mergeconflict333 === [00:00:00] James: All right, Frank, let's get it outta the way. We're tooting and tweeting our way into the future. We're both on mastodon. We're just gonna get outta the way. We're there if you're a Patreon subscriber, you can hear me rant for 45 minutes. Frank heard me rant. What did you think, Frank? Uh, [00:00:24] Frank: I think if there was ever a time to become a Patreon person, this is the sell. This is the hard sell. James did have an epic rant. You really all need to hear this if it hasn't been turned into a rap video or something yet already. I [00:00:38] James: hope that it only stays in our patron subscribers. I hope I'm gonna get in trouble for anything that I said, but I have many opinions. I've been vocal on the mato about my opinions, and if you're following me there at Jameson Magno at some domain name that no one will be able to figure out, then you will have found me on the internet where I'm at. But that's not what this podcast is. About Frank, because I refuse to talk about the state of Twitter at Macon for another 45 minutes. Is that okay with you if we skip over it for this week? [00:01:09] Frank: It might be beneficial to your mental health to skip over it for the rest of this week, but I I, I would enjoy it. Repeat, so I'm just gonna have to listen to the Patreon episode on repeat. So, , what should we talk about instead if we're not gonna talk about the, uh, topic de Jo? [00:01:27] James: Well, I think that's really fascinating. This week of all topics that we could be talking about is actually the mechanisms in which we deploy our applications to the app store, and specifically signing our applications now for many a decade. Uh, if you will, , we've been developing this for way too long, for many, many a decade. Now, at this point, we have provisioning profiles and certificates, and I was just at VS. Live in Orlando. And I still got the same exact question that I got probably a decade ago, which is, what do I need to do to actually publish my application and get it onto a device for iPhones and things like that? Do I need a Mac? Do I need this thing? And the answer really hasn't changed. Yes, you still need certificates. You need provision profiles. And guess what? You need to renew those every single year. And it's kind of crazy that it hasn't adjusted. It's become so. Unanimous and so unanimous, is that the word I'm looking for? Synonymous unanimous. Uh, fantastic. Synonymous syno, that's the word. Synonymous with frustration from developers where fascinatingly enough if I toggle over to, uh, windows and, uh, Android development, I feel like it's not that situation at all as the process has. Very streamlined into the future, and it seems like you, Frank, are going through the same exact situation, uh, presently. [00:02:57] Frank: Yeah, this is, this is like part 30 of Frank finally gets his apps into ci. Hi . Welcome back. Great. Yeah, . Um, so I've put a lot of effort into all my iOS and Mac apps getting built and not just built because yeah, CI is. Easy. It's the CD that's hard. It's signing your app, getting 'em uploaded to the right place and all that stuff. And you inflicted this curse on me. Um, this little nagging idea that all my apps should be a C I cd. And in the long run it's great because when you upload code, you know whether you're broke. Something, it's very obvious and you can deploy anytime you want. You can push out versions anytime you want. However, the road has not been super simple, and I never actually got around to doing the Android versions of my apps, and I had a lot of experience with the iOS. iOS is such a pain because you have to get the certificate, get the provisioning profile. Change your project in gross ways, uh, in order to get it to actually sign and build. And then even then, I'm still having trouble with my Mac builds. They're still not exactly a hundred million percent right, but I really wanted to release the Android version of I circuit the new version one point 12. And I had, I, I wasn't just gonna go to visual Studio and hit archive like I normally do, which is very pleasant and very easy. There's a gooey, there's buttons to click. They tell you if you did something wrong. No, I decided to do it in ci cd because of you. And so wrote my GitHub action, but it actually turned out, uh, pretty easy. I would say, uh, get into details, but yeah. Is it worth it? Yeah. Is it painful? It's still painful. [00:04:45] James: Yeah. You know, I recently have been doing a lot of development for iOS and specifically from the Windows machine, and this is one thing that in net six and Net seven, surprisingly, Has really made my life even more enjoyable because it's very stable, is this iOS local deployment, and this is a really cool feature of being a.net developer, building iOS apps. And this is something you don't live through because you're, you're mostly on a Mac. However, I'm