Fix create_certs

bjorkert · bjorkert · commit 1727e31ebe5c · 2025-03-08T16:22:23.000+01:00
diff --git a/.github/workflows/create_certs.yml b/.github/workflows/create_certs.yml
@@ -1,40 +1,56 @@
 name: 3. Create Certificates
 run-name: Create Certificates (${{ github.ref_name }})
-on:
-  workflow_dispatch:
+
+on: [workflow_call, workflow_dispatch]
+
+env:
+  TEAMID: ${{ secrets.TEAMID }}
+  GH_PAT: ${{ secrets.GH_PAT }}
+  GH_TOKEN: ${{ secrets.GH_PAT }}
+  MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
+  FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
+  FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
+  FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
 
 jobs:
   validate:
     name: Validate
     uses: ./.github/workflows/validate_secrets.yml
     secrets: inherit
 
-  certificates:
-    name: Create Certificates
+  create_certs:
+    name: Certificates
     needs: validate
     runs-on: macos-15
     outputs:
       new_certificate_needed: ${{ steps.set_output.outputs.new_certificate_needed }}
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
-        
+
       - name: Patch Match Tables
-        run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
-      
-      - name: Sync clock
-        run: sudo sntp -sS time.windows.com
+        run: |
+          TABLE_PRINTER_PATH=$(ruby -e 'puts Gem::Specification.find_by_name("fastlane").gem_dir')/match/lib/match/table_printer.rb
+          if [ -f "$TABLE_PRINTER_PATH" ]; then
+            sed -i "" "/puts(Terminal::Table.new(params))/d" "$TABLE_PRINTER_PATH"
+          else
+            echo "table_printer.rb not found"
+            exit 1
+          fi
+
+      - name: Install Project Dependencies
+        run: bundle install
 
       - name: Run Fastlane certs lane
         run: |
           echo "Running Fastlane certs lane..."
-          bundle exec fastlane certs || true  # ignore errors to continue with check
-          
+          bundle exec fastlane certs || true
+
       - name: Check Distribution certificate and renew if needed
         run: bundle exec fastlane check_and_renew_certificates
         id: check_certs
-      
-      - name: Set output based on certificate status
+
+      - name: Set output and annotations based on Fastlane result
         id: set_output
         run: |
           CERT_STATUS_FILE="${{ github.workspace }}/fastlane/new_certificate_needed.txt"
@@ -48,47 +64,46 @@ jobs:
             echo "Certificate status file not found. Defaulting to false."
             echo "new_certificate_needed=false" >> $GITHUB_OUTPUT
           fi
-          
-          # Warn if certificate renewal is disabled in the repo variables
+
           if [ "$CERT_STATUS" != "true" ] && [ "$ENABLE_NUKE_CERTS" != "true" ]; then
             echo "::notice::🔔 Automated renewal of certificates is disabled because ENABLE_NUKE_CERTS is not set to 'true'."
           fi
-          
+
           if [ "$CERT_STATUS" = "true" ] && [ "$ENABLE_NUKE_CERTS" != "true" ]; then
-            echo "::error::❌ No valid distribution certificate found. Automated renewal was skipped because ENABLE_NUKE_CERTS is not 'true'."
+            echo "::error::❌ No valid distribution certificate found. Automated renewal of certificates was skipped because ENABLE_NUKE_CERTS is not set to 'true'."
             exit 1
           fi
-          
+
           if [ "${{ vars.FORCE_NUKE_CERTS }}" = "true" ]; then
             echo "::warning::‼️ Nuking of certificates was forced because FORCE_NUKE_CERTS is set to 'true'."
           fi
 
   nuke_certs:
     name: Nuke certificates
-    needs: [validate, certificates]
+    needs: [validate, create_certs]
     runs-on: macos-14
-    if: ${{ (needs.certificates.outputs.new_certificate_needed == 'true' && vars.ENABLE_NUKE_CERTS == 'true') || vars.FORCE_NUKE_CERTS == 'true' }}
+    if: ${{ (needs.create_certs.outputs.new_certificate_needed == 'true' && vars.ENABLE_NUKE_CERTS == 'true') || vars.FORCE_NUKE_CERTS == 'true' }}
     steps:
-      - name: Show certificate check output
-        run: echo "new_certificate_needed=${{ needs.certificates.outputs.new_certificate_needed }}"
-      
+      - name: Output from step id 'check_certs'
+        run: echo "new_certificate_needed=${{ needs.create_certs.outputs.new_certificate_needed }}"
+
       - name: Checkout repository
         uses: actions/checkout@v4
-      
+
       - name: Install dependencies
         run: bundle install
-      
+
       - name: Run Fastlane nuke_certs
         run: |
           set -e
           bundle exec fastlane nuke_certs
-      
+
       - name: Recreate Distribution certificate after nuking
         run: |
           set -e
           bundle exec fastlane certs
-      
-      - name: Add success annotations
+
+      - name: Add success annotations for nuke and certificate recreation
         if: ${{ success() }}
         run: |
           echo "::warning::⚠️ All Distribution certificates and TestFlight profiles have been revoked and recreated."
