GitHub上的动作:Fastlane比赛无法解密仓库

时间:2019-11-29 22:53:24

标签: github fastlane github-actions

我目前正在尝试使用GitHub Actions为我们的React Native应用设置一个基本的测试运行器。我们正在为证书和整个部署使用fastlane,因此我们也期待在GitHub Actions上使用它。 我似乎无法获得快速通道匹配来解密我们的密钥仓库。到目前为止,这是我们的GitHub工作流程:

name: Test app build

on:
  pull_request:
    branches:
      - develop
    types:
      - opened
      - reopened

jobs:
  build:
    name: Install dependencies, lint and build
    runs-on: macOS-latest
    strategy:
      matrix:
        destination: ['platform=iOS Simulator,OS=13.1,name=iPhone 8']
        xcode: ['/Applications/Xcode_11.1.app/Contents/Developer']
    steps:
      - uses: actions/checkout@v1
      - name: Install NPM packages
        run: npm install
      - name: Install pods
        run: cd ios && pod install && cd ..
      - name: Run ESLint
        run: ./node_modules/.bin/eslint --ignore-path .gitignore .
      - name: Build iOS app
        env:
          MATCH_REPO: ${{ secrets.MATCH_REPO }}
          MATCH_PASSWORD: ${{ secrets.MATCH_PASS }}
        run: cd ios && fastlane compile

一切正常,直到进入fastlane编译步骤为止。这是Fastfile中的对应通道:

lane :compile do |options|
  create_keychain(
    name: "temp",
    password: "temp",
    default_keychain: true,
    unlock: true,
    timeout: 3600,
    lock_when_sleeps: false
  )
  match(
    type: "development",
    readonly: is_ci,
    keychain_name: "temp",
    keychain_password: "temp"
  )
  gym(
    scheme: "teledoctor24",
    workspace: "teledoctor24.xcworkspace",
    include_bitcode: false,
    include_symbols: true
  )
end

和匹配文件:

git_url("[correct_git_repo]")
storage_mode("git")
type("development") # The default type, can be: appstore, adhoc, enterprise or development

app_identifier(["[bundle_identifier_here]", "[another_bundle_identifier_here]"])
username("[our_apple_id]") # Your Apple Developer Portal username
team_id("[and_team_id]")

在GitHub机密中,我使用密钥创建了相应的MATCH_PASS机密。这是我从fastlane中获得的输出:

