENTS = AppAttestExample/AppAttestExample.entitlements; + CODE_SIGN_IDENTITY = "Apple Development"; + "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; + CODE_SIGN_STYLE = Manual; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"AppAttestExample/Preview Content\""; + DEVELOPMENT_TEAM = ""; + "DEVELOPMENT_TEAM[sdk=iphoneos*]" = EQHXZ8M8AV; + ENABLE_PREVIEWS = YES; + ENABLE_TESTING_SEARCH_PATHS = NO; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = AppAttestExample/Info.plist; + INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchScreen_Generation = YES; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = com.google.experimental0.dev; + PRODUCT_NAME = "$(TARGET_NAME)"; + PROVISIONING_PROFILE_SPECIFIER = ""; + "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "Experimental App 0 Dev"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Debug; + }; + 73A464102A1C3B3500BA8528 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DB9DDDAE875580597968F796 /* Pods-AppAttestExampleForPod.release.xcconfig */; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_ENTITLEMENTS = AppAttestExample/AppAttestExample.entitlements; + CODE_SIGN_IDENTITY = "Apple Development"; + "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Developer"; + CODE_SIGN_STYLE = Manual; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"AppAttestExample/Preview Content\""; + DEVELOPMENT_TEAM = ""; + "DEVELOPMENT_TEAM[sdk=iphoneos*]" = EQHXZ8M8AV; + ENABLE_PREVIEWS = YES; + ENABLE_TESTING_SEARCH_PATHS = NO; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_FILE = AppAttestExample/Info.plist; + INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchScreen_Generation = YES; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = com.google.experimental0.dev; + PRODUCT_NAME = "$(TARGET_NAME)"; + PROVISIONING_PROFILE_SPECIFIER = ""; + "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "Experimental App 0 Dev"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 73A463FB2A1C3B3400BA8528 /* Build configuration list for PBXProject "AppAttestExampleForPod" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 73A4640C2A1C3B3500BA8528 /* Debug */, + 73A4640D2A1C3B3500BA8528 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 73A4640E2A1C3B3500BA8528 /* Build configuration list for PBXNativeTarget "AppAttestExampleForPod" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 73A4640F2A1C3B3500BA8528 /* Debug */, + 73A464102A1C3B3500BA8528 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 73A463F82A1C3B3400BA8528 /* Project object */; +} diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme new file mode 100644 index 00000000..0dd1c353 --- /dev/null +++ b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme @@ -0,0 +1,113 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift b/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift new file mode 100644 index 00000000..cc7a6130 --- /dev/null +++ b/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift @@ -0,0 +1,30 @@ +/* + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import XCTest +@testable import AppAttestExample + +final class AppAttestExampleTests: XCTestCase { + func testThatAPIKeyCanBeReadFromEnvironment() { + let secretsReader = AppCheckSecretReader() + XCTAssertNotNil(secretsReader.APIKey) + } + + func testThatDebugTokenCanBeReadFromEnvironment() { + let secretsReader = AppCheckSecretReader() + XCTAssertNotNil(secretsReader.debugToken) + } +} diff --git a/Samples/Swift/AppAttestExample/Podfile b/Samples/Swift/AppAttestExample/Podfile index 9554395e..2805b5c8 100644 --- a/Samples/Swift/AppAttestExample/Podfile +++ b/Samples/Swift/AppAttestExample/Podfile @@ -3,11 +3,11 @@ source 'https://github.com/firebase/SpecsDev.git' pod 'GoogleSignIn', :path => '../../../', :testspecs => ['unit'] pod 'GoogleSignInSwiftSupport', :path => '../../../', :testspecs => ['unit'] -project 'AppAttestExample.xcodeproj' +project 'AppAttestExampleForPod.xcodeproj' use_frameworks! :linkage => :static -target 'AppAttestExample' do +target 'AppAttestExampleForPod' do pod 'AppCheckCore' platform :ios, '14.0' end From 8505715bf52b2a7bd4c512c4db475f29108e9e0e Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Mon, 11 Sep 2023 17:38:51 -0700 Subject: [PATCH 02/20] Update integration test workflow to include app check key and token tests --- .github/workflows/integration_tests.yml | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 08aee1c9..5f15ee79 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -40,3 +40,35 @@ jobs: -destination 'platform=iOS Simulator,name=iPhone 11' \ EMAIL_SECRET=$EMAIL_SECRET \ PASSWORD_SECRET=$PASSWORD_SECRET + + app-check-api-token-tests + runs-on: macOS-12 + # Don't run if triggered by a PR from a fork since our Secrets won't be provided to the runner. + if: "!github.event.pull_request.head.repo.fork" + defaults: + run: + working-directory: Samples/Swift/AppAttestExample + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Build test target for App Check Example + run: | + xcodebuild \ + -project AppAttestExample.xcodeproj \ + build-for-testing \ + -scheme AppCheckExample \ + -sdk iphonesimulator \ + -destination 'platform=iOS Simulator,name=iPhone 11' + - name: Run test target for App Check Example + env: + AppCheckDebugToken : ${{ secrets.AppCheckDebugToken }} + APP_CHECK_WEB_API_KEY : ${{ secrets.APP_CHECK_WEB_API_KEY }} + run: | + xcodebuild \ + -project AppCheckExample.xcodeproj \ + test-without-building \ + -scheme AppCheckExample \ + -sdk iphonesimulator \ + -destination 'platform=iOS Simulator,name=iPhone 11' \ + AppCheckDebugToken=$AppCheckDebugToken \ + APP_CHECK_WEB_API_KEY=$APP_CHECK_WEB_API_KEY From dfcb02f908aeee2581da9aa85e8364c9b84e7276 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Mon, 11 Sep 2023 17:43:08 -0700 Subject: [PATCH 03/20] Update secret name for debug token to snake case --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 5f15ee79..c1e92cea 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -61,7 +61,7 @@ jobs: -destination 'platform=iOS Simulator,name=iPhone 11' - name: Run test target for App Check Example env: - AppCheckDebugToken : ${{ secrets.AppCheckDebugToken }} + AppCheckDebugToken : ${{ secrets.APP_CHECK_DEBUG_TOKEN }} APP_CHECK_WEB_API_KEY : ${{ secrets.APP_CHECK_WEB_API_KEY }} run: | xcodebuild \ From 3405edaf6989055cc8163670b01b62207a00cb5b Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Mon, 11 Sep 2023 17:49:39 -0700 Subject: [PATCH 04/20] Fix typo in workflow file --- .github/workflows/integration_tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index c1e92cea..92bcebfc 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -41,7 +41,7 @@ jobs: EMAIL_SECRET=$EMAIL_SECRET \ PASSWORD_SECRET=$PASSWORD_SECRET - app-check-api-token-tests + app-check-api-token-tests: runs-on: macOS-12 # Don't run if triggered by a PR from a fork since our Secrets won't be provided to the runner. if: "!github.event.pull_request.head.repo.fork" From 5a2da8b1bbc1700d4b3f374e49e3049a235f85fb Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Mon, 11 Sep 2023 18:53:59 -0700 Subject: [PATCH 05/20] Fix project configuration to run AppAttestExample in workflow --- .../project.pbxproj | 60 ------------------- 1 file changed, 60 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index 419bcc57..089f362b 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -7,7 +7,6 @@ objects = { /* Begin PBXBuildFile section */ - 1A2F00DF92FDD776B365CB5E /* Pods_AppAttestExample.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 91F3A930BB86D9E0648046BC /* Pods_AppAttestExample.framework */; }; 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */; }; 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73080B382AAF9F1400DEF667 /* GoogleSignIn */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; @@ -30,7 +29,6 @@ /* End PBXContainerItemProxy section */ /* Begin PBXFileReference section */ - 1C96B5B2B34E31F1A1CEE95E /* Pods-AppAttestExample.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AppAttestExample.release.xcconfig"; path = "Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample.release.xcconfig"; sourceTree = ""; }; 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = AppAttestExampleTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; @@ -44,7 +42,6 @@ 73A4640A2A1C3B3500BA8528 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; 73CD4AB02AAF8C8500642462 /* GoogleSignIn-iOS */ = {isa = PBXFileReference; lastKnownFileType = wrapper; name = "GoogleSignIn-iOS"; path = ../../..; sourceTree = ""; }; 73D87D512AAFE0FE002D841C /* AppAttestExample.xctestplan */ = {isa = PBXFileReference; lastKnownFileType = text; path = AppAttestExample.xctestplan; sourceTree = ""; }; - 7D9832F2FFAF408698660CA8 /* Pods-AppAttestExample.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AppAttestExample.debug.xcconfig"; path = "Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample.debug.xcconfig"; sourceTree = ""; }; 91F3A930BB86D9E0648046BC /* Pods_AppAttestExample.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_AppAttestExample.framework; sourceTree = BUILT_PRODUCTS_DIR; }; /* End PBXFileReference section */ @@ -63,22 +60,12 @@ files = ( 73CD4AB22AAF915900642462 /* GoogleSignIn in Frameworks */, 73CD4AB42AAF915F00642462 /* GoogleSignInSwift in Frameworks */, - 1A2F00DF92FDD776B365CB5E /* Pods_AppAttestExample.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ - 6B1005926777EEB3C903F93A /* Pods */ = { - isa = PBXGroup; - children = ( - 7D9832F2FFAF408698660CA8 /* Pods-AppAttestExample.debug.xcconfig */, - 1C96B5B2B34E31F1A1CEE95E /* Pods-AppAttestExample.release.xcconfig */, - ); - path = Pods; - sourceTree = ""; - }; 73080B292AAF9BDE00DEF667 /* AppAttestExampleTests */ = { isa = PBXGroup; children = ( @@ -95,7 +82,6 @@ 73A464022A1C3B3400BA8528 /* AppAttestExample */, 73080B292AAF9BDE00DEF667 /* AppAttestExampleTests */, 73A464012A1C3B3400BA8528 /* Products */, - 6B1005926777EEB3C903F93A /* Pods */, A73FBC2B93918F4B411815A1 /* Frameworks */, ); sourceTree = ""; @@ -176,11 +162,9 @@ isa = PBXNativeTarget; buildConfigurationList = 73A4640E2A1C3B3500BA8528 /* Build configuration list for PBXNativeTarget "AppAttestExample" */; buildPhases = ( - 3183FF6EC2A0A2FE6C4A317F /* [CP] Check Pods Manifest.lock */, 73A463FC2A1C3B3400BA8528 /* Sources */, 73A463FD2A1C3B3400BA8528 /* Frameworks */, 73A463FE2A1C3B3400BA8528 /* Resources */, - C0679656EB58F5128B795D24 /* [CP] Copy Pods Resources */, ); buildRules = ( ); @@ -251,48 +235,6 @@ }; /* End PBXResourcesBuildPhase section */ -/* Begin PBXShellScriptBuildPhase section */ - 3183FF6EC2A0A2FE6C4A317F /* [CP] Check Pods Manifest.lock */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputFileListPaths = ( - ); - inputPaths = ( - "${PODS_PODFILE_DIR_PATH}/Podfile.lock", - "${PODS_ROOT}/Manifest.lock", - ); - name = "[CP] Check Pods Manifest.lock"; - outputFileListPaths = ( - ); - outputPaths = ( - "$(DERIVED_FILE_DIR)/Pods-AppAttestExample-checkManifestLockResult.txt", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; - showEnvVarsInLog = 0; - }; - C0679656EB58F5128B795D24 /* [CP] Copy Pods Resources */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputFileListPaths = ( - "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-input-files.xcfilelist", - ); - name = "[CP] Copy Pods Resources"; - outputFileListPaths = ( - "${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources-${CONFIGURATION}-output-files.xcfilelist", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-AppAttestExample/Pods-AppAttestExample-resources.sh\"\n"; - showEnvVarsInLog = 0; - }; -/* End PBXShellScriptBuildPhase section */ - /* Begin PBXSourcesBuildPhase section */ 73080B242AAF9BDE00DEF667 /* Sources */ = { isa = PBXSourcesBuildPhase; @@ -477,7 +419,6 @@ }; 73A4640F2A1C3B3500BA8528 /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 7D9832F2FFAF408698660CA8 /* Pods-AppAttestExample.debug.xcconfig */; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; @@ -515,7 +456,6 @@ }; 73A464102A1C3B3500BA8528 /* Release */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 1C96B5B2B34E31F1A1CEE95E /* Pods-AppAttestExample.release.xcconfig */; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; From 54348d8d2c8645dba720bed293d3177a4a4f79b3 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 10:39:40 -0700 Subject: [PATCH 06/20] Update integration test workflow to use correct names --- .github/workflows/integration_tests.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 92bcebfc..deb3d29e 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -56,7 +56,7 @@ jobs: xcodebuild \ -project AppAttestExample.xcodeproj \ build-for-testing \ - -scheme AppCheckExample \ + -scheme AppAttestExample \ -sdk iphonesimulator \ -destination 'platform=iOS Simulator,name=iPhone 11' - name: Run test target for App Check Example @@ -65,9 +65,9 @@ jobs: APP_CHECK_WEB_API_KEY : ${{ secrets.APP_CHECK_WEB_API_KEY }} run: | xcodebuild \ - -project AppCheckExample.xcodeproj \ + -project AppAttestExample.xcodeproj \ test-without-building \ - -scheme AppCheckExample \ + -scheme AppAttestExample \ -sdk iphonesimulator \ -destination 'platform=iOS Simulator,name=iPhone 11' \ AppCheckDebugToken=$AppCheckDebugToken \ From 19ba6d3daf8424fb642d5802e0d08aca6ff54734 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 11:03:02 -0700 Subject: [PATCH 07/20] Try iPhone 14 for AppAttestExample integration test --- .github/workflows/integration_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index deb3d29e..98b506df 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -58,7 +58,7 @@ jobs: build-for-testing \ -scheme AppAttestExample \ -sdk iphonesimulator \ - -destination 'platform=iOS Simulator,name=iPhone 11' + -destination 'platform=iOS Simulator,name=iPhone 14' - name: Run test target for App Check Example env: AppCheckDebugToken : ${{ secrets.APP_CHECK_DEBUG_TOKEN }} @@ -69,6 +69,6 @@ jobs: test-without-building \ -scheme AppAttestExample \ -sdk iphonesimulator \ - -destination 'platform=iOS Simulator,name=iPhone 11' \ + -destination 'platform=iOS Simulator,name=iPhone 14' \ AppCheckDebugToken=$AppCheckDebugToken \ APP_CHECK_WEB_API_KEY=$APP_CHECK_WEB_API_KEY From dc6a606a733f9e84e138421c489cf354a6ce75bc Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 12:54:56 -0700 Subject: [PATCH 08/20] Downgrade iOS support to 16 in AppAttestExample to run on Xcode 14.2 in GitHub workflow --- .github/workflows/integration_tests.yml | 4 ++-- .../AppAttestExample.xcodeproj/project.pbxproj | 2 ++ Samples/Swift/AppAttestExample/AppAttestExample.xctestplan | 4 ++++ .../AppAttestExampleForPod.xcodeproj/project.pbxproj | 2 ++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml index 98b506df..deb3d29e 100644 --- a/.github/workflows/integration_tests.yml +++ b/.github/workflows/integration_tests.yml @@ -58,7 +58,7 @@ jobs: build-for-testing \ -scheme AppAttestExample \ -sdk iphonesimulator \ - -destination 'platform=iOS Simulator,name=iPhone 14' + -destination 'platform=iOS Simulator,name=iPhone 11' - name: Run test target for App Check Example env: AppCheckDebugToken : ${{ secrets.APP_CHECK_DEBUG_TOKEN }} @@ -69,6 +69,6 @@ jobs: test-without-building \ -scheme AppAttestExample \ -sdk iphonesimulator \ - -destination 'platform=iOS Simulator,name=iPhone 14' \ + -destination 'platform=iOS Simulator,name=iPhone 11' \ AppCheckDebugToken=$AppCheckDebugToken \ APP_CHECK_WEB_API_KEY=$APP_CHECK_WEB_API_KEY diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index 089f362b..2249c295 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -439,6 +439,7 @@ INFOPLIST_KEY_UILaunchScreen_Generation = YES; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", @@ -476,6 +477,7 @@ INFOPLIST_KEY_UILaunchScreen_Generation = YES; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xctestplan b/Samples/Swift/AppAttestExample/AppAttestExample.xctestplan index 1368586e..1f7415fb 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xctestplan +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xctestplan @@ -14,6 +14,10 @@ { "key" : "AppCheckDebugToken", "value" : "$(AppCheckDebugToken)" + }, + { + "key" : "APP_CHECK_WEB_API_KEY", + "value" : "$(APP_CHECK_WEB_API_KEY)" } ], "targetForVariableExpansion" : { diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj index c82bd36e..ff94a164 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj @@ -379,6 +379,7 @@ INFOPLIST_KEY_UILaunchScreen_Generation = YES; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", @@ -417,6 +418,7 @@ INFOPLIST_KEY_UILaunchScreen_Generation = YES; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", From 57f90999c6d7101cf2a44ca5e8766c902f5d2206 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 13:04:51 -0700 Subject: [PATCH 09/20] Update minimum iOS in all places --- .../AppAttestExample.xcodeproj/project.pbxproj | 6 ++++-- .../AppAttestExampleForPod.xcodeproj/project.pbxproj | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index 2249c295..bcf77eee 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -273,6 +273,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; GENERATE_INFOPLIST_FILE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = com.google.AppAttestExampleTests; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -290,6 +291,7 @@ CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; GENERATE_INFOPLIST_FILE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = com.google.AppAttestExampleTests; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -352,7 +354,7 @@ GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_FILE = ""; - IPHONEOS_DEPLOYMENT_TARGET = 16.4; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; @@ -407,7 +409,7 @@ GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_FILE = ""; - IPHONEOS_DEPLOYMENT_TARGET = 16.4; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = iphoneos; diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj index ff94a164..4751a83f 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj @@ -291,7 +291,7 @@ GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_FILE = ""; - IPHONEOS_DEPLOYMENT_TARGET = 16.4; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; @@ -346,7 +346,7 @@ GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; INFOPLIST_FILE = ""; - IPHONEOS_DEPLOYMENT_TARGET = 16.4; + IPHONEOS_DEPLOYMENT_TARGET = 16.0; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = iphoneos; From 7360e2aaf7a1c445f1830453670516f12197f27d Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 14:57:23 -0700 Subject: [PATCH 10/20] Add empty xcconfig so project can build in CI --- .gitignore | 1 - .../AppAttestExample/AppCheckSecrets.xcconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig diff --git a/.gitignore b/.gitignore index 103cb405..538419c3 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,3 @@ Podfile.lock # Firebase App Check Example **/GoogleService-Info.plist -**/AppCheckSecrets.xcconfig diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig new file mode 100644 index 00000000..5be470b9 --- /dev/null +++ b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig @@ -0,0 +1,14 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + From 2a788828750052c124fe142c65379ecff89c54d9 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 14:58:16 -0700 Subject: [PATCH 11/20] Ignore xcconfig file Ignoring will help to protect from committing secrets in the future. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 538419c3..103cb405 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ Podfile.lock # Firebase App Check Example **/GoogleService-Info.plist +**/AppCheckSecrets.xcconfig From abeb0697cbd6eefd3cb7332012bd8a8750876fe3 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 17:49:54 -0700 Subject: [PATCH 12/20] Update secrets file to be ignored json Also update AppCheckSecretsReader to work with new json file. --- .gitignore | 2 +- .../project.pbxproj | 19 ++++++++++++++++--- .../AppCheckSecretReader.swift | 11 ++++++++--- .../AppAttestExample/AppCheckSecrets.xcconfig | 14 -------------- .../Secrets/AppCheckDefaultSecrets.json | 3 +++ .../AppAttestExampleTests.swift | 2 +- 6 files changed, 29 insertions(+), 22 deletions(-) delete mode 100644 Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig create mode 100644 Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json diff --git a/.gitignore b/.gitignore index 103cb405..b6f92e01 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,4 @@ Podfile.lock # Firebase App Check Example **/GoogleService-Info.plist -**/AppCheckSecrets.xcconfig +**/AppCheckSecrets.json diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index bcf77eee..eb5fd9d3 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -9,6 +9,8 @@ /* Begin PBXBuildFile section */ 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */; }; 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73080B382AAF9F1400DEF667 /* GoogleSignIn */; }; + 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */; }; + 7345556A2AB127820068F2B0 /* AppCheckSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 734555692AB127820068F2B0 /* AppCheckSecrets.json */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */; }; 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */; }; @@ -32,7 +34,8 @@ 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = AppAttestExampleTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; - 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = AppCheckSecrets.xcconfig; sourceTree = ""; }; + 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = AppCheckDefaultSecrets.json; sourceTree = ""; }; + 734555692AB127820068F2B0 /* AppCheckSecrets.