狠狠撸

狠狠撸Share a Scribd company logo

CodePushとReact Nativeで緊急OTAリリース!了解!?

?
?
Masayuki Iwai
Masayuki Iwai

iOSDC 2018で発表した内容です。

1 of 87
Download to read offline
CodePushとReact Nativeで 緊急OTAリリース!了解!? Masayuki Iwai@myb #iosdc
CodePushとReact Nativeで 緊急OTAリリース!了解!? Masayuki Iwai@myb #iosdc ホットパッチング
自己紹介 岩井雅幸@myb? ? モバイル?アプリケーション?エンジニア? at Unity Technologies Japan? 以前はWebデザイン?開発、Flashコンテ ンツ制作、iOSアプリ、ゲーム制作など 著書に「uGUIではじめるUnityUIデザイン の教科書」
自己紹介 岩井雅幸@myb? ? モバイル?アプリケーション?エンジニア? at Unity Technologies Japan? 以前はWebデザイン?開発、Flashコンテ ンツ制作、iOSアプリ、ゲーム制作など 著書に「uGUIではじめるUnityUIデザイン の教科書」 ?
こんなアプリを作っています
Unity Meetup ? Unityユーザーのためのイベントアプリ? イベント検索、タイムテーブル、参加申し? 込み、チェックイン、アンケート回答機能 ? フルReact Native? 導入の経緯は昨年のiOSDC 2017 Reject Conf での発表を参照? /MasayukiIwai/ react-native-110226150
トラブルが…
2018年5月
Unite Tokyo 2018での出来事
Unite Tokyo 2018での出来事 ? 毎年開催しているUnity公式のカンファレンス ? 今年は5月に3日間開催、2000人以上参加 ? このイベントに合わせてチャット機能を実装 ? 海外チームが開発しているAPIを利用する必要があり、? 連携を依頼していたがギリギリになってしまった ? 前バージョンでパフォーマンスが悪かったのでリファクタリング
Unite Tokyo 2018での出来事 ? イベント3日前に新バージョン完成、申請→翌朝審査通過? ? イベント前日の夜、新機能の表示系バグを発見、修正→翌未明審査通過? ? イベント初日の夜、重大なバグを発見? →特急審査を依頼して4時間で審査通過?
正直しんどかった?
CodePushを導入していれば ホットパッチングできたのに…
なんで導入して いなかったのか…?
なんで導入していなかったのか…? ? なんか面倒そうだったので後回しにしていた ? Appleの審査が十分早かったのであまり必要性を感じていなかった
后悔先に立たず
时すでにお?
What is CodePush?
の前に
ざっくりReact Native
ざっくりReact Native ? Reactベースでネイティブアプリ開発のためのフレームワーク ? React由来のコンポーネントベースで、reduxとも親和性が高い ? JavaScript(JSX)で記述、JavaScriptCore上で動作 https://facebook.github.io/react-native/
ざっくりReact Native UIKitなど React Native Library JavaScriptCore React JS アプリケーションコード React Native JS Library
ざっくりReact Native UIKitなど React Native Library JavaScriptCore React JS アプリケーションコード React Native JS Library jsbundle
What is CodePush?
What is CodePush? ? Microsoft製のクラウドサービス ? React NativeやCordovaのJSコードをホットパッチング可能 ? ウェブ、SDK、CLIが提供されている ? 以前は独立したサービス? →現在はVisual Studio App Centerに統合 https://github.com/Microsoft/code-push
What is CodePush? UIKitなど React Native Library JavaScriptCore React JS アプリケーションコード React Native JS Library jsbundle ここの部分 を配信?
Visual Studio App Center ? CodePushの他にも? CI、テスト、Analytics、 Push通知など多機能 ? 無料から利用可能? (ビルド回数や時間に制限有) ? CodePushは無料で無制限に 利用可能 https://appcenter.ms
Visual Studio App Center ? CodePushの他にも? CI、テスト、Analytics、 Push通知など多機能 ? 無料から利用可能? (ビルド回数や時間に制限有) ? CodePushは無料で無制限に 利用可能 https://appcenter.ms
Fantastic?
でも…
ホットパッチングって 大丈夫なの??
終わりなきリジェクト との戦い?
Appleのガイドラインを? 振り返る
Appleのガイドラインを振り返る 2.7 Apps that download code in any way or form will be rejected 2.8 Apps that install or launch other executable code will be rejected App Store Review Guidelines (2015)
Appleのガイドラインを振り返る 2.7 Apps that download code in any way or form will be rejected 2.8 Apps that install or launch other executable code will be rejected App Store Review Guidelines (2015)
Appleのガイドラインを振り返る 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. (抜粋) App Store Review Guidelines (2016)
Appleのガイドラインを振り返る 2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. (抜粋) App Store Review Guidelines (2016)
Appleのガイドラインを振り返る 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store. Apple Developer Program License Agreement (2016)
Appleのガイドラインを振り返る 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store. Apple Developer Program License Agreement (2016)
Appleのガイドラインを振り返る 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store. Apple Developer Program License Agreement (2016)
Appleのガイドラインを振り返る 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store. Apple Developer Program License Agreement (2016)
Appleのガイドラインを振り返る ? アプリは、機能を変えるようなコードをダウンロード、インストール、? 実行してはならない ? インタープリテッドコードは、すべてのスクリプトがアプリに含まれて? いる必要がある ? 唯一の例外は、WebKitやJavaScriptCoreによってダウンロード、実行? される場合のみ
React Nativeは JavaScriptCore上で 動くので-
現在のAppleのガイドライン 3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS. Apple Developer Program License Agreement (Current)
現在のAppleのガイドライン 3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS. Apple Developer Program License Agreement (Current)
