import-codesign-certs icon indicating copy to clipboard operation
import-codesign-certs copied to clipboard

Published 20 hours ago verified publisher icon Apple-Actions

A keychain with the same name already exists. On second run

Open SoylentGraham opened this issue 4 years ago • 8 comments

I finally got this working (turns out my organisation secret doesn't propogate to my private repository)

On the second run, I get this error security: SecKeychainCreate signing_temp.keychain: A keychain with the same name already exists.

At first, I had this on another repository so I called it signing_temp2.keychain, but that also errors the second time.

Am I doing something wrong? Should it error just because it already exists? (same cert/credentials etc)

SoylentGraham avatar Jul 04 '20 00:07 SoylentGraham

This seems like a problem... I would expect the keychain to be cleared after the action finishes.

b-zurg avatar Jul 14 '20 15:07 b-zurg

@SoylentGraham are you using a self-hosted agent? Or are you executing the action multiple times in a workflow?

There should be no retained state on GitHub hosted agents.

orj avatar Aug 06 '20 07:08 orj

@b-zurg The keychain needs to be retained for the entire job not just the action. As Xcode needs to access the keychain.

orj avatar Aug 06 '20 07:08 orj

Yeah, self hosted

On Thu, 6 Aug 2020 at 8:20 am, Oliver Jones [email protected] wrote:

@SoylentGraham https://github.com/SoylentGraham are you using a self-hosted agent? Or are you executing the action multiple times in a workflow?

There should be no retained state on GitHub hosted agents.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/Apple-Actions/import-codesign-certs/issues/8#issuecomment-669754750, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQVIBK27ARD7GHYWIH4KEDR7JKS5ANCNFSM4OQEK2UA .

--

  • Graham Reeves
  • http://www.grahamreeves.com/

SoylentGraham avatar Aug 06 '20 07:08 SoylentGraham

@SoylentGraham did you find any workaround ? I have the same issue here on self-hosted

juliensechaud avatar Sep 14 '20 11:09 juliensechaud

I have the same problem on github action.

Anyone found a solution?

paulocoutinhox avatar Feb 20 '21 01:02 paulocoutinhox

This fork will do a proper post-cleanup: https://github.com/figleafteam/import-codesign-certs

paresy avatar May 16 '21 06:05 paresy

For self-hosted hosts, you can manually clean the keychain after using it. Here's an example snippet:

jobs:
  build:
    env:
      # Unique keychain name so concurrent jobs don't get confused
      KEYCHAIN: job-${{ github.job }}-${{ github.run_id	}}-${{ github.run_number }}-${{ github.run_attempt }}
    steps:
      - uses: apple-actions/import-codesign-certs@v1
        with:
          keychain: ${{ env.KEYCHAIN }}
          p12-file-base64: ${{ secrets.CERTIFICATE_P12_B64 }}
          p12-password: ${{ secrets.CERTIFICATE_PASSPHRASE }}

      - name: Delete keychain
        if: always() # Always run this step to ensure the keychain is properly disposed of
        run: |
          security delete-keychain "${{ env.KEYCHAIN }}".keychain

alexkirsz avatar Jan 12 '22 17:01 alexkirsz