From 005339f701ce0537b66e05f6c04dcadd067b7046 Mon Sep 17 00:00:00 2001 From: bjornoleh Date: Sat, 18 Jan 2025 12:00:01 +0100 Subject: [PATCH] validate_secrets.yml: Continue on errors in fastlane validate_secrets Will avoid halting the workflow on invalid certs during validate_secrets.yml, as this is handled in crate_certs.yml Add grep for "Your certificate .* is not valid"', but exit without error Remove unnecessary annotation output for 'Unable to create a valid authorization token for the App Store Connect API.' Remove misleading grep "No code signing identity found" -e "Could not install WWDR certificate" and error "No code signing identity found" or "Could not install WWDR certificate" --- .github/workflows/validate_secrets.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/validate_secrets.yml b/.github/workflows/validate_secrets.yml index 3211b028d..e34af325b 100644 --- a/.github/workflows/validate_secrets.yml +++ b/.github/workflows/validate_secrets.yml @@ -178,22 +178,19 @@ jobs: elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then failed=true echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that you copied it correctly from the API Key file (*.p8) you downloaded and try again." - elif ! bundle exec fastlane validate_secrets 2>&1 | tee fastlane.log; then + elif ! (bundle exec fastlane validate_secrets 2>&1 || true) | tee fastlane.log; then # ignore "fastlane validate_secrets" errors and continue on errors without annotating an exit code if grep -q "bad decrypt" fastlane.log; then failed=true echo "::error::Unable to decrypt the Match-Secrets repository using the MATCH_PASSWORD secret. Verify that it is set correctly and try again." elif grep -q -e "required agreement" -e "license agreement" fastlane.log; then failed=true - echo "::error::Unable to create a valid authorization token for the App Store Connect API." echo "::error::❗️ Verify that the latest developer program license agreement has been accepted at https://developer.apple.com/account (review and accept any updated agreement), then wait a few minutes for changes to take effect and try again." - elif ! grep -q -e "No code signing identity found" -e "Could not install WWDR certificate" fastlane.log; then - failed=true - echo "::error::Unable to create a valid authorization token for the App Store Connect API." - echo "::error::❗️ Verify that the latest developer program license agreement has been accepted at https://developer.apple.com/account (review and accept any updated agreement), then wait a few minutes for changes to take effect and try again." - echo "::error::❗️ If you created a new FASTLANE KEY or have not previously succeeded with validate secrets, then check that FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets were entered correctly." + elif grep -q "Your certificate .* is not valid" fastlane.log; then + echo "::notice::Your Distribution certificate is invalid or expired. Automated renewal of the certificate will be attempted." fi fi + # Exit unsuccessfully if secret validation failed. if [ $failed ]; then exit 2