Skip to content

Check Certificates (manage_certificates) #21

Check Certificates (manage_certificates)

Check Certificates (manage_certificates) #21

Workflow file for this run

name: Check Certificates
run-name: Check Certificates (${{ github.ref_name }})
on:
workflow_dispatch:
jobs:
check_certs:
runs-on: ubuntu-latest
env:
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
outputs:
cert_expired: ${{ steps.set_output.outputs.cert_expired }} # Job-level output for expired certificates
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.1'
- name: Install dependencies
run: bundle install
- name: Check Certificates
env:
FASTLANE_USER: ${{ secrets.APPLE_ID }}
FASTLANE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
run: bundle exec fastlane check_and_notify_certificates
id: check_certs
- name: Set output based on Fastlane result
id: set_output
run: |
CERT_EXPIRED_FILE="/home/runner/work/LoopWorkspace/LoopWorkspace/fastlane/cert_expired.txt"
if [ -f "$CERT_EXPIRED_FILE" ]; then
# Display the content of cert_expired.txt in the logs
echo "Content of cert_expired.txt:"
cat "$CERT_EXPIRED_FILE"
echo "cert_expired=$(cat $CERT_EXPIRED_FILE)" >> $GITHUB_ENV
else
echo "cert_expired=false" >> $GITHUB_ENV
fi
# Nuke Certs if no valid certificate or certificate was nuked
nuke_certs:
needs: check_certs
runs-on: macos-14 # This needs to run on macOS for Fastlane
if: ${{ needs.check_certs.outputs.cert_expired == 'true' }} # Only run if certificate is expired or invalid
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.1'
- name: Install dependencies
run: bundle install
- name: Run Fastlane nuke_certs
run: fastlane nuke_certs
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
FASTLANE_USER: ${{ secrets.FASTLANE_USER }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
FASTLANE_SKIP_ALL_LANE_SUMMARIES: "true"
# Trigger create_certs.yml if nuke_certs ran or if certificate expired
trigger_create_certs:
needs: [check_certs, nuke_certs]
if: ${{ needs.check_certs.outputs.cert_expired == 'true' || needs.nuke_certs.conclusion == 'success' }}
uses: ./.github/workflows/create_certs.yml