Playbook debugging

[LL782]

Proposed changes

The major changes addresses errors that currently block the complete running of the Ansible Playbook. There are also medium and minor fixes, most notably avoiding loosing an existing .zshrc.

List of all changes:

• Avoid already installed errors
• Avoid overriding existing .zshrc file
• Prefer manual install of Xcode since xcodes can't handle auth
• Provide sudo password to brew installs
• Minor:
  • Correct grammar on prompts
  • Correct name of Sublime Merge

JIRA: No JIRA (should I create one?)

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (refactor, fix or new feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices apply)

Further comments

I'm happy to break the changes into different PRs if there is an issue with any of them.

Also, you might like to review commit-by-commit to benefit from the commit messages. The only downside to that is the churn around xcode/xcodes that I eventually decided to remove.

1. Avoid already installed errors

There are a number of these checks spread across different commits. They are important as the errors currently stop the Playbook continuing/completing. I got it working but is it good? Feel free to propose an improved solution.

2. Avoid overriding existing .zshrc file

Personally I find this important. Previously we would copy-paste over the top of any existing .zshrc when running the script. This can hurt the user. Now the template will go into a new file and a reference is added to any existing .zshrc

See e43fd90

3. Prefer manual install of Xcode

I've removed the use of xcodes from the repo since it won't work for any Apple account that uses a hardware key for MFA.

This is obviously a significant decision. Personally I feel it's fine since we were already asking the user to manually install xcodes, now we just ask them to manually install Xcode.

Note: xcodes was first introduced due to a bug with the latest Xcode. This is not a current issue and if we need xcodes again in the future I propose we reintroduce it at that time, when hardware key MFA might be supported.

4. Provide sudo password to brew installs

zulu and insomnia will not install without sudo and homebrew won't run in sudo mode. This seems like a good solution: 5fdae90

[ledger-wiz-cspm-secret-detection]

Wiz Scan Summary

Scanner	Findings
Sensitive Data	-
Secrets	-
IaC Misconfigurations	1
SAST Findings	-
Software Management Findings	-
Total	1

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

[thesan]

At some point the xcodes package helped in the past: when the new version of xcode was not supported (I forgot why) and we easily downgraded after an autoupdate. Would it make sense to leave this choice to the user?

[LL782]

@thesan I could leave this in. At one point (https://github.com/LedgerHQ/ledger-wallet-dx/pull/18/changes#r2713459615) I got xcodes installing via Ansible (removing the manual step) and was passing in the username and password via prompt (which was the error I was initially trying to fix).

The reason I got rid of it was that my Apple account uses a hardware key for auth, so xcodes gives me this error with or without being run through Ansible.

Account uses a hardware key for authentication but this is not supported yet

This makes xcodes unusable for my Apple account and I thought it would be true for others at Ledger 🤔

I might see if I can create a new Apple account without the hardware key auth and see if I can get that working but I didn't want to sink too much time into it. An alternative is that we remove if for now and if we need it again in the future we add it back in, at which point xcodes might have expanded their MFA support.

WDYT?