Skip to content

fix: diagnose and handle various API key formats #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 23, 2025
Merged

fix: diagnose and handle various API key formats #41

merged 1 commit into from
Sep 23, 2025

Conversation

@graycreate
Copy link
Member

@graycreate graycreate commented Sep 23, 2025

Adds diagnostics to understand API key format issues and handles both base64 and raw .p8 formats

@graycreate
fix: add diagnostics and handle raw .p8 format
49d428f 
- Added detailed diagnostics to understand the secret format
- Added method 4: handle case where secret is raw .p8 content (not base64)
- Better error messages with instructions on how to fix
- Show base64 string characteristics for debugging
Copilot AI review requested due to automatic review settings September 23, 2025 11:19
@graycreate graycreate merged commit 3bfaae1 into main Sep 23, 2025
6 checks passed
@graycreate graycreate deleted the bugfix/diagnose-base64-issue branch September 23, 2025 11:20
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the GitHub Actions release workflow to better diagnose and handle different API key formats for App Store Connect authentication. It adds comprehensive debugging and multiple fallback methods to handle both base64-encoded and raw .p8 format API keys.

  • Adds diagnostic logging to check API key format and characteristics
  • Implements multiple fallback methods for decoding base64 strings with better error handling
  • Adds support for raw .p8 content as an alternative to base64-encoded keys

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

.github/workflows/release.yml
Comment on lines +147 to +149
echo "First 10 chars: $(echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | head -c 10)..."
echo "Last 10 chars: ...$(echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | tail -c 10)"
Copy link

Copilot AI Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logging partial API key content could expose sensitive information in build logs. Consider removing or masking these debug statements to prevent potential security exposure.

Suggested change
echo "First 10 chars: $(echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | head -c 10)..."
echo "Last 10 chars: ...$(echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | tail -c 10)"
# Omitted logging of first/last 10 chars to avoid exposing sensitive information

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
Comment on lines +155 to +156
# Show which characters are invalid
echo "$APP_STORE_CONNECT_API_KEY_BASE64" | sed 's/[A-Za-z0-9+/=]//g' | od -c
Copy link

Copilot AI Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This command could potentially expose parts of the API key by showing invalid characters. Consider replacing with a safer approach that doesn't process the actual secret content.

Suggested change
# Show which characters are invalid
echo "$APP_STORE_CONNECT_API_KEY_BASE64" | sed 's/[A-Za-z0-9+/=]//g' | od -c
# Report the number of invalid characters, but do not display them
INVALID_COUNT=$(echo "$APP_STORE_CONNECT_API_KEY_BASE64" | sed 's/[A-Za-z0-9+/=]//g' | wc -c)
echo "❌ String contains $INVALID_COUNT invalid character(s) (not shown for security)."

Copilot uses AI. Check for mistakes.
@github-actions
Copy link

github-actions bot commented Sep 23, 2025

Code Coverage Report ❌

Current coverage: 0%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@graycreate