Improve error handling for invalid App Store Connect API keys (#381)

codemagic-ci-cd · Dec 14, 2023 · 8987087 · 8987087
1 parent a3688de
commit 8987087
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+Version 0.48.1
+-------------
+
+**Bugfixes**
+- Fix error handling for invalid App Store Connect API private keys for `app-store-connect` actions. [PR #381](https://github.com/codemagic-ci-cd/cli-tools/pull/381)
+
 Version 0.48.0
 -------------
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "codemagic-cli-tools"
-version = "0.48.0"
+version = "0.48.1"
 description = "CLI tools used in Codemagic builds"
 readme = "README.md"
 authors = [

diff --git a/src/codemagic/__version__.py b/src/codemagic/__version__.py
@@ -1,5 +1,5 @@
 __title__ = "codemagic-cli-tools"
 __description__ = "CLI tools used in Codemagic builds"
-__version__ = "0.48.0.dev"
+__version__ = "0.48.1.dev"
 __url__ = "https://github.com/codemagic-ci-cd/cli-tools"
 __licence__ = "GNU General Public License v3.0"
diff --git a/src/codemagic/tools/app_store_connect.py b/src/codemagic/tools/app_store_connect.py
@@ -21,6 +21,8 @@
 from typing import Union
 from typing import cast
 
+import jwt
+
 from codemagic import cli
 from codemagic.apple import AppStoreConnectApiError
 from codemagic.apple.app_store_connect import AppStoreConnectApiClient
@@ -49,6 +51,7 @@
 from codemagic.models import Certificate
 from codemagic.models import PrivateKey
 from codemagic.models import ProvisioningProfile
+from codemagic.utilities import log
 from codemagic.utilities import versions
 
 from ._app_store_connect.action_groups import AppsActionGroup
@@ -228,12 +231,33 @@ def _resolve_app_store_connect_private_key(self):
         else:
             raise ValueError()
 
+    def _validate_api_client_key(self, client: AppStoreConnectApiClient):
+        """
+        When running from a CLI context, ensure that App Store Connect API client is using valid
+        private key for JWT generation. In case of invalid key exit with descriptive argument error.
+        """
+
+        if not self.is_cli_invocation():
+            return
+
+        try:
+            client.generate_auth_headers()
+        except jwt.InvalidKeyError:
+            log.get_file_logger(self.__class__).exception("Invalid App Store Connect API key")
+            asc_docs_base_url = "https://developer.apple.com/documentation/appstoreconnectapi"
+            error_message = (
+                "Invalid App Store Connect API key. Make sure to use the private API key downloaded from "
+                "App Store Connect. Read more about creating App Store Connect API keys from "
+                f"{asc_docs_base_url}/creating_api_keys_for_app_store_connect_api"
+            )
+            AppStoreConnectArgument.PRIVATE_KEY.raise_argument_error(error_message)
+
     @lru_cache(1)
     def _get_api_client(self) -> AppStoreConnectApiClient:
         assert self._key_identifier is not None
         assert self._issuer_id is not None
         assert self._private_key is not None
-        return AppStoreConnectApiClient(
+        client = AppStoreConnectApiClient(
             self._key_identifier,
             self._issuer_id,
             self._private_key,
@@ -242,6 +266,8 @@ def _get_api_client(self) -> AppStoreConnectApiClient:
             server_error_retries=self._server_error_retries,
             enable_jwt_cache=self._enable_jwt_cache,
         )
+        self._validate_api_client_key(client)
+        return client
 
     @property
     def api_client(self) -> AppStoreConnectApiClient: