billybooth
commented
1 year ago @gestrich, these open PRs would probably be good to go ahead and review/merge.
Closed billybooth closed 1 year ago
billybooth
commented
1 year ago @gestrich, these open PRs would probably be good to go ahead and review/merge.
Based on LoopWorkspace #36, this adds rudimentary support for validation of repository secrets used in GitHub Actions + Fastlane build workflows.
A shared validate_secrets.yml has been added as a dependency of the other workflows to validate secrets prior to adding identifiers, creating certificates, or building LoopCaregiver. It can also be run independently via standard workflow dispatch.
The workflow should be pretty self-explanatory, but each required repository secret is checked to verify that it is set and non-empty, then secondary validation is done upon the GHPAT (via the GitHub CLI client) to ensure write permissions on the Match-Secrets repository and FASTLANE secrets (via a new validate_secrets lane) to ensure that an App Store Connect API authorization with the repository secrets is successful.