Skip to content

Commit d689d1a

Browse files
committed
harcoding paths and cert names
1 parent 9f836e6 commit d689d1a

File tree

1 file changed

+19
-11
lines changed

1 file changed

+19
-11
lines changed

.github/workflows/ci_release.yml

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -166,24 +166,32 @@ jobs:
166166
[IO.File]::WriteAllBytes("signing.jks",[Convert]::FromBase64String($env:JKS_B64))
167167
if (-not (Test-Path "$PWD\signing.jks")) { throw "signing.jks not created" }
168168
169-
- name: Verify JKS contains a PrivateKeyEntry
169+
- name: Verify JKS contains a PrivateKeyEntry (robust)
170170
shell: pwsh
171171
run: |
172172
if (-not $env:ALIAS) { throw "ALIAS secret is empty. It must point to the PrivateKeyEntry alias." }
173-
$out = & "${env:JAVA_HOME}\bin\keytool.exe" -list -v -keystore signing.jks -storepass $env:JKS_PASS
174-
# Show the entry for the alias (log masking will hide secrets)
175-
Write-Host $out | Select-String -Pattern "Alias name: $env:ALIAS" -Context 0,8
176-
# Hard-check the entry type for the alias
177-
$aliasBlock = ($out -split "Alias name:") | Where-Object { $_ -match "^\s*$($env:ALIAS)\b" }
178-
if (-not $aliasBlock) { throw "Alias '$env:ALIAS' not found in signing.jks" }
179-
if ($aliasBlock -notmatch "Entry type:\s*PrivateKeyEntry") {
180-
throw "Alias '$env:ALIAS' is not a PrivateKeyEntry (likely a trustedCertEntry). cannot export a private key from this JKS."
173+
# Ask keytool for JUST this alias to avoid secret-masking & parsing issues
174+
$out = & "${env:JAVA_HOME}\bin\keytool.exe" -list -v `
175+
-keystore "$PWD\signing.jks" `
176+
-storepass $env:JKS_PASS `
177+
-alias $env:ALIAS 2>&1
178+
179+
if ($LASTEXITCODE -ne 0) {
180+
Write-Host $out
181+
throw "Alias '$($env:ALIAS)' not found in keystore (or wrong store password)."
182+
}
183+
184+
# Print a small excerpt for debugging
185+
($out -split "`n") | Select-String -Pattern 'Alias name:|Entry type:|Certificate chain length' | ForEach-Object { $_.Line } | Write-Host
186+
187+
if ($out -notmatch 'Entry type:\s*PrivateKeyEntry') {
188+
throw "Alias '$($env:ALIAS)' is not a PrivateKeyEntry (likely a trustedCertEntry)."
181189
}
182190
183191
- name: Convert JKS to PFX
184192
shell: pwsh
185193
run: |
186-
& "${env:JAVA_HOME}\bin\keytool.exe" -importkeystore `
194+
& "${env:JAVA_HOME}\bin\keytool.exe" -importkeystore `
187195
-srckeystore "$PWD\signing.jks" `
188196
-srcstorepass $env:JKS_PASS `
189197
-srcalias $env:ALIAS `
@@ -192,7 +200,7 @@ jobs:
192200
-deststoretype PKCS12 `
193201
-deststorepass $env:PFX_PASS `
194202
-destkeypass $env:PFX_PASS
195-
if (-not (Test-Path "$PWD\cert.pfx")) { throw "cert.pfx not created" }
203+
if (-not (Test-Path "$PWD\cert.pfx")) { throw "cert.pfx not created" }
196204
197205
- name: Prove PFX has a private key (fail fast)
198206
shell: pwsh

0 commit comments

Comments
 (0)