mostly on a Windows machine now. I do have a Mac. It's sitting Delectably, delectably D. Nope. Deliciously. It's a very pleasing device to look at, which is my MacBook Air. But the new MacBook Air, even more delightful to look at, but my Rose Gold MacBook Air is a pleasant site to look at, and I love it, and I do use it often. However, I do love my surface laptop for mm-hmm , and I love my mean desktop machine, which is Windows. But this experience has gotten so good recently and so seamless that when I just take. iOS device and I plug it into my Windows machine and I hit debug. It just loads my application directly onto my iPhone. And I've been doing this recently in all my workshops. I've been debugging, um, a bunch of people's source code, um, looking at different bugs. I've been looking at different, uh, third party libraries and it has been absolutely amazing. And what we aren't realizing what's happening behind the scenes is it's doing all that. Shenanigans that gobbly cook ridiculousness for you. Uh, because in development mode, uh, a lot of that stuff can be obfuscated, uh, for you by the tooling where at publishing time it is really in your face, . Oh yeah, I would say so. When you plug in your iPhone, this little hot restart, that's what it's actually called, but I call it iOS local deployment pops up and it says, Hey, just, you know, pick your Apple developer account. And you say, okay, this one. And then it just goes and it does a bunch of things behind the hood for you automatically. And then it just deploys. And that's, that's the life I'd love to live. Now, one thing I don't know, Frank, is, and, and you may know because I know you did a lot of Swift and Swift ui, um, um, develop. When those things were coming out and sell. Do you, you like to play with all the toys? Oh, yeah. Is, has anything in Xcode um, solved? I don't think you've played with the new Xcode, um, cloud build thing yet. Or maybe you have. I dunno. I'd love to talk to you about that, but I dunno if anything on the iOS front maybe has solved some of those. Issues when it comes to actually deploying your app to the app store, is it still the same issue of creating search, creating provisioning profiles, and creating all these things? Yeah, [00:07:38] Frank: I would say it's definitely improved from the early days. Uh, no, actually I don't have any experience with, uh, Xcode Cloud. Yes. Yeah. Okay. Uh, so, sorry. Um, I'll try it. One of these days I do like to play with the shiny toys, uh, certificates and all that has gotten. Better with some scare quotes around it because of course, nothing can ever be easy in this game, right? Like, it, it won't be fun if things were easy. So some funny things are, you know, you go to your project, you set your team, I think Visual Studio has gotten to this point. Uh, you give 'em access to your developer account. The nice thing is there's a little button to go look at your certificate so you can see what certificates are in your machine. If there's no certificates, you press a button that says, make me a certificate, and it does that. Um, Once you're there, as long as you select your team in your app, you hit the play button and it does a little cert check in the beginning and usually can generate a provisioning profile if it needs to, and then download it and then install it. Oh my god. People, it's so ugly behind the scenes you don't want about this. It can do all of those things and it is pretty smooth. Um, sometimes if I'm actually. Having trouble with my, uh, provisioning stuff. I'll actually go into X code and create a project with the same, um, build, um, bundle ID as my normal project. But it's very rare that I have to do that. It's um, Um, but that's a testament to their tools that I can just go in there and do that hit play. And that usually fixes my provision profiles. It's usually the provisioning profile. The certs are easy. You need everyone get a cert, it expires. It's annoying. I wish they would give you certs that lasted more than a year, but that's how it is. And just refresh 'em from time to time. It's those stupid provisioning files that you gotta get, um, associated with them that makes it difficult. So you have two balls [00:09:37] James: in the. Yeah. And then the provisioning profiles, it's not only that the provisioning profile is tying a cert to an app, but it's also tying it in development mode, at least to a device. And I ran into this recently, which is, uh, Heather gave me her, her, she got a new iPhone. I got her old iPhone. This led into a world of problems because what happened is, The device was already registered. However, because I reformatted it, it still has similar IDs of the device, but it's confused, so it's like I, I have a provisioning profile for this device, but when it goes to launch, there's some other. Key value pair that's saying, uh, uh, ah, I don't think so because I've reset