現在のAppleのガイドライン 3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS. Apple Developer Program License Agreement (Current)
現在のAppleのガイドライン 3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS. Apple Developer Program License Agreement (Current)
現在のAppleのガイドライン 3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS. Apple Developer Program License Agreement (Current)
現在のAppleのガイドライン ? App Storeに申請されたのと違う機能を提供して、アプリの主目的を? 変えない ? 他のコードやアプリのストアやストアフロントを作成しない ? 署名やサンドボックスその他OSのセキュリティ機能を迂回しない →以上の条件を満たして入れば、実行可能なコードをダウンロードする? ことはOK
CodePushによる ホットパッチングは合法? 用法?用量を守って正しくお使いください
同様のサービスは??
同様のサービスは?? ? Rollout.io、JSPatch →2017年3月、これらを使用していた開発者にAppleから警告? Apple Developer Program License Agreementと? App Store Review Guidelinesに抵触 →リジェクト対象に? https://forums.developer.apple.com/thread/73640
同様のサービスは?? “This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.” https://forums.developer.apple.com/thread/73640
同様のサービスは?? “This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.” https://forums.developer.apple.com/thread/73640
同様のサービスは?? “This includes any code which passes arbitrary parameters to dynamic methods such as dlopen(), dlsym(), respondsToSelector:, performSelector:, method_exchangeImplementations(), and running remote scripts in order to change app behavior or call SPI, based on the contents of the downloaded script. Even if the remote resource is not intentionally malicious, it could easily be hijacked via a Man In The Middle (MiTM) attack, which can pose a serious security vulnerability to users of your app.” https://forums.developer.apple.com/thread/73640
セキュリティの 観点からダメ?
ホットパッチング自体は合法?
颁辞诲别笔耻蝉丑を使ってみよう
颁辞诲别笔耻蝉丑を使ってみよう 1. App Centerでアプリを登録する 2. App Center CLIをインストール 3. React Native Client SDKをインストール 4. アプリケーションコードの修正
1. App Centerで? アプリを登録する
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する
1. App Centerでアプリを登録する
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する ?
1. App Centerでアプリを登録する
2. App Center CLIを? インストール
2. App Center CLIをインストール $ brew install node $ npm install -g appcenter-cli
2. App Center CLIをインストール $ appcenter login ? Opening your browser...? ? Visit https://appcenter.ms/cli-login?hostname=xxx.local and enter the code:? ? Access code from browser: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Logged in as xxxxxxxx
2. App Center CLIをインストール $ appcenter codepush deployment list -a <ORG>/<APP>? !""""""""""""#"""""""""""""""""""""""""""""""""""""""$? % Name % Key %? &""""""""""""'"""""""""""""""""""""""""""""""""""""""(? % Staging % xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx %? &""""""""""""'"""""""""""""""""""""""""""""""""""""""(? % Production % xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx %? )""""""""""""*"""""""""""""""""""""""""""""""""""""""+
3. React Native Client SDKを インストール
3. React Native Client SDKをインストール $ cd /path/to/project $ npm install --save react-native-code-push
3. React Native Client SDKをインストール $ react-native link react-native-code-push ... ? What is your CodePush deployment key for Android (hit <ENTER> to ignore) ... ? What is your CodePush deployment key for iOS (hit <ENTER> to ignore)
4.アプリケーションコードの修正
4. アプリケーションコードの修正 App.js export default class App extends React.Component<Props, State> { // ... }
4. アプリケーションコードの修正 App.js import codePush from ‘react-native-code-push’ class App extends React.Component<Props, State> { // ... } App = codePush(App) export default App
4. アプリケーションコードの修正 App.js import codePush from ‘react-native-code-push’ class App extends React.Component<Props, State> { // ... } App = codePush({ checkFrequency: codePush.CheckFrequency.ON_APP_RESUME, installMode: codePush.InstallMode.ON_NEXT_RESUME, )(App) export default App
That’s it!
颁辞诲别笔耻蝉丑で配信してみよう
颁辞诲别笔耻蝉丑で配信してみよう $ appcenter codepush release-react -a <ORG>/<APP> -d Staging
Demo https://github.com/miyabi/iosdc18example
まとめ ? CodePushの導入は簡単!デプロイも簡単! ? Appleのガイドライン的にもOKなので安心して使える!? (ガイドラインに従って適切に使いましょう) ? JavaScript部分のみの配信なので、適用できるところは限られる? (既存アプリへの導入も可能)
Thank you!

More Related Content

CodePushとReact Nativeで緊急OTAリリース!了解!?