Menu
I'm currently trying to set-up a basic test runner using GitHub Actions for our React Native app. We're using fastlane for our certificates and the whole deployment, so we were looking forward to using it on GitHub Actions as well. I can't seem to get fastlane match to decrypt our key repo though. This is our GitHub workflow as of now:
name: Test app build
on:
pull_request:
branches:
- develop
types:
- opened
- reopened
jobs:
build:
name: Install dependencies, lint and build
runs-on: macOS-latest
strategy:
matrix:
destination: ['platform=iOS Simulator,OS=13.1,name=iPhone 8']
xcode: ['/Applications/Xcode_11.1.app/Contents/Developer']
steps:
- uses: actions/checkout@v1
- name: Install NPM packages
run: npm install
- name: Install pods
run: cd ios && pod install && cd ..
- name: Run ESLint
run: ./node_modules/.bin/eslint --ignore-path .gitignore .
- name: Build iOS app
env:
MATCH_REPO: ${{ secrets.MATCH_REPO }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASS }}
run: cd ios && fastlane compile
Everything works fine until it gets to the fastlane compile step. This is the corresponding lane in the Fastfile:
lane :compile do |options|
create_keychain(
name: "temp",
password: "temp",
default_keychain: true,
unlock: true,
timeout: 3600,
lock_when_sleeps: false
)
match(
type: "development",
readonly: is_ci,
keychain_name: "temp",
keychain_password: "temp"
)
gym(
scheme: "teledoctor24",
workspace: "teledoctor24.xcworkspace",
include_bitcode: false,
include_symbols: true
)
end
And the Matchfile:
git_url("[correct_git_repo]")
storage_mode("git")
type("development") # The default type, can be: appstore, adhoc, enterprise or development
app_identifier(["[bundle_identifier_here]", "[another_bundle_identifier_here]"])
username("[our_apple_id]") # Your Apple Developer Portal username
team_id("[and_team_id]")
In the GitHub secrets, I've created the appropriate MATCH_PASS secret with the key. And this is the output I then get from fastlane:
2019-11-29T22:21:47.7610500Z [22:21:47]: [32m-------------------[0m
2019-11-29T22:21:47.7689970Z [22:21:47]: [32m--- Step: match ---[0m
2019-11-29T22:21:47.7737070Z [22:21:47]: [32m-------------------[0m
2019-11-29T22:21:48.1363230Z [22:21:48]: [32mSuccessfully loaded '/Users/runner/runners/2.161.0/work/-snip-/ios/fastlane/Matchfile' 📄[0m
2019-11-29T22:21:48.1425100Z
2019-11-29T22:21:48.1527450Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.1610580Z | Detected Values from './fastlane/Matchfile' |
2019-11-29T22:21:48.1665820Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.1766260Z | git_url | ***.git |
2019-11-29T22:21:48.6854830Z | storage_mode | git |
2019-11-29T22:21:48.6855260Z | type | development |
2019-11-29T22:21:48.6888820Z | app_identifier | ["-snip-", "-snip-"] |
2019-11-29T22:21:48.6933090Z | username | -snip- |
2019-11-29T22:21:48.7014240Z | team_id | -snip- |
2019-11-29T22:21:48.7070520Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7090450Z
2019-11-29T22:21:48.7116850Z
2019-11-29T22:21:48.7150930Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7154140Z | [32mSummary for match 2.136.0[0m |
2019-11-29T22:21:48.7155200Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7155770Z | type | development |
2019-11-29T22:21:48.7156270Z | readonly | true |
2019-11-29T22:21:48.7156810Z | keychain_name | temp |
2019-11-29T22:21:48.7157930Z | keychain_password | ******** |
2019-11-29T22:21:48.7158420Z | generate_apple_certs | true |
2019-11-29T22:21:48.7158900Z | skip_provisioning_profiles | false |
2019-11-29T22:21:48.7159380Z | app_identifier | ["-snip-", "-snip-"] |
2019-11-29T22:21:48.7160310Z | username | -snip- |
2019-11-29T22:21:48.7160870Z | team_id | -snip- |
2019-11-29T22:21:48.7161360Z | storage_mode | git |
2019-11-29T22:21:48.7192360Z | git_url | ***.git |
2019-11-29T22:21:48.7293660Z | git_branch | master |
2019-11-29T22:21:48.7360410Z | shallow_clone | false |
2019-11-29T22:21:48.7440240Z | clone_branch_directly | false |
2019-11-29T22:21:48.7477690Z | force | false |
2019-11-29T22:21:48.7616380Z | force_for_new_devices | false |
2019-11-29T22:21:48.7738290Z | skip_confirmation | false |
2019-11-29T22:21:48.7801240Z | skip_docs | false |
2019-11-29T22:21:48.7831490Z | platform | ios |
2019-11-29T22:21:48.7838660Z | verbose | false |
2019-11-29T22:21:48.7871780Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7928100Z [31m
2019-11-29T22:21:48.7928210Z
2019-11-29T22:21:48.7964740Z [!] Error cloning certificates git repo, please make sure you have access to the repository - see instructions above[0m
2019-11-29T22:21:48.7965000Z [22:21:48]: Cloning remote git repo...
2019-11-29T22:21:48.8016850Z [22:21:48]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
2019-11-29T22:21:48.8048690Z Cloning into '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/d20191129-2206-1hk3yku'...
2019-11-29T22:21:48.8120130Z fatal: could not read Username for 'https://github.com': terminal prompts disabled
2019-11-29T22:21:48.8180330Z [22:21:48]: [31mExit status: 128[0m
2019-11-29T22:21:48.8223350Z [22:21:48]: [31mError cloning certificates repo, please make sure you have read access to the repository you want to use[0m
2019-11-29T22:21:48.8290970Z [22:21:48]: [31mRun the following command manually to make sure you're properly authenticated:[0m
2019-11-29T22:21:48.8333210Z [22:21:48]: [36m$ git clone ***.git /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/d20191129-2206-1hk3yku[0m
The lane runs fine on my local machine where match is already set-up. Any ideas?
240
The Github Action has only access to the current repository. If you try to checkout another one, you need to specify a personal access token.
This is most likely not possible here.
Instead you can try to start a ssh-agent:
For the following example, the name of the secret should be SSH_PRIVATE_KEY. Then, have a look at the following workflow definition:
# .github/workflows/my-workflow.yml
# ... other config here
jobs:
build:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v1
- name: Setup SSH Keys and known_hosts
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< " $"
- name: Run fastlane
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: ...
This example come from here. They also published a Github Action.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