the device. Right. It's, it's, it's something else that's in there. So I actually needed to go into the Apple developer to portal and delete the devices, which you can only do once a year. So, thankfully, mm-hmm. , I did it once, which is, you know, also, Ridiculous And I had to go in there and deleted every single device. I'm like, let me just start from scratch. And I had that. And now had I not been able to delete those devices this one time a year, I would've run into this problem where I couldn't actually deploy to my device because of this mismatch and, and provisioning profiles and devices, which is kind of mind boggling. Uh, at the same. [00:10:59] Frank: Yeah. Yeah. Um, I, I, I always wonder why that limit is there, because the device list is in the provisioning profile. So there's, there's absolutely no reason you couldn't have a different set of devices for every profile you generate. I think this is Apple's fun attempt at security. Yeah. From people running their own app store or something, you know, like you can't sign off too many devices. So that frustrating one year thing is, I. I, I can, I don't forgive it. No, it's stupid . They should get rid of it, but it's there as a dumb form of security. The certificates once a year. That makes a little more sense. Not really though, because it, it's not aligned with you renewing your membership. If like you renewed your membership, they gave you a new cert. That would make sense. Mm-hmm. , but they're not at all aligned, so that one I don't care about. Uh, there, there's other issues too. If I, I use, um, extensions in my apps and all those new provisioning profiles also to be associated correctly. Don't forget all your iCloud, um, uh, entitlements, whatever you can, you still have to manage. They're not the entitlements, right? They're the other, they're the like super meta options that you can only manage on Apple's website. So there's always that fun complexity in iOS. Isn't that fun? Keeps it exciting. [00:12:20] James: I, I believe that provisioning profiles and certificates are sometimes more work than actually developing in app and. I was telling someone, cuz often in my, when I do the down my workshop, like, oh, it'd be great to like, you know, show and publishing the store and doing all that stuff. I'm like, that's its own workshop. That's just an entire one day exercise. I'm sorry of having to do that. It's the truth. And, and, and, and it only becomes the truth mostly for Apple, however, that being. The other part of the situation that we won't really get into today, which we've talked about in many previous podcasts, is how the app store itself as a release mechanism has grown in complexity for the actual metadata you need to Yeah. Uh, uh, bring together to release an application that's ever growing and never getting more complicated. So, Half of the time when you want to release an application, you better be thinking darn well ahead of time. What screenshots, the verbiage, all these other things that you wanna do else. It's a last minute scramble to get it together. which is not great cuz they can only be updated on certain apps or in certain times, which is crazy. But Frank, you are working on Android, which for me, Android I think has always been the easiest platform. There's, there's a key store. You have one key store, you shove it in Dropbox. And you put a txt file that says password next to it and you use that key. So for the next 35 years of development, [00:13:49] Frank: no, I didn't know about the password. Text file trick man, I've, I've, I. That is half the problem. I, I've learned how to keep the key store. I remember I gotta keep this key store, otherwise I can't update my own app, which, how ridiculous is that? But I think we'll get to, maybe it's not as ridiculous anymore as I thought it was, but yeah, that's stupid password. Like where do you store that? So I'm trying to do this in ci. and it's really not good form to have like your CI going to your Dropbox to download this key file. What? I'm not doing it that way, James . Um, I don't even know if this is the right trick or not. You know what I do? I base 64 and code the file. I put it as a GitHub secret. Mm-hmm. , and then. And one of my little, you know, actiony scripty lines. I just turned that base 64 into a file. Yeah. And that's how I restore the file. Is that the right way to do it? That's how I do it. [00:14:46] James: That's one way of doing it. I think the other way that I've done it in the past is some people I put it in, well, in, in Azure DevOps, you could just. Drag and drop your store, your files in there and it would put it in secure storage, and then you would put your variables also as a, as a private secret variable. Other people, I've seen them do, like when I use Bit Rise, I think it was one time like you could put it in. Like if it just had a url, it would download it right and curl it. And