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = AppCheckSecrets.json; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BirthdayLoader.swift; sourceTree = ""; }; 73A065612A786D10007BC7FC /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; @@ -74,6 +77,15 @@ path = AppAttestExampleTests; sourceTree = ""; }; + 7345556B2AB127B00068F2B0 /* Secrets */ = { + isa = PBXGroup; + children = ( + 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */, + 734555692AB127820068F2B0 /* AppCheckSecrets.json */, + ); + path = Secrets; + sourceTree = ""; + }; 73A463F72A1C3B3400BA8528 = { isa = PBXGroup; children = ( @@ -103,7 +115,7 @@ 73A464052A1C3B3400BA8528 /* ContentView.swift */, 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */, 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */, - 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */, + 7345556B2AB127B00068F2B0 /* Secrets */, 73A065612A786D10007BC7FC /* Info.plist */, 73A464092A1C3B3500BA8528 /* Preview Content */, ); @@ -229,7 +241,9 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */, 73A4640B2A1C3B3500BA8528 /* Preview Assets.xcassets in Resources */, + 7345556A2AB127820068F2B0 /* AppCheckSecrets.json in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -304,7 +318,6 @@ }; 73A4640C2A1C3B3500BA8528 /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift index 1493d7e4..e664f576 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift +++ b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift @@ -18,6 +18,8 @@ import Foundation struct AppCheckSecretReader { private let APIKeyName = "APP_CHECK_WEB_API_KEY" + private let APIKeyResourceName = "AppCheckSecrets" + private let APIKeyExtensionName = "json" private let debugTokenName = "AppCheckDebugToken" /// Method to read the App Check debug token from the environment @@ -46,11 +48,14 @@ struct AppCheckSecretReader { /// Method for retrieving API key from the bundle during simulator or debug builds private var APIKeyFromBundle: String? { - guard let APIKey = Bundle.main.infoDictionary?[APIKeyName] as? String, - !APIKey.isEmpty else { + guard let APIKeyURL = Bundle.main.url( + forResource: APIKeyResourceName, + withExtension: APIKeyExtensionName + ), let APIKeyData = try? Data(contentsOf: APIKeyURL), + let APIKeyJSON = try? JSONDecoder().decode([String: String].self, from: APIKeyData) else { print("Failed to get \(APIKeyName) from Bundle.") return nil } - return APIKey + return APIKeyJSON[APIKeyName] } } diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig deleted file mode 100644 index 5be470b9..00000000 --- a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecrets.xcconfig +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2023 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json new file mode 100644 index 00000000..21b702c9 --- /dev/null +++ b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json @@ -0,0 +1,3 @@ +{ + "APP_CHECK_WEB_API_KEY": "" +} diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift b/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift index cc7a6130..ebdee3a4 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift +++ b/Samples/Swift/AppAttestExample/AppAttestExampleTests/AppAttestExampleTests.swift @@ -18,7 +18,7 @@ import XCTest @testable import AppAttestExample final class AppAttestExampleTests: XCTestCase { - func testThatAPIKeyCanBeReadFromEnvironment() { + func testThatAPIKeyCanBeReadFromBundleOrEnvironment() { let secretsReader = AppCheckSecretReader() XCTAssertNotNil(secretsReader.APIKey) } From 5dd81ab613dc30ac8fb3e1d282c15087ae845bb1 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 18:05:58 -0700 Subject: [PATCH 13/20] Update AppAttestExample README --- .../project.pbxproj | 3 -- Samples/Swift/AppAttestExample/README.md | 51 +++++++++++++++++++ 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj index 4751a83f..c2e244b2 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj @@ -20,7 +20,6 @@ 4728D878D216B7D622E237DA /* Pods_AppAttestExampleForPod.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_AppAttestExampleForPod.framework; sourceTree = BUILT_PRODUCTS_DIR; }; 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; - 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = AppCheckSecrets.xcconfig; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BirthdayLoader.swift; sourceTree = ""; }; 73A065612A786D10007BC7FC /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; @@ -93,7 +92,6 @@ 73A464052A1C3B3400BA8528 /* ContentView.swift */, 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */, 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */, - 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */, 73A065612A786D10007BC7FC /* Info.plist */, 73A464092A1C3B3500BA8528 /* Preview Content */, ); @@ -241,7 +239,6 @@ /* Begin XCBuildConfiguration section */ 73A4640C2A1C3B3500BA8528 /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 738B4A302AA7EB840056885D /* AppCheckSecrets.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; diff --git a/Samples/Swift/AppAttestExample/README.md b/Samples/Swift/AppAttestExample/README.md index e69de29b..88182db3 100644 --- a/Samples/Swift/AppAttestExample/README.md +++ b/Samples/Swift/AppAttestExample/README.md @@ -0,0 +1,51 @@ +# Google Sign-In with Firebase App Check Sample App + +## CocoaPods + +1. In the `../Samples/Swift/AppAttestExample/` folder, run the following +[CocoaPods](https://cocoapods.org) command. + +``` +pod install +``` + +2. Open the generated workspace: + +``` +open AppAttestExample.xcworkspace +``` + +3. Run the `AppAttestExampleForPod` target. + +## Swift Package Manager + +1. In the `../Samples/Swift/AppAttestExample/` folder, open the project: + +``` +open AppAttestExample.xcodeproj +``` +2. Run the `AppAttestExample` target. + +## A Note on Provisioning Profiles + +You will need a provisioning profile with the App Attest entitlement. + +## Hiding Secrets + +This example app shows how you might hide your web API key and debug token +(used during CI). Inside the `Secrets/` directory, we show a placeholder +secrets file containing stubbed JSON data. You can make a new file to fill in +that stubbed JSON data with your web API key. Make sure to add that new file to +your `.gitignore` so that your secrets are not committed. Next, update +`AppCheckSecretsReader.swift` to read your file. + +## Integration Tests + +We should how you might hide your app's web API key and debug token when +running locally and in CI environments. See GitHub's +[secrets](https://docs.github.com/en/actions/learn-github-actions/contexts#secrets-context) +documentation for how you might set those values in your repo. + +Locally, both the web API key and the debug token need to be passed to +`xcodebuild` as arguments: +`xcodebuild APP_CHECK_WEB_API_KEY=... AppCheckDebugToken=...