Avoid Github PAT ending up in apps

DefinedNet · Jan 31, 2024 · 492ff35 · 492ff35
1 parent 91cca0e
commit 492ff35
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -37,11 +37,6 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
 
-      - name: Configure git for private modules
-        env:
-          TOKEN: ${{ secrets.MACHINE_USER_PAT }}
-        run: git config --global url."https://defined-machine:${TOKEN}@github.com".insteadOf "https://github.com"
-
       - name: Install the appstore connect key material
         env:
           AC_API_KEY_SECRET_BASE64: ${{ secrets.AC_API_KEY_SECRET_BASE64 }}
@@ -63,6 +58,12 @@ jobs:
           echo "GOOGLE_PLAY_KEYSTORE_PATH=$GOOGLE_PLAY_KEYSTORE_PATH" >> $GITHUB_ENV
           echo -n "$GOOGLE_PLAY_KEYSTORE_BASE64" | base64 --decode --output "$GOOGLE_PLAY_KEYSTORE_PATH"
 
+      - name: Place Github token for fastlane match
+        env:
+          TOKEN: ${{ secrets.MACHINE_USER_PAT }}
+        run:
+          echo "MATCH_GIT_BASIC_AUTHORIZATION=$(echo -n "defined-machine:${TOKEN}" | base64)" >> $GITHUB_ENV
+
       - name: Get build name and number, install dependencies
         env:
           TOKEN: ${{ secrets.MACHINE_USER_PAT }}
@@ -96,7 +97,7 @@ jobs:
           cp ios/MobileNebula.ipa build/app/test-ios
           cd build/app/test-ios
           unzip MobileNebula.ipa
-          find . | xargs strings &>/dev/null | grep -F "${TOKEN}" &>/dev/null && { echo "Token found in iOS build!" ; exit 0 }
+          find . | xargs strings &>/dev/null | grep -F "${TOKEN}" &>/dev/null && { echo "Token found in iOS build!" ; exit 1 }
 
       - name: Collect iOS artifacts
         uses: actions/upload-artifact@v3