.

2026-04-10 03:07:22 +02:00 · 2025-09-03 00:32:25 -07:00
11 changed files with 132 additions and 81 deletions
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -3,16 +3,10 @@ name: Nightly
 on: 
  schedule: 
    - cron: "0 8 * * *"
-  workflow_dispatch:
-  
 jobs:
  build:
 #     runs-on: macOS-latest
    runs-on: macos-15
-    permissions:
-      id-token: write
-      contents: write
-      attestations: write
    timeout-minutes: 10
    steps:
    - uses: actions/checkout@v5
@@ -36,23 +30,22 @@ jobs:
            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf
    - name: Build
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Create ZIP
+    - name: Create ZIPs
      run: |
            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
+            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive.zip
-        path: Secretive.zip
    - name: Attest
      id: attest
      uses: actions/attest-build-provenance@v2
      with:
-        subject-name: "Secretive.zip"
-        subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
+        subject-path: 'Secretive.zip'
+    - name: Upload App to Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive.zip
+        path: Secretive.zip
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -56,34 +56,39 @@ jobs:
            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Secretive/Credits.rtf
    - name: Build
      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
-    - name: Create ZIP
+    - name: Create ZIPs
      run: |
            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip
+            ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Xcode_Archive.zip
    - name: Notarize
      env: 
        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
-    - name: Upload App to Artifacts
-      id: upload
-      uses: actions/upload-artifact@v4
-      with:
-        name: Secretive.zip
-        path: Secretive.zip
    - name: Attest
      id: attest
      uses: actions/attest-build-provenance@v2
      with:
-        subject-name: "Secretive.zip"
-        subject-digest: ${{ steps.upload.outputs.artifact-digest }}
+        subject-path: 'Secretive.zip, Xcode_Archive.zip'
    - name: Create Release
      run: |
            sed -i.tmp "s/RUN_ID/$RUN_ID/g" .github/templates/release.md
            sed -i.tmp "s/ATTESTATION_ID/$ATTESTATION_ID/g" .github/templates/release.md
            gh release create $TAG_NAME -d -F .github/templates/release.md
            gh release upload Secretive.zip
+            gh release upload Xcode_Archive.zip
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        TAG_NAME: ${{ github.ref }}
        RUN_ID: ${{ github.run_id }}
        ATTESTATION_ID: ${{ steps.attest.outputs.attestation-id }}
+    - name: Upload App to Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive.zip
+        path: Secretive.zip
+    - name: Upload Archive to Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: Xcode_Archive.zip
+        path: Xcode_Archive.zip
--- a/Sources/Packages/Resources/Localizable.xcstrings
+++ b/Sources/Packages/Resources/Localizable.xcstrings
@@ -3403,6 +3403,28 @@
        }
      }
    },
+    "integrations_public_key_path_placeholder" : {
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "YOUR_PUBLIC_KEY_PATH"
+          }
+        }
+      }
+    },
+    "integrations_public_key_placeholder" : {
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "YOUR_PUBLIC_KEY"
+          }
+        }
+      }
+    },
    "integrations_shell_section_title" : {
      "extractionState" : "manual",
      "localizations" : {
@@ -5347,6 +5369,18 @@
        }
      }
    },
+    "translationCredits" : {
+      "comment" : "Translated Into Language By\nFirst Translator, Second Translator, Third Translator",
+      "extractionState" : "manual",
+      "localizations" : {
+        "en" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : " "
+          }
+        }
+      }
+    },
    "unnamed_secret" : {
      "extractionState" : "manual",
      "localizations" : {
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift
@@ -30,7 +30,7 @@ extension SecureEnclave {
            SecItemCopyMatching(privateAttributes, &privateUntyped)
            guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return }
            let migratedPublicKeys = Set(store.secrets.map(\.publicKey))
-            var migratedAny = false
+            var migrated = false
            for key in privateTyped {
                let name = key[kSecAttrLabel] as? String ?? String(localized: .unnamedSecret)
                let id = key[kSecAttrApplicationLabel] as! Data
@@ -45,7 +45,6 @@ extension SecureEnclave {
                // Best guess.
                let auth: AuthenticationRequirement = String(describing: accessControl)
                    .contains("DeviceOwnerAuthentication") ? .presenceRequired : .unknown
-                do {
                let parsed = try CryptoKit.SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: tokenObjectID)
                let secret = Secret(id: UUID().uuidString, name: name, publicKey: parsed.publicKey.x963Representation, attributes: Attributes(keyType: .init(algorithm: .ecdsa, size: 256), authentication: auth))
                guard !migratedPublicKeys.contains(parsed.publicKey.x963Representation) else {
@@ -57,12 +56,9 @@ extension SecureEnclave {
                try store.saveKey(tokenObjectID, name: name, attributes: secret.attributes)
                logger.log("Migrated \(name).")
                try markMigrated(secret: secret, oldID: id)
-                    migratedAny = true
-                } catch {
-                    logger.error("Failed to migrate \(name): \(error).")
+                migrated = true
            }
-            }
-            if migratedAny {
+            if migrated {
                store.reloadSecrets()
            }
        }
--- a/Sources/Secretive/Views/Secrets/CreateSecretView.swift
+++ b/Sources/Secretive/Views/Secrets/CreateSecretView.swift
@@ -146,6 +146,6 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {

 }

-//#Preview {
-//    CreateSecretView(store: Preview.StoreModifiable()) { _ in }
-//}
+#Preview {
+    CreateSecretView(store: Preview.StoreModifiable()) { _ in }
+}
--- a/Sources/Secretive/Views/Secrets/EmptyStoreView.swift
+++ b/Sources/Secretive/Views/Secrets/EmptyStoreView.swift
@@ -57,10 +57,15 @@ struct EmptyStoreModifiableView: View {
    }
 }

+#if DEBUG

-#Preview {
+struct EmptyStoreModifiableView_Previews: PreviewProvider {
+    static var previews: some View {
+        Group {
            EmptyStoreImmutableView()
-}
-#Preview {
            EmptyStoreModifiableView()
+        }
+    }
 }
+
+#endif
--- a/Sources/Secretive/Views/Secrets/NoStoresView.swift
+++ b/Sources/Secretive/Views/Secrets/NoStoresView.swift
@@ -13,7 +13,12 @@ struct NoStoresView: View {
    
 }

-#Preview {
+#if DEBUG
+
+struct NoStoresView_Previews: PreviewProvider {
+    static var previews: some View {
        NoStoresView()
+    }
 }

+#endif
--- a/Sources/Secretive/Views/Secrets/SecretDetailView.swift
+++ b/Sources/Secretive/Views/Secrets/SecretDetailView.swift
@@ -37,6 +37,6 @@ struct SecretDetailView<SecretType: Secret>: View {

 }

-//#Preview {
-//    SecretDetailView(secret: Preview.Secret(name: "Demonstration Secret"))
-//}
+#Preview {
+    SecretDetailView(secret: Preview.Secret(name: "Demonstration Secret"))
+}
--- a/Sources/Secretive/Views/Views/AgentStatusView.swift
+++ b/Sources/Secretive/Views/Views/AgentStatusView.swift
@@ -143,11 +143,11 @@ struct AgentNotRunningView: View {

 }

-//#Preview {
-//    AgentStatusView()
-//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: false))
-//}
-//#Preview {
-//    AgentStatusView()
-//        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: true, process: .current))
-//}
+#Preview {
+    AgentStatusView()
+        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: false))
+}
+#Preview {
+    AgentStatusView()
+        .environment(\.agentStatusChecker, PreviewAgentStatusChecker(running: true, process: .current))
+}
--- a/Sources/Secretive/Views/Views/ContentView.swift
+++ b/Sources/Secretive/Views/Views/ContentView.swift
@@ -198,17 +198,25 @@ extension ContentView {

 }

+#if DEBUG
+
+struct ContentView_Previews: PreviewProvider {
+
+    static var previews: some View {
+        Group {
+            // Empty on modifiable and nonmodifiable
+            ContentView(showingCreation: .constant(false), runningSetup: .constant(false), hasRunSetup: .constant(true))
+                .environment(Preview.storeList(stores: [Preview.Store(numberOfRandomSecrets: 0)], modifiableStores: [Preview.StoreModifiable(numberOfRandomSecrets: 0)]))
+                .environment(PreviewUpdater())
+
+            // 5 items on modifiable and nonmodifiable
+            ContentView(showingCreation: .constant(false), runningSetup: .constant(false), hasRunSetup: .constant(true))
+                .environment(Preview.storeList(stores: [Preview.Store()], modifiableStores: [Preview.StoreModifiable()]))
+                .environment(PreviewUpdater())
+        }
+
+    }
+}
+
+#endif

-//#Preview {
-//    // Empty on modifiable and nonmodifiable
-//    ContentView(showingCreation: .constant(false), runningSetup: .constant(false), hasRunSetup: .constant(true))
-//        .environment(Preview.storeList(stores: [Preview.Store(numberOfRandomSecrets: 0)], modifiableStores: [Preview.StoreModifiable(numberOfRandomSecrets: 0)]))
-//        .environment(PreviewUpdater())
-//}
-//
-//#Preview {
-//    // 5 items on modifiable and nonmodifiable
-//    ContentView(showingCreation: .constant(false), runningSetup: .constant(false), hasRunSetup: .constant(true))
-//        .environment(Preview.storeList(stores: [Preview.Store()], modifiableStores: [Preview.StoreModifiable()]))
-//        .environment(PreviewUpdater())
-//}
--- a/Sources/Secretive/Views/Views/CopyableView.swift
+++ b/Sources/Secretive/Views/Views/CopyableView.swift
@@ -163,12 +163,17 @@ fileprivate struct BackgroundViewModifier: ViewModifier {
    
 }

-#Preview {
+#if DEBUG
+
+struct CopyableView_Previews: PreviewProvider {
+    static var previews: some View {
+        Group {
            CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "figure.wave"), text: "Hello world.")
                .padding()
-}
-
-#Preview {
            CopyableView(title: .secretDetailSha256FingerprintLabel, image: Image(systemName: "figure.wave"), text: "Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. Long text. ")
                .padding()
+        }
+    }
 }
+
+#endif