`. From 9be37b4c9750816c1d21b000d01563412d90f7ab Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 18:28:59 -0700 Subject: [PATCH 14/20] Update AppAttestExampleForPod to include secrets folder --- .../project.pbxproj | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj index c2e244b2..a951a7e8 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExampleForPod.xcodeproj/project.pbxproj @@ -7,6 +7,8 @@ objects = { /* Begin PBXBuildFile section */ + 7345556F2AB142B40068F2B0 /* AppCheckDefaultSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 7345556D2AB142B40068F2B0 /* AppCheckDefaultSecrets.json */; }; + 734555702AB142B40068F2B0 /* AppCheckSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 7345556E2AB142B40068F2B0 /* AppCheckSecrets.json */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */; }; 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */; }; @@ -20,6 +22,8 @@ 4728D878D216B7D622E237DA /* Pods_AppAttestExampleForPod.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_AppAttestExampleForPod.framework; sourceTree = BUILT_PRODUCTS_DIR; }; 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; + 7345556D2AB142B40068F2B0 /* AppCheckDefaultSecrets.json */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.json; path = AppCheckDefaultSecrets.json; sourceTree = ""; }; + 7345556E2AB142B40068F2B0 /* AppCheckSecrets.json */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.json; path = AppCheckSecrets.json; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BirthdayLoader.swift; sourceTree = ""; }; 73A065612A786D10007BC7FC /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; @@ -64,6 +68,15 @@ path = AppAttestExampleTests; sourceTree = ""; }; + 7345556C2AB142B40068F2B0 /* Secrets */ = { + isa = PBXGroup; + children = ( + 7345556D2AB142B40068F2B0 /* AppCheckDefaultSecrets.json */, + 7345556E2AB142B40068F2B0 /* AppCheckSecrets.json */, + ); + path = Secrets; + sourceTree = ""; + }; 73A463F72A1C3B3400BA8528 = { isa = PBXGroup; children = ( @@ -92,6 +105,7 @@ 73A464052A1C3B3400BA8528 /* ContentView.swift */, 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */, 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */, + 7345556C2AB142B40068F2B0 /* Secrets */, 73A065612A786D10007BC7FC /* Info.plist */, 73A464092A1C3B3500BA8528 /* Preview Content */, ); @@ -174,7 +188,9 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( + 7345556F2AB142B40068F2B0 /* AppCheckDefaultSecrets.json in Resources */, 73A4640B2A1C3B3500BA8528 /* Preview Assets.xcassets in Resources */, + 734555702AB142B40068F2B0 /* AppCheckSecrets.json in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; From 245aa434319c9baa30ad7e3a5dc9fb965cb1367c Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 18:35:10 -0700 Subject: [PATCH 15/20] Remove AppCheckSecrets.json --- .../AppAttestExample.xcodeproj/project.pbxproj | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index eb5fd9d3..6bce5300 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -10,7 +10,6 @@ 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */; }; 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73080B382AAF9F1400DEF667 /* GoogleSignIn */; }; 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */; }; - 7345556A2AB127820068F2B0 /* AppCheckSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 734555692AB127820068F2B0 /* AppCheckSecrets.json */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */; }; 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */; }; @@ -35,7 +34,6 @@ 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = AppCheckDefaultSecrets.json; sourceTree = ""; }; - 734555692AB127820068F2B0 /* AppCheckSecrets.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = AppCheckSecrets.json; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BirthdayLoader.swift; sourceTree = ""; }; 73A065612A786D10007BC7FC /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; @@ -81,7 +79,6 @@ isa = PBXGroup; children = ( 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */, - 734555692AB127820068F2B0 /* AppCheckSecrets.json */, ); path = Secrets; sourceTree = ""; @@ -243,7 +240,6 @@ files = ( 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */, 73A4640B2A1C3B3500BA8528 /* Preview Assets.xcassets in Resources */, - 7345556A2AB127820068F2B0 /* AppCheckSecrets.json in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; From 81f7089cd112f866bb7b690dc2c558b569c8e2aa Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 12 Sep 2023 21:06:37 -0700 Subject: [PATCH 16/20] Use .xcconfig for secrets file and leave empty Instructions are also added to the README.md to help readers set things up. --- .../AppAttestExample.xcodeproj/project.pbxproj | 7 +++---- .../AppAttestExample/AppCheckSecretReader.swift | 10 +++------- .../Secrets/AppCheckDefaultSecrets.json | 3 --- .../Secrets/AppCheckDefaultSecrets.xcconfig | 16 ++++++++++++++++ Samples/Swift/AppAttestExample/README.md | 17 ++++++++++++----- 5 files changed, 34 insertions(+), 19 deletions(-) delete mode 100644 Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json create mode 100644 Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj