Skip to content

fix: improve base64 decoding robustness #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 22, 2025
+50 −3
Merged

fix: improve base64 decoding robustness #40

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 50 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,14 +122,61 @@ jobs:
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
run: |
# Debug: Check if environment variables are set
if [ -z "$APP_STORE_CONNECT_KEY_ID" ]; then
echo "ERROR: APP_STORE_CONNECT_KEY_ID is not set"
exit 1
fi
if [ -z "$APP_STORE_CONNECT_ISSUER_ID" ]; then
echo "ERROR: APP_STORE_CONNECT_ISSUER_ID is not set"
exit 1
fi
if [ -z "$APP_STORE_CONNECT_API_KEY_BASE64" ]; then
echo "ERROR: APP_STORE_CONNECT_API_KEY_BASE64 is not set"
exit 1
fi

# Create directory for API key
mkdir -p ~/.appstoreconnect/private_keys
echo "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8
chmod 600 ~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8

# Decode base64 with better error handling
# Try different approaches to handle potential formatting issues
KEY_PATH=~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8

# Method 1: Direct echo and decode
if echo "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 -d > "$KEY_PATH" 2>/dev/null; then
echo "✅ Successfully decoded API key using base64 -d"
# Method 2: Try with --decode flag (macOS)
elif echo "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode > "$KEY_PATH" 2>/dev/null; then
echo "✅ Successfully decoded API key using base64 --decode"
# Method 3: Remove potential whitespace/newlines and try again
elif echo "$APP_STORE_CONNECT_API_KEY_BASE64" | tr -d '\n\r ' | base64 -d > "$KEY_PATH" 2>/dev/null; then
echo "✅ Successfully decoded API key after removing whitespace"
else
echo "ERROR: Failed to decode APP_STORE_CONNECT_API_KEY_BASE64"
echo "Please ensure the secret is properly base64 encoded"
exit 1
fi

# Verify the file was created and has content
if [ ! -f "$KEY_PATH" ]; then
echo "ERROR: API key file was not created"
exit 1
fi

if [ ! -s "$KEY_PATH" ]; then
echo "ERROR: API key file is empty"
exit 1
fi

# Set proper permissions
chmod 600 "$KEY_PATH"
echo "✅ API key file created successfully at $KEY_PATH"

# Set environment variables for Fastlane
echo "APP_STORE_CONNECT_API_KEY_KEY_ID=$APP_STORE_CONNECT_KEY_ID" >> $GITHUB_ENV
echo "APP_STORE_CONNECT_API_KEY_ISSUER_ID=$APP_STORE_CONNECT_ISSUER_ID" >> $GITHUB_ENV
echo "APP_STORE_CONNECT_API_KEY_KEY=~/.appstoreconnect/private_keys/AuthKey_${APP_STORE_CONNECT_KEY_ID}.p8" >> $GITHUB_ENV
echo "APP_STORE_CONNECT_API_KEY_KEY=$KEY_PATH" >> $GITHUB_ENV
Copy link

Copilot AI Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The KEY_PATH variable contains a tilde (~) which may not expand correctly when written to $GITHUB_ENV. Consider using $HOME instead of ~ or use an absolute path to ensure proper path resolution in subsequent workflow steps.

Copilot uses AI. Check for mistakes.

- name: Run Fastlane Match
env:
Expand Down
Loading