then cause the, the file's not important. I mean, the file's important, but the, the, the passwords and the, the things are important to unlock that file at the end of the day. So I think regardless of how you get that file, whether it's base 64 encoding or not, or downloading it from the internet, ok, that is totally fine. It's a file and however you wanna get that file fill in there is totally. [00:15:35] Frank: Thank you. That, that's very interesting. I never quite thought about it that way. I always thought that that thing was as secretive as the password. You can't Yeah. That [00:15:43] James: makes, if it's a lock and you don't have the key, how are you gonna get into it? I mean, I guess unless you had, you'd have to brute force your way into it, you know, in general. Um, but, um, you, you gotta have a, you gotta have, uh, the other piece of the pie, you know? Mm-hmm. , prove it. [00:16:02] Frank: That's great. I think I'm still gonna stick with my base 64. Maybe I just don't trust links . Or maybe I would accidentally move the file around in Dropbox and I'd hate to build the crash that way, so I'm probably still gonna do it my way, but it That's a good thought that, yeah, it's probably actually pretty safe to just have a internet link to the file. Yeah. [00:16:21] James: Point. Well that good point. Well, internet link could be a secret variable so no one else knows how to get. Oh, [00:16:27] Frank: look at you. I it's like, it's like you've done this before. [00:16:31] James: It's uh, . True, true. Frank, I have done this before. So your basics. 64. I like that mechanism actually. Cuz here's the cool thing about the base 64 and code that made. People may not know Franco literally lose his file, but he could recreate that file because he's basic 64 encoded it. He doesn't actually need the file. And I think that's really. [00:16:53] Frank: And you could get silly, you could re-encrypt it, but don't, don't encrypt your encryption. That, that could just get silly . Um, I do wanna say I've, I've run into a little bit. I, they not even troubles, but um, my app is still a zein.android app. Mm-hmm. . But there's absolutely no reason it needs to be, I really want to get on, um, dot net seven now mm-hmm. And and switch it over to be, um, Uh, yeah. Dot net Android app. Is that what I should say? Yeah, let's go with that. Yeah. . And I think that the, the signing should be roughly the same because Android apps are very simple. You tell it release, build, and then you sign it with that key thing. I don't know. It, it, it looks, it's pretty simple from the command line. But, uh, it's always like getting the right version of, uh, Zamron Android installed and all that clears up with Net seven. So even though I'm gonna do this release with zamer.android, I'm looking forward to the simplicity offered by getting all the projects over to be Net seven. [00:17:53] James: Now, the real fascinating part about all this is that I don't actually believe that any of your signing shenanigans matters anymore because Google Play will re-sign your Applic. Anyways, it's an opt-in for, oh, it's actually required if you're, it's, it's, it's required if you're using app bundles, so, so Google willign your application. It doesn't matter. Now, I believe if it's an existing application, you need to give them your old key, but if it is a new application, you don't even need to give them the key at all. They will. They'll just sign it automatically. Doesn't matter. [00:18:26] Frank: Now, you tell me how long they've been doing this for, like a month or something. How, how did I miss the [00:18:30] James: news on this? I believe about five [00:18:32] Frank: years. Oh, okay. Interesting. . Well, um, you know, I just, I, I like base 64. Okay. I, I like signing my stuff. I like reading blog posts from five years ago describing how to do this cuz no one's posted about it since then. And now I'm realizing why I, I like doing that James. I like the paint and the suffering. . [00:18:54] James: Well I also wanna mention that, you know, even though I've been doing Android forever and that was my favorite platform for a long time. Very ingrained in that ecosystem. I actually don't know if you still need to sign it, even though if it is being re-signed or not. Like, because you've always re-signed it. Like do only new apps not need to be re-signed? I don't know down that. So my mechanism, Frank, is to do what I've always done for the last 12 years, which is take, take my key store, sign my application, and shove it to Google and whatever Google. That's on them. That's Google's business. That's, that's Google business, right? That, that's Google business. I don't care. But I do know Frank, that at this point you'll have migrated from APKs to Android at bundles, I would assume. And because it's required and, and then this new mechanism is required at the end of the day. So probably when you