index 6bce5300..2309bd41 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/project.pbxproj @@ -9,7 +9,6 @@ /* Begin PBXBuildFile section */ 73080B2B2AAF9BDE00DEF667 /* AppAttestExampleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */; }; 73080B392AAF9F1400DEF667 /* GoogleSignIn in Frameworks */ = {isa = PBXBuildFile; productRef = 73080B382AAF9F1400DEF667 /* GoogleSignIn */; }; - 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */ = {isa = PBXBuildFile; fileRef = 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */; }; 738B4A322AA8FE800056885D /* AppCheckSecretReader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */; }; 738D5F732A26BC3B00A7F11B /* BirthdayLoader.swift in Sources */ = {isa = PBXBuildFile; fileRef = 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */; }; 73A464042A1C3B3400BA8528 /* AppAttestExampleApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 73A464032A1C3B3400BA8528 /* AppAttestExampleApp.swift */; }; @@ -33,7 +32,7 @@ 73080B282AAF9BDE00DEF667 /* AppAttestExampleTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = AppAttestExampleTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; 73080B2A2AAF9BDE00DEF667 /* AppAttestExampleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppAttestExampleTests.swift; sourceTree = ""; }; 73443A232A55F56900A4932E /* AppAttestExample.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = AppAttestExample.entitlements; sourceTree = ""; }; - 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */ = {isa = PBXFileReference; lastKnownFileType = text.json; path = AppCheckDefaultSecrets.json; sourceTree = ""; }; + 734555752AB167B80068F2B0 /* AppCheckDefaultSecrets.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = AppCheckDefaultSecrets.xcconfig; sourceTree = ""; }; 738B4A312AA8FE800056885D /* AppCheckSecretReader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppCheckSecretReader.swift; sourceTree = ""; }; 738D5F722A26BC3B00A7F11B /* BirthdayLoader.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BirthdayLoader.swift; sourceTree = ""; }; 73A065612A786D10007BC7FC /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; @@ -78,7 +77,7 @@ 7345556B2AB127B00068F2B0 /* Secrets */ = { isa = PBXGroup; children = ( - 734555672AB1270F0068F2B0 /* AppCheckDefaultSecrets.json */, + 734555752AB167B80068F2B0 /* AppCheckDefaultSecrets.xcconfig */, ); path = Secrets; sourceTree = ""; @@ -238,7 +237,6 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( - 734555682AB1270F0068F2B0 /* AppCheckDefaultSecrets.json in Resources */, 73A4640B2A1C3B3500BA8528 /* Preview Assets.xcassets in Resources */, ); runOnlyForDeploymentPostprocessing = 0; @@ -314,6 +312,7 @@ }; 73A4640C2A1C3B3500BA8528 /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = 734555752AB167B80068F2B0 /* AppCheckDefaultSecrets.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_ANALYZER_NONNULL = YES; diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift index e664f576..76585bf0 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift +++ b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift @@ -48,14 +48,10 @@ struct AppCheckSecretReader { /// Method for retrieving API key from the bundle during simulator or debug builds private var APIKeyFromBundle: String? { - guard let APIKeyURL = Bundle.main.url( - forResource: APIKeyResourceName, - withExtension: APIKeyExtensionName - ), let APIKeyData = try? Data(contentsOf: APIKeyURL), - let APIKeyJSON = try? JSONDecoder().decode([String: String].self, from: APIKeyData) else { - print("Failed to get \(APIKeyName) from Bundle.") + guard let APIKey = Bundle.main.object(forInfoDictionaryKey: APIKeyName) as? String else { + print("Failed to get \(APIKeyName) from environment.") return nil } - return APIKeyJSON[APIKeyName] + return APIKey } } diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json deleted file mode 100644 index 21b702c9..00000000 --- a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "APP_CHECK_WEB_API_KEY": "" -} diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig new file mode 100644 index 00000000..cc90c1dc --- /dev/null +++ b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig @@ -0,0 +1,16 @@ +// +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +APP_CHECK_WEB_API_KEY= diff --git a/Samples/Swift/AppAttestExample/README.md b/Samples/Swift/AppAttestExample/README.md index 88182db3..21f97d11 100644 --- a/Samples/Swift/AppAttestExample/README.md +++ b/Samples/Swift/AppAttestExample/README.md @@ -33,11 +33,18 @@ You will need a provisioning profile with the App Attest entitlement. ## Hiding Secrets This example app shows how you might hide your web API key and debug token -(used during CI). Inside the `Secrets/` directory, we show a placeholder -secrets file containing stubbed JSON data. You can make a new file to fill in -that stubbed JSON data with your web API key. Make sure to add that new file to -your `.gitignore` so that your secrets are not committed. Next, update -`AppCheckSecretsReader.swift` to read your file. +(used during CI; AppCheckCore manages the debug token running locally in the +simulator). Both of these are required. Inside the `Secrets/` directory, we +include a placeholder secrets entitled `AppCheckDefaultSecrets.xcconfig`. We +have also set that as a configuration file for the project as well, which means +that it will be used to find the web API key during debug builds on the +simulator (for example). You can either make a new file to fill in the stubbed +data in `AppCheckDefaultSecrets.xcconfig` (which will require that you update +where the projects finds