validate_secrets.yml: Restore ability to catch unsigned PLA, etc. by billybooth · Pull Request #357 · LoopKit/LoopWorkspace
Summary
When adding automatic certificate renewal, an inadvertent change was introduced that meant users were not notified they needed to sign a new developer license agreement.
In addition, the language in the fastlane log was modified so that an earlier check for a MATCH_PASSWORD failure no longer reported that error.
This modification fixes both of the short-comings to improve the browser build error checking capabilities.
Test
@billybooth already demonstrated that with this modification, a user who has not signed their updated license agreement is once again given the appropriate message in the annotations.
However, the language for an incorrect MATCH_PASSWORD previously used is no longer present in the fastlane log with the consequence that the desired error message is not reported.
Test Plan
- Run create_certs to make sure all the secrets for the
docs-testorganization are valid- Do not rely on a passing indication, actually review the fastlane job
- Modify the MATCH_PASSWORD to be incorrect
- confirm the error message for dev branch does not provide the correct annotation
- confirm the error message with the changes in this PR does provide the correct annotation
- Restore the MATCH_PASSWORD, revoke the Distribution Certificate and ensure that nuke certs is called to prepare a new certificate (as needed following the annual certificate expiration)
| branch | configuration | action | correct annotation? | result | link |
|---|---|---|---|---|---|
| dev | all secrets correct, valid Distr Cert | create certs | ✅ | success as expected | https://github.com/docs-test/LoopWorkspace/actions/runs/19485144019 |
| dev-validate-secrets-regression-fix | all secrets correct, valid Distr Cert | create certs | ✅ | success as expected | https://github.com/docs-test/LoopWorkspace/actions/runs/19485222966 |
| dev | incorrect MATCH_PASSWORD, valid Distr Cert | create certs | ❌ | success was claimed for validate secrets, but fastlane job inside validate_secrets failed with Couldn't decrypt the reposuccess was claimed for create certs with same error |
https://github.com/docs-test/LoopWorkspace/actions/runs/19485302450 |
| dev | incorrect MATCH_PASSWORD, valid Distr Cert | build loop | ❌ | run the build loop just to prove that the errors in the previous action are fatal | https://github.com/docs-test/LoopWorkspace/actions/runs/19485579336 |
| dev-validate-secrets-regression-fix | incorrect MATCH_PASSWORD, valid Distr Cert | create certs | ✅ | this failed with the expected annotation in the validate_secrets fastlane job | https://github.com/docs-test/LoopWorkspace/actions/runs/19485666867 |
| dev-validate-secrets-regression-fix | restore MATCH_PASSWORD, revoke Distr Cert | create certs | ✅ | success; ran nuke_certs as expected | https://github.com/docs-test/LoopWorkspace/actions/runs/19485747530 |