2019-11-29T22:21:47.7610500Z [22:21:47]: [32m-------------------[0m
2019-11-29T22:21:47.7689970Z [22:21:47]: [32m--- Step: match ---[0m
2019-11-29T22:21:47.7737070Z [22:21:47]: [32m-------------------[0m
2019-11-29T22:21:48.1363230Z [22:21:48]: [32mSuccessfully loaded '/Users/runner/runners/2.161.0/work/-snip-/ios/fastlane/Matchfile' 📄[0m
2019-11-29T22:21:48.1425100Z 
2019-11-29T22:21:48.1527450Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.1610580Z |                              Detected Values from './fastlane/Matchfile'                              |
2019-11-29T22:21:48.1665820Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.1766260Z | git_url        | ***.git                        |
2019-11-29T22:21:48.6854830Z | storage_mode   | git                                                                                  |
2019-11-29T22:21:48.6855260Z | type           | development                                                                          |
2019-11-29T22:21:48.6888820Z | app_identifier | ["-snip-", "-snip-"] |
2019-11-29T22:21:48.6933090Z | username       | -snip-                                                          |
2019-11-29T22:21:48.7014240Z | team_id        | -snip-                                                                          |
2019-11-29T22:21:48.7070520Z +----------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7090450Z 
2019-11-29T22:21:48.7116850Z 
2019-11-29T22:21:48.7150930Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7154140Z |                                             [32mSummary for match 2.136.0[0m                                             |
2019-11-29T22:21:48.7155200Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7155770Z | type                       | development                                                                          |
2019-11-29T22:21:48.7156270Z | readonly                   | true                                                                                 |
2019-11-29T22:21:48.7156810Z | keychain_name              | temp                                                                                 |
2019-11-29T22:21:48.7157930Z | keychain_password          | ********                                                                             |
2019-11-29T22:21:48.7158420Z | generate_apple_certs       | true                                                                                 |
2019-11-29T22:21:48.7158900Z | skip_provisioning_profiles | false                                                                                |
2019-11-29T22:21:48.7159380Z | app_identifier             | ["-snip-", "-snip-"] |
2019-11-29T22:21:48.7160310Z | username                   | -snip-                                                               |
2019-11-29T22:21:48.7160870Z | team_id                    | -snip-                                                                      |
2019-11-29T22:21:48.7161360Z | storage_mode               | git                                                                                  |
2019-11-29T22:21:48.7192360Z | git_url                    | ***.git                        |
2019-11-29T22:21:48.7293660Z | git_branch                 | master                                                                               |
2019-11-29T22:21:48.7360410Z | shallow_clone              | false                                                                                |
2019-11-29T22:21:48.7440240Z | clone_branch_directly      | false                                                                                |
2019-11-29T22:21:48.7477690Z | force                      | false                                                                                |
2019-11-29T22:21:48.7616380Z | force_for_new_devices      | false                                                                                |
2019-11-29T22:21:48.7738290Z | skip_confirmation          | false                                                                                |
2019-11-29T22:21:48.7801240Z | skip_docs                  | false                                                                                |
2019-11-29T22:21:48.7831490Z | platform                   | ios                                                                                  |
2019-11-29T22:21:48.7838660Z | verbose                    | false                                                                                |
2019-11-29T22:21:48.7871780Z +----------------------------+--------------------------------------------------------------------------------------+
2019-11-29T22:21:48.7928100Z [31m
2019-11-29T22:21:48.7928210Z 
2019-11-29T22:21:48.7964740Z [!] Error cloning certificates git repo, please make sure you have access to the repository - see instructions above[0m
2019-11-29T22:21:48.7965000Z [22:21:48]: Cloning remote git repo...
2019-11-29T22:21:48.8016850Z [22:21:48]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
2019-11-29T22:21:48.8048690Z Cloning into '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/d20191129-2206-1hk3yku'...
2019-11-29T22:21:48.8120130Z fatal: could not read Username for 'https://github.com': terminal prompts disabled
2019-11-29T22:21:48.8180330Z [22:21:48]: [31mExit status: 128[0m
2019-11-29T22:21:48.8223350Z [22:21:48]: [31mError cloning certificates repo, please make sure you have read access to the repository you want to use[0m
2019-11-29T22:21:48.8290970Z [22:21:48]: [31mRun the following command manually to make sure you're properly authenticated:[0m
2019-11-29T22:21:48.8333210Z [22:21:48]: [36m$ git clone ***.git /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/d20191129-2206-1hk3yku[0m

该通道在已设置匹配项的本地计算机上运行良好。 有什么想法吗?

1 个答案:

答案 0 :(得分:0)

Github操作只能访问当前存储库。如果尝试结帐其他帐户,则需要指定personal access token

这很可能在这里不可能。

相反,您可以尝试启动ssh-agent:

对于以下示例,密码的名称应为SSH_PRIVATE_KEY。然后,查看以下工作流程定义:

# .github/workflows/my-workflow.yml
# ... other config here
jobs:
    build:
        runs-on: ubuntu-18.04
        steps:
            -   uses: actions/checkout@v1
            -   name: Setup SSH Keys and known_hosts
                env:
                    SSH_AUTH_SOCK: /tmp/ssh_agent.sock
                run: |
                    mkdir -p ~/.ssh
                    ssh-keyscan github.com >> ~/.ssh/known_hosts
                    ssh-agent -a $SSH_AUTH_SOCK > /dev/null
                    ssh-add - <<< " $"
            -   name: Run fastlane
                env:
                    SSH_AUTH_SOCK: /tmp/ssh_agent.sock
                run: ...

此示例来自here。他们还发布了Github Action