go to release this application, Google is gonna force you to do this. [00:19:54] Frank: Yeah, and it, it, it has been a bit of time since I've done an Android upload, apologies to all the Android users. Um, so I'm excited to learn what any of what you just said makes any sense. And you know how I love Google's UIs. You know how much I love. Playing around in their little store UI backend. It's really easy to use and I'm using a very sarcastic voice right now because every time I log into that thing, I just get angry at Google, but I'm sure I'll figure it out this time. So you're telling me I need an app bundle, I'm gonna get on that. I'm gonna make you a beautiful app bundle. [00:20:30] James: Do do you know at a different difference between an APK and an Android dot bundle? I spring. [00:20:36] Frank: Please tell me it's a file name change. ? [00:20:41] James: No. Well, um, , [00:20:45] Frank: well, the different, what's the what, what is the difference change between an APK and an app [00:20:49] James: bundle? So there's a few things in general. Basically what an Android app bundle or AAB is Android app bundle. Uh, they sort of were created to resolve some of the. Packaging challenges in general. So you know, there's different screen resolutions, performance things, CPU architectures, and the whole idea with an Android app bundle. Is that they bundle several of these different versions of the application into one logical package. Okay? So this means that in, in, in, in previous existence, you could do this into an apk, but as things got bigger, you might have to split different architectures and different things into multiple APKs and then upload them there. Mm-hmm. . Now, the cool part about Android app bundles is that they. Under the hood, give the Google Play Store or anyone else that supports app bundles a better way of, um, modularize module modularizing taking modular based, like loading and downloading of the application and assets. So what they're able to do is on demand is they're able to, Say this user is using this type of device with this type of language and this type of architecture, and they can rebundle, if you will, your app into a optimized version for them. Whereas previously what would happen is you would deliver one big apk and the user would get all of that and they'd have a bunch of extra junk that they don't need. So at the same time, the Android app bundle enables. Them to break apart your application and rebundle it on demand in real time. So what that means is that at the end of the day, for you as a developer and for your users, is that your applications will be about 50% the size or so, you know, 20 to 50% size smaller than in a K because it'll get rid of all the junk that they don't. [00:22:51] Frank: Well, I don't like it. . This seems like Google passing on. They're a problem onto US developers. Oh, I'm sorry. Google that. You designed a bad format and you have to pay higher server costs, but that sounds like an installation issue. Maybe you should look into things like Torrance and distributed file services. There's ways to do it. Google that doesn't put all the pain and honors on the app developer. But okay. That said, in the end it does help the user, therefore I shall do, but, um, wow. Way to project your problems onto us. Thanks. Thanks [00:23:30] James: Google. The best part, Frank, is for you, app developer. It's just a compilation flag setting. In fact, , when you build an Android application with amran android or.net for Android, the default and release mode is at bundle. So you get an app on, okay? Yes. Yeah, [00:23:47] Frank: aside from my project is 12 years old, and hopefully I don't have any random, uh, property set in it that's gonna stop that. But yes, let's hope. Let's hope the CI should finish any minute. [00:23:59] James: Yes. And in fact, sometimes, and you can publish both at the same time, so there is things, so if you, if you get in your artifacts, an apk, that's no good. You want an aab? [00:24:11] Frank: I am so happy we're having this discussion tonight before I pulled my hair out and I'm like, why can't I upload this thing anywhere? Um, so they are requiring the AAB though, you said, [00:24:24] James: right? I believe starting last year in 2021, it is now required. Now that being said, that might be only for new apps. I'm not sure about existing apps, but Right. I gotta imagine at this point they really, really are forcing the hand on it. And, and to your point, you know, to your point, like there's, for you, there should be zero little work besides these compilation flags that should have been set for you unless you overrode them for some reason, which I can't imagine you doing. But, because literally I think that what. Peppers and the team did, I'll blame Peppers for everything. Great is, you know, John Fryer and peppers and John did. So, you know, all the Jonathan's and, uh, I believe