its configurations), or you can fill in the data in + +In builds running under continuous integration, make sure to use environment +variables and `AppCheckSecretReader.swift` will find your web API key and debug +token if you provide them to your `xcodebuild` command. ## Integration Tests From f05194f60baf6bd15f97b06268205bfb069ef5de Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Wed, 13 Sep 2023 12:32:18 -0700 Subject: [PATCH 17/20] Add some clarification around secrets in REAMDME and config --- .gitignore | 1 - .../Secrets/AppCheckDefaultSecrets.xcconfig | 2 ++ Samples/Swift/AppAttestExample/README.md | 14 ++++++++------ 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index b6f92e01..538419c3 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,3 @@ Podfile.lock # Firebase App Check Example **/GoogleService-Info.plist -**/AppCheckSecrets.json diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig index cc90c1dc..04fed6dc 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig +++ b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig @@ -13,4 +13,6 @@ // See the License for the specific language governing permissions and // limitations under the License. +// Add your API key below when running locally; +// Do not commit this change or the API key will be tracked by Git APP_CHECK_WEB_API_KEY= diff --git a/Samples/Swift/AppAttestExample/README.md b/Samples/Swift/AppAttestExample/README.md index 21f97d11..6a9ecb90 100644 --- a/Samples/Swift/AppAttestExample/README.md +++ b/Samples/Swift/AppAttestExample/README.md @@ -35,12 +35,14 @@ You will need a provisioning profile with the App Attest entitlement. This example app shows how you might hide your web API key and debug token (used during CI; AppCheckCore manages the debug token running locally in the simulator). Both of these are required. Inside the `Secrets/` directory, we -include a placeholder secrets entitled `AppCheckDefaultSecrets.xcconfig`. We -have also set that as a configuration file for the project as well, which means -that it will be used to find the web API key during debug builds on the -simulator (for example). You can either make a new file to fill in the stubbed -data in `AppCheckDefaultSecrets.xcconfig` (which will require that you update -where the projects finds its configurations), or you can fill in the data in +include a placeholder file entitled `AppCheckDefaultSecrets.xcconfig`. We have +also set that as a configuration file for the project, which means that it will +be used to find the web API key during debug builds on the simulator (for +example). You can either make a new file to fill in the stubbed data in +`AppCheckDefaultSecrets.xcconfig` (which will require that you update where the +projects finds its configurations), or you can add your API key there yourself. +Do make sure that you do not commit this API key, or you will risk exposing +this information on your repository. In builds running under continuous integration, make sure to use environment variables and `AppCheckSecretReader.swift` will find your web API key and debug From 2b434f6364bb50d431ae3fb4d549426d2d9e9107 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Wed, 13 Sep 2023 13:26:33 -0700 Subject: [PATCH 18/20] Remove comment from config These comments were added, and then the integration test started to fail in CI... --- .../AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig index 04fed6dc..cc90c1dc 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig +++ b/Samples/Swift/AppAttestExample/AppAttestExample/Secrets/AppCheckDefaultSecrets.xcconfig @@ -13,6 +13,4 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Add your API key below when running locally; -// Do not commit this change or the API key will be tracked by Git APP_CHECK_WEB_API_KEY= From d9eb6c48bdb4328ff60ce6d1a12afccbf9c72f77 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Wed, 13 Sep 2023 15:17:34 -0700 Subject: [PATCH 19/20] Add empty string check to reading API key --- .../AppAttestExample/AppCheckSecretReader.swift | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift index 76585bf0..83059278 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift +++ b/Samples/Swift/AppAttestExample/AppAttestExample/AppCheckSecretReader.swift @@ -48,7 +48,8 @@ struct AppCheckSecretReader { /// Method for retrieving API key from the bundle during simulator or debug builds private var APIKeyFromBundle: String? { - guard let APIKey = Bundle.main.object(forInfoDictionaryKey: APIKeyName) as? String else { + guard let APIKey = Bundle.main.object(forInfoDictionaryKey: APIKeyName) as? String, + !APIKey.isEmpty else { print("Failed to get \(APIKeyName) from environment.") return nil } From 891d5d86e37ed74b5d5404a5f22120294ed652c6 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Wed, 13 Sep 2023 15:19:53 -0700 Subject: [PATCH 20/20] Fix typo --- Samples/Swift/AppAttestExample/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Samples/Swift/AppAttestExample/README.md b/Samples/Swift/AppAttestExample/README.md index 6a9ecb90..a3b53404 100644 --- a/Samples/Swift/AppAttestExample/README.md +++ b/Samples/Swift/AppAttestExample/README.md @@ -50,7 +50,7 @@ token if you provide them to your `xcodebuild` command. ## Integration Tests -We should how you might hide your app's web API key and debug token when +We show how you might hide your app's web API key and debug token when running locally and in CI environments. See GitHub's [secrets](https://docs.github.com/en/actions/learn-github-actions/contexts#secrets-context) documentation for how you might set those values in your repo.