add privateKey support for release-cordova (#524)

afoo · ruslan-bikkinin · commit 553d4278ca52 · 2017-11-09T17:05:45.000+03:00
* add privateKey support for release-cordova

* Remove redundant warnings

* Fix possible inclusion of signature to update when it shouldn't be

* Add warning in case of cli couldn't delete redundate signature file

* Extract deletion of previous signature into method

* Minor refactor
diff --git a/cli/script/command-parser.ts b/cli/script/command-parser.ts
@@ -398,7 +398,7 @@ var argv = yargs.usage(USAGE_PREFIX + " <command>")
             .option("description", { alias: "des", default: null, demand: false, description: "Description of the changes made to the app in this release", type: "string" })
             .option("disabled", { alias: "x", default: false, demand: false, description: "Specifies whether this release should be immediately downloadable", type: "boolean" })
             .option("mandatory", { alias: "m", default: false, demand: false, description: "Specifies whether this release should be considered mandatory", type: "boolean" })
-            .option("privateKeyPath", { alias: "k", default: false, demand: false, description: "Specifies the location of a RSA private key to sign the release with. " + chalk.yellow("NOTICE:") + " use it for react native applications only, client SDK on other platforms will be ignoring signature verification for now!", type: "string" })
+            .option("privateKeyPath", { alias: "k", default: false, demand: false, description: "Specifies the location of a RSA private key to sign the release with", type: "string" })
             .option("noDuplicateReleaseError", { default: false, demand: false, description: "When this flag is set, releasing a package that is identical to the latest release will produce a warning instead of an error", type: "boolean" })
             .option("rollout", { alias: "r", default: "100%", demand: false, description: "Percentage of users this release should be available to", type: "string" })
             .check((argv: any, aliases: { [aliases: string]: string }): any => { return checkValidReleaseOptions(argv); });
@@ -416,6 +416,7 @@ var argv = yargs.usage(USAGE_PREFIX + " <command>")
             .option("description", { alias: "des", default: null, demand: false, description: "Description of the changes made to the app in this release", type: "string" })
             .option("disabled", { alias: "x", default: false, demand: false, description: "Specifies whether this release should be immediately downloadable", type: "boolean" })
             .option("mandatory", { alias: "m", default: false, demand: false, description: "Specifies whether this release should be considered mandatory", type: "boolean" })
+            .option("privateKeyPath", { alias: "k", default: false, demand: false, description: "Specifies the location of a RSA private key to sign the release with", type: "string" })
             .option("noDuplicateReleaseError", { default: false, demand: false, description: "When this flag is set, releasing a package that is identical to the latest release will produce a warning instead of an error", type: "boolean" })
             .option("rollout", { alias: "r", default: "100%", demand: false, description: "Percentage of users this release should be immediately available to", type: "string" })
             .option("targetBinaryVersion", { alias: "t", default: null, demand: false, description: "Semver expression that specifies the binary app version(s) this release is targeting (e.g. 1.1.0, ~1.2.3). If omitted, the release will target the exact version specified in the config.xml file.", type: "string" })
@@ -831,6 +832,7 @@ function createCommand(): cli.ICommand {
                     releaseCordovaCommand.rollout = getRolloutValue(argv["rollout"]);
                     releaseCordovaCommand.appStoreVersion = argv["targetBinaryVersion"];
                     releaseCordovaCommand.isReleaseBuildType = argv["isReleaseBuildType"];
+                    releaseCordovaCommand.privateKeyPath = argv["privateKeyPath"];
                 }
                 break;
 
diff --git a/cli/script/release-hooks/signing.ts b/cli/script/release-hooks/signing.ts
@@ -10,23 +10,56 @@ var rimraf = require("rimraf");
 import AccountManager = require("code-push");
 
 var CURRENT_CLAIM_VERSION: string = "1.0.0";
-var METADATA_FILE_NAME: string = ".codepushrelease"
+var METADATA_FILE_NAME: string = ".codepushrelease";
 
 interface CodeSigningClaims {
     claimVersion: string;
     contentHash: string;
 }
 
+const deletePreviousSignatureIfExists = (package: string): q.Promise<any> => {
+    let signatureFilePath: string = path.join(package, METADATA_FILE_NAME);
+    let prevSignatureExists: boolean = true;
+    try {
+        fs.accessSync(signatureFilePath, fs.R_OK);
+    } catch (err) {
+        if (err.code === "ENOENT") {
+            prevSignatureExists = false;
+        } else {
+            return q.reject(new Error(
+                `Could not delete previous release signature at ${signatureFilePath}.
+                Please, check your access rights.`)
+            );
+        }
+    }
+
+    if (prevSignatureExists) {
+        console.log(`Deleting previous release signature at ${signatureFilePath}`);
+        rimraf.sync(signatureFilePath);
+    }
+
+    return q.resolve(<void>null);
+}
+
 var sign: cli.ReleaseHook = (currentCommand: cli.IReleaseCommand, originalCommand: cli.IReleaseCommand, sdk: AccountManager): q.Promise<cli.IReleaseCommand> => {
+
     if (!currentCommand.privateKeyPath) {
-        return q.resolve<cli.IReleaseCommand>(currentCommand);
+        if (fs.lstatSync(currentCommand.package).isDirectory()) {
+            // If new update wasn't signed, but signature file for some reason still appears in the package directory - delete it
+            return deletePreviousSignatureIfExists(currentCommand.package).then(() => {
+                return q.resolve<cli.IReleaseCommand>(currentCommand); 
+            });
+        } else {
+            return q.resolve<cli.IReleaseCommand>(currentCommand); 
+        }   
     }
 
-    var privateKey: Buffer;
-    var signatureFilePath: string;
+    let privateKey: Buffer;
+    let signatureFilePath: string;
 
     return q(<void>null)
         .then(() => {
+            signatureFilePath = path.join(currentCommand.package, METADATA_FILE_NAME);
             try {
                 privateKey = fs.readFileSync(currentCommand.privateKeyPath);
             } catch (err) {
@@ -45,26 +78,9 @@ var sign: cli.ReleaseHook = (currentCommand: cli.IReleaseCommand, originalComman
                 currentCommand.package = outputFolderPath;
             }
 
-            signatureFilePath = path.join(currentCommand.package, METADATA_FILE_NAME);
-            var prevSignatureExists = true;
-            try {
-                fs.accessSync(signatureFilePath, fs.F_OK);
-            } catch (err) {
-                if (err.code === "ENOENT") {
-                    prevSignatureExists = false;
-                } else {
-                    return q.reject<string>(new Error(
-                        `Could not delete previous release signature at ${signatureFilePath}.
-                        Please, check your access rights.`)
-                    );
-                }
-            }
-
-            if (prevSignatureExists) {
-                console.log(`Deleting previous release signature at ${signatureFilePath}`);
-                rimraf.sync(signatureFilePath);
-            }
-
+            return deletePreviousSignatureIfExists(currentCommand.package);    
+        })
+        .then(() => {
             return hashUtils.generatePackageHashFromDirectory(currentCommand.package, path.join(currentCommand.package, ".."));
         })
         .then((hash: string) => {