they changed the default to just say, if you don't pass a flag, AAB is the default instead of a Okay. That's nice. I believe [00:25:17] Frank: I, I'll report back [00:25:18] James: next week. , you may need to report back. That might be a net six change and not as am and Android change that. Mm. [00:25:24] Frank: Yeah. Um, like I said, I, I, I, I even keep debating whether to switch over to net seven for this, but this, this version's tested. I don't wanna play any games right before release, but I think what I'm gonna do is have a patch pretty soon afterwards, a patch release, uh, where I do upgrade to.net [00:25:44] James: seven. The really cool part about you just having, you know, just a zaine Android app, moving it down at seven is, I remember Pepper's putting out the performance article blog. Yeah. And I believe that a zaine Android to like done at six and now done at seven. It's like, you know, 75% faster. It's like crazy. [00:26:01] Frank: Yeah, and I was already doing a OT that was taking up a significant amount of the c i CD time where it's actually compiling it all the way down. Um, but what I, I thought you were gonna reference something else. Maybe it was a tweet or a to, or something like that. And said something like, uh, if you have a Zein Android app, it should be a 99. Easy conversion over to the net six s and sevens and just, I, I haven't done it myself, but I a hundred percent believe it because Android was always a little bit simpler and cleaner. Yeah. As an implementation. Um, it was just a lot of project files and I a hundred percent believe them when they say it's gonna be an [00:26:41] James: easy transition. I think that what you should be able to. Because I think you should be able to go inate a new.net seven Android app, and then I think you should go into your existing zaine Android app, blow away the CS Pro and replace it with the new one. And then just add about the back, the new packages. And I think that's all you need to do. And then you're done. And I would love for you to report on this, like what it actually took. Cause it's the same thing for should I do? Are you hearing me? Not, not right now. In real time, in the next three minutes as we wrap out this, this podcast? No, [00:27:16] Frank: but you should do it. Okay. Um, valid. Okay. I was gonna try to get this thing out [00:27:22] James: sooner than I No, no, no. Release your app if you've already tested it, thank Good to go. But I'm saying for next week's pod, because you said you're back to work, you know, grinding cuz it's completely dark outside at 2:00 PM that you should, you know, be able to crush. [00:27:36] Frank: Uh, it's all work all the time. There's literally no sunlight to give you a life to live, so it's just gonna be work. No, I, I've I'm gonna have some expenses next year, so I'm making sure I get my apps out there and refreshed and all that. I, I'm excited though, I. It sounds like that conversion's gonna be real easy and you are tempting me to do it for the this release, but I think I'm gonna stay strong and stick with my own plan, and then I'll report back [00:28:06] James: next week. Yeah. Well, I'm super fascinated in tips and tricks from our listeners for any of the stuff that we mentioned today, because I've been doing the same. Systems and mechanisms of releasing and shipping and signing applications. But a lot of things have changed. I recently, you know, talked to a lot of folks about in-app purchases and different things that they were using. We talked about revenue cap, we talked about other mechanisms. So I'm always open to change in a suggestions because at the end of the day, we can help each other in this podcast. We're our own social network that we spin up in distributed system. I get that every single one of us are our own nodes that we can come together. [00:28:45] Frank: What a beautiful analogy. That's [00:28:47] James: very nicely sad. So go to our, go to our website, merge Conflict. There's a contact button. You can discord us, you can tweet at us, you can tweet at us, you can do all the things. And, uh, we appreciate all of you for listening. Um, Frank, thank you for coming back, um, to America, to soil, um, American. And, uh, the, the cold of American soil in the winter that is happening right now. Winter is here. You know, you left and winter was not even coming, and you came back and winter was here. That happened. [00:29:20] Frank: It, it, it's like I went to a whole different part of the planet and everything's different, but at least I have my old good, great podcasting, Mike. It's good to be back in front of my beautiful iMac and yeah, there's nothing else to do in the winter, but work, so this will be a fun, a fun time. [00:29:40] James: Well, I think that's gonna do it, Frank, until next week's podcast. So until next time, I'm James Mos Mag. And I'm [00:29:49] Frank: Frank Kruger. Thanks for listening. Peace.