A keychain with the same name already exists. On second run

[SoylentGraham]

I finally got this working (turns out my organisation secret doesn't propogate to my private repository)

On the second run, I get this error security: SecKeychainCreate signing_temp.keychain: A keychain with the same name already exists.

At first, I had this on another repository so I called it signing_temp2.keychain, but that also errors the second time.

Am I doing something wrong? Should it error just because it already exists? (same cert/credentials etc)

[b-zurg]

This seems like a problem... I would expect the keychain to be cleared after the action finishes.

[orj]

@SoylentGraham are you using a self-hosted agent? Or are you executing the action multiple times in a workflow?

There should be no retained state on GitHub hosted agents.

[orj]

@b-zurg The keychain needs to be retained for the entire job not just the action. As Xcode needs to access the keychain.

[SoylentGraham]

Yeah, self hosted

On Thu, 6 Aug 2020 at 8:20 am, Oliver Jones notifications@github.com wrote:

@SoylentGraham https://github.com/SoylentGraham are you using a self-hosted agent? Or are you executing the action multiple times in a workflow?

There should be no retained state on GitHub hosted agents.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/Apple-Actions/import-codesign-certs/issues/8#issuecomment-669754750, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQVIBK27ARD7GHYWIH4KEDR7JKS5ANCNFSM4OQEK2UA .

--

• Graham Reeves
• http://www.grahamreeves.com/

[juliensechaud]

@SoylentGraham did you find any workaround ? I have the same issue here on self-hosted

[paulocoutinhox]

I have the same problem on github action.

Anyone found a solution?

[paresy]

This fork will do a proper post-cleanup: https://github.com/figleafteam/import-codesign-certs

[alexkirsz]

For self-hosted hosts, you can manually clean the keychain after using it. Here's an example snippet:

jobs:
  build:
    env:
      # Unique keychain name so concurrent jobs don't get confused
      KEYCHAIN: job-${{ github.job }}-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}
    steps:
      - uses: apple-actions/import-codesign-certs@v1
        with:
          keychain: ${{ env.KEYCHAIN }}
          p12-file-base64: ${{ secrets.CERTIFICATE_P12_B64 }}
          p12-password: ${{ secrets.CERTIFICATE_PASSPHRASE }}

      - name: Delete keychain
        if: always() # Always run this step to ensure the keychain is properly disposed of
        run: |
          security delete-keychain "${{ env.KEYCHAIN }}".keychain