From 9aa95c4417423c12b7afdf6a527862e4b74cb291 Mon Sep 17 00:00:00 2001 From: Ionut Achim Date: Tue, 27 Feb 2024 10:23:30 +0200 Subject: [PATCH] ci: add `publish` step to check for macos certificate expiration --- .github/workflows/monokle-publish.yml | 8 +++++++ .../workflows/scripts/check-osx-cert-exp.sh | 22 +++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 .github/workflows/scripts/check-osx-cert-exp.sh diff --git a/.github/workflows/monokle-publish.yml b/.github/workflows/monokle-publish.yml index eecf325db3..6a69addf0d 100644 --- a/.github/workflows/monokle-publish.yml +++ b/.github/workflows/monokle-publish.yml @@ -36,6 +36,14 @@ jobs: run: | brew install jq + - name: Check MacOS certs expiration + run: | + ls -la + chmod +x .github/workflows/scripts/check-osx-cert-exp.sh && .github/workflows/scripts/check-osx-cert-exp.sh + env: + CERTIFICATE_OSX_APPLICATION: ${{ secrets.MONOKLE_MACOS_CERTS }} + CERTIFICATE_PASSWORD: ${{ secrets.MONOKLE_MACOS_CERTS_PASSWORD }} + - name: Add MacOS certs run: | ls -la diff --git a/.github/workflows/scripts/check-osx-cert-exp.sh b/.github/workflows/scripts/check-osx-cert-exp.sh new file mode 100644 index 0000000000..88d0f10855 --- /dev/null +++ b/.github/workflows/scripts/check-osx-cert-exp.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env sh + +KEY_CHAIN=build.keychain +CERTIFICATE_P12=certificate.p12 + +# Recreate the certificate from the secure environment variable +echo $CERTIFICATE_OSX_APPLICATION | base64 --decode > $CERTIFICATE_P12 + +# Get expiration date of the certificate +CERT_EXPIRATION_DATE=$(openssl pkcs12 -in certificate.p12 -passin pass:$CERTIFICATE_PASSWORD -nokeys | openssl x509 -noout -enddate | cut -d= -f2) +echo "Certificate expires on: $CERT_EXPIRATION_DATE" + +# Compare the expiration date with the current date +CERT_EXPIRATION_DATE=$(date -j -f "%b %d %T %Y %Z" "$CERT_EXPIRATION_DATE" +"%Y-%m-%d") +CURRENT_DATE=$(date +"%Y-%m-%d") + +if [[ "$CURRENT_DATE" > "$CERT_EXPIRATION_DATE" ]]; then + echo "The certificate has expired." + exit 1 +else + echo "The certificate is valid." +fi