feat(cli): Android onboarding - verify app exists in Play Store (apps:search + Trapeze rename)#2443
Draft
WcaleNieWolny wants to merge 17 commits into
Draft
feat(cli): Android onboarding - verify app exists in Play Store (apps:search + Trapeze rename)#2443WcaleNieWolny wants to merge 17 commits into
WcaleNieWolny wants to merge 17 commits into
Conversation
…loper Reporting API (apps:search, OAuth-only)
…le create-app (Path B)
…pload is documented; apps:search Draft-app visibility is UNVERIFIED
…s (fastlane/terraform/gradle-play-publisher); Path B is inform-only
…HIGH); first upload likely API-able as draft (fastlane #18293, MEDIUM)
…e_status to draft (fastlaneTemplateAndroid.ts:447)
… research appendix)
…ilent build.gradle rewrite)
…reconcile + rename helpers (+ tests)
… reconcile + picker + degrade)
…Android app-verify
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| assert.equal(calls.length, 1) | ||
| // Bearer auth + the pageSize query are wired correctly. | ||
| assert.equal(calls[0].init.headers.Authorization, 'Bearer tok') | ||
| assert.ok(calls[0].url.includes('playdeveloperreporting.googleapis.com')) |
Contributor
Merging this PR will not alter performance
Comparing 
Footnotes
|
- parseAppsSearchResponse: drop rows missing packageName (the reconcile join key) so a malformed Play row can never spuriously exact-match an empty Gradle id; reconcileAndroidApp gets a matching empty-id guard - add verifyAsyncEpochRef generation counter: render-scope async ops (startRename/doRename/recheckBuildId/recheckCreateApp/openCreatePlayConsole) bail before state writes when the step leaves the verify family or the component unmounts (they can't see the step effect's cancelled flag) - await-studio-confirm: fail honestly if the rename workspace ref was lost instead of running node rename.mjs against '' - reset packageLoadedRef on step leave so Path A Back / Path B routes re-detect Gradle ids + re-fetch Play apps (a failed rename may have changed build.gradle); 'Continue anyway' pins the plain picker so it can't bounce back to create-app - doRename/recheckBuildId read Play apps via verifyPlayAppsRef (stale closure snapshot during long npm-install/cap-sync) - tests: parser drop rule + empty-id reconcile edges
Google's consent page words playdeveloperreporting as 'see metrics and data about the apps in your Google Play Developer account' — unexplained, that reads like analytics snooping. Add a third bullet to the sign-in screen (it lists 'the two access requests' no more) and a matching learn-more Q&A; tighten the other learn-more answers to stay within the 80x49 Android min-size floor (was already at exactly 49 rows).
…list scope was skipped The loopback success page now lists declined OPTIONAL scopes with a human blurb (decoding Google's 'see metrics and data' wording) and what degrades — right where the decline just happened. Required-scope misses keep the existing blocking scopeMissingHtml/MissingScopesError path. New exported splitMissingScopes(granted, scopes, requiredScopes) does the split (+ tests); the CLI status stream also gets a one-line note so the later 'verification skipped' warning isn't a surprise.
…package that isn't a real Play app
The SA invite grants per-package (developers/{id}/users grants[].packageName)
and Google 400s INVALID_ARGUMENT on a package that doesn't exist, so picking a
build id that apps:search doesn't list was a guaranteed failure. Close every
leak on the verified generate path:
- enriched picker: gradle-id options annotated with Play status (✓ in Play /
⚠ not on Play yet); picking one not in apps:search routes to create-app
instead of advancing into a doomed provision
- manual entry: a typed package not in apps:search routes to create-app
(import/degraded path unchanged — it has no apps list + already warns)
- Path B create-app: removed 'Continue anyway' (both variants) — on the
generate path you genuinely cannot proceed until the app exists; it's now a
real gate (create → re-check → auto-advance), with Back to pick a different app
- safety net: the gcp-setup SA-invite catch turns Google's raw 'packages are
not available' 400 into an actionable 'create the app first' message for the
import/degraded path
result: picking a non-existent build id can no longer 400 the SA invite.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an Android app-existence check to the CLI onboarding flow. When a user selects an Android package, the CLI now verifies whether the app already exists in the Play Store and reconciles the local config against what Google reports.
apps:search, OAuth-only) to list the developer's apps.PRODUCT_BUNDLE_IDENTIFIER/ package id (never a silentbuild.gradlerewrite).apps:search, reconcile, rename helpers) are extracted with unit tests.Docs
Verification status
ALL GREEN (typecheck + lint + build + tests pass).
Deferred / follow-ups
playdeveloperreportingscope to the PREPROD/private/config/builderscopes[]and test viaCAPGO_BUILDER_CONFIG_URL. Prod degrades gracefully until the scope is added.apps:searchreturns Draft (not-yet-published) apps; this is currently UNVERIFIED.There are 6 remaining non-blocking review findings (none blocking merge).