harcoding paths and cert names

alirana01 · alirana01 · commit d689d1a39ed2 · 2025-10-16T14:07:39.000+02:00
diff --git a/.github/workflows/ci_release.yml b/.github/workflows/ci_release.yml
@@ -166,24 +166,32 @@ jobs:
           [IO.File]::WriteAllBytes("signing.jks",[Convert]::FromBase64String($env:JKS_B64))
           if (-not (Test-Path "$PWD\signing.jks")) { throw "signing.jks not created" }
 
-      - name: Verify JKS contains a PrivateKeyEntry
+      - name: Verify JKS contains a PrivateKeyEntry (robust)
         shell: pwsh
         run: |
          if (-not $env:ALIAS) { throw "ALIAS secret is empty. It must point to the PrivateKeyEntry alias." }
-         $out = & "${env:JAVA_HOME}\bin\keytool.exe" -list -v -keystore signing.jks -storepass $env:JKS_PASS
-         # Show the entry for the alias (log masking will hide secrets)
-         Write-Host $out | Select-String -Pattern "Alias name: $env:ALIAS" -Context 0,8
-         # Hard-check the entry type for the alias
-         $aliasBlock = ($out -split "Alias name:") | Where-Object { $_ -match "^\s*$($env:ALIAS)\b" }
-         if (-not $aliasBlock) { throw "Alias '$env:ALIAS' not found in signing.jks" }
-         if ($aliasBlock -notmatch "Entry type:\s*PrivateKeyEntry") {
-           throw "Alias '$env:ALIAS' is not a PrivateKeyEntry (likely a trustedCertEntry). cannot export a private key from this JKS."
+         # Ask keytool for JUST this alias to avoid secret-masking & parsing issues
+         $out = & "${env:JAVA_HOME}\bin\keytool.exe" -list -v `
+          -keystore "$PWD\signing.jks" `
+          -storepass $env:JKS_PASS `
+          -alias $env:ALIAS 2>&1
+
+         if ($LASTEXITCODE -ne 0) {
+          Write-Host $out
+         throw "Alias '$($env:ALIAS)' not found in keystore (or wrong store password)."
+         }
+
+         # Print a small excerpt for debugging
+         ($out -split "`n") | Select-String -Pattern 'Alias name:|Entry type:|Certificate chain length' | ForEach-Object { $_.Line } | Write-Host
+
+         if ($out -notmatch 'Entry type:\s*PrivateKeyEntry') {
+          throw "Alias '$($env:ALIAS)' is not a PrivateKeyEntry (likely a trustedCertEntry)."
          }
 
       - name: Convert JKS to PFX
         shell: pwsh
         run: |
-         & "${env:JAVA_HOME}\bin\keytool.exe" -importkeystore `
+          & "${env:JAVA_HOME}\bin\keytool.exe" -importkeystore `
           -srckeystore "$PWD\signing.jks" `
           -srcstorepass $env:JKS_PASS `
           -srcalias $env:ALIAS `
@@ -192,7 +200,7 @@ jobs:
           -deststoretype PKCS12 `
           -deststorepass $env:PFX_PASS `
           -destkeypass $env:PFX_PASS
-         if (-not (Test-Path "$PWD\cert.pfx")) { throw "cert.pfx not created" }
+          if (-not (Test-Path "$PWD\cert.pfx")) { throw "cert.pfx not created" }
 
       - name: Prove PFX has a private key (fail fast)
         shell: pwsh
