2FA code still required for pilot even with FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD set?

[johannes-keinestam]

Hi!

We're using a very simple lane on a CI machine for uploading to TestFlight via fastlane (version 2.141.0), looking as follows:

  desc "Upload beta"
  lane :upload_beta do
    pilot(distribute_external: false, skip_waiting_for_build_processing: true, skip_submission: true, ipa: "<path-to-ipa>", username: "<username>")
  end

The account we use for uploading to TestFlight recently had 2FA enabled, so we generated an app-specific password via appleid.apple.com and set it in the environment variable FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD. Furthermore, Appfile contains definitions for both app_identifier and apple_id.

Running fastlane ios upload_beta results in the following output (abbreviated):

 [18:38:01]: -------------------
 [18:38:01]: --- Step: pilot ---
 [18:38:01]: -------------------
 [18:38:01]: Login to App Store Connect (<username>)
 -------------------------------------------------------------------------------------
 Please provide your Apple Developer Program account credentials
 The login information you enter will be stored in your macOS Keychain
 You can also pass the password using the `FASTLANE_PASSWORD` environment variable
 See more information about it on GitHub: https://github.com/fastlane/fastlane/tree/master/credentials_manager
 -------------------------------------------------------------------------------------
...
 [18:38:01]: Missing password for user <username>, and running in non-interactive shell

After this, the lane exits with an error. If we set the FASTLANE_PASSWORD environment variable to the regular (non-application-specific) password of the account in addition to having FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD set, we get the following output instead:

 [19:39:21]: -------------------
 [19:39:21]: --- Step: pilot ---
 [19:39:21]: -------------------
 [19:39:21]: Login to App Store Connect (<username>)
 Available session is not valid any more. Continuing with normal login.
 Two-factor Authentication (6 digits code) is enabled for account '<username>'
 More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915
 If you're running this in a non-interactive session (e.g. server or CI)
 check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
 (Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)
 (You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)
 (Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship-2fa-sms-default-phone-number)
 Please enter the 6 digit code:

Immediately after this, the lane exits with an error.

From what I've understood (e.g. from the fastlane documentation), if you only use pilot an app-specific password should suffice? I'm also quite certain this was the case (some time ago, admittedly) when we instead used the tool in Visual Studio to upload an iOS app, that it wouldn't bug you at all for a 2FA code if you used an app-specific password.