[GH-ISSUE #7] GitHub Actions CI troubleshooting

kerem commented

2026-03-04 00:22:55 +03:00

Owner

Originally created by @sourcelocation on GitHub (Mar 3, 2021).
Original GitHub issue: https://github.com/SignTools/SignTools/issues/7

Hi again. I have another issue where GitHub Actions cannot sign my .iPA file. It says

/Users/runner/work/_temp/39df6836-3324-44f5-8d3f-c6d7d3fbe509.sh: line 1: ./sign.sh: No such file or directory
Error: Process completed with exit code 1."

Here's the screenshot:
Screenshot 2021-03-03 at 21 17 17
Also, sorry for asking too much help. I love your project.

Originally created by @sourcelocation on GitHub (Mar 3, 2021). Original GitHub issue: https://github.com/SignTools/SignTools/issues/7 Hi again. I have another issue where GitHub Actions cannot sign my .iPA file. It says ``` /Users/runner/work/_temp/39df6836-3324-44f5-8d3f-c6d7d3fbe509.sh: line 1: ./sign.sh: No such file or directory Error: Process completed with exit code 1." ``` Here's the screenshot: <img width="1076" alt="Screenshot 2021-03-03 at 21 17 17" src="https://user-images.githubusercontent.com/52459150/109852479-ddd1fe00-7c65-11eb-80ed-afa901e1d42f.png"> Also, sorry for asking too much help. I love your project.

kerem closed this issue

2026-03-04 00:22:57 +03:00

kerem commented

2026-03-04 00:23:01 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

Oh, I know exactly what this is, an oversight after I made some changes. I will fix it in a second and let you know.

@ViRb3 commented on GitHub (Mar 3, 2021): Oh, I know exactly what this is, an oversight after I made some changes. I will fix it in a second and let you know.

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

I pushed the fix, please update your fork and try again. Let me know how it goes.

@ViRb3 commented on GitHub (Mar 3, 2021): I pushed the fix, please update your fork and try again. Let me know how it goes.

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Thanks, it worked. But now I have another similar issue:

Run ./sign.sh
Obtaining files...
cat: pass.txt: No such file or directory
Error: Process completed with exit code 1.

Did I do something wrong?

@sourcelocation commented on GitHub (Mar 3, 2021): Thanks, it worked. But now I have another similar issue: ``` Run ./sign.sh Obtaining files... cat: pass.txt: No such file or directory Error: Process completed with exit code 1. ``` Did I do something wrong?

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

This means that the builder could not properly download a job from your server. I pushed another update to the CI repo that will print the error instead of swallowing it. Please update, try again, and share the error here.

@ViRb3 commented on GitHub (Mar 3, 2021): This means that the builder could not properly download a job from your server. I pushed another update to the CI repo that will print the error instead of swallowing it. Please update, try again, and share the error here.

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Here is the log.
Screenshot 2021-03-03 at 21 48 55

@sourcelocation commented on GitHub (Mar 3, 2021): Here is the log. <img width="372" alt="Screenshot 2021-03-03 at 21 48 55" src="https://user-images.githubusercontent.com/52459150/109856191-43c08480-7c6a-11eb-8451-367810992a4d.png">

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

This looks like a different error from the one above. Here it fails during the signing process. To debug this, go into the sign.sh file in your CI repo and just below the Signing... line, change:

./xresign.sh -i unsigned.ipa -c "$IDENTITY" -p "prov.mobileprovision" $SIGN_ARGS > /dev/null 2>&1

to:

./xresign.sh -i unsigned.ipa -c "$IDENTITY" -p "prov.mobileprovision" $SIGN_ARGS

(remove the output suppression)

I added that so it doesn't leak potentially private information about the app you're signing. Feel free to share the error here if you can't figure it out.

@ViRb3 commented on GitHub (Mar 3, 2021): This looks like a different error from the one above. Here it fails during the signing process. To debug this, go into the `sign.sh` file in your CI repo and just below the `Signing...` line, change: ```bash ./xresign.sh -i unsigned.ipa -c "$IDENTITY" -p "prov.mobileprovision" $SIGN_ARGS > /dev/null 2>&1 ``` to: ```bash ./xresign.sh -i unsigned.ipa -c "$IDENTITY" -p "prov.mobileprovision" $SIGN_ARGS ``` (remove the output suppression) I added that so it doesn't leak potentially private information about the app you're signing. Feel free to share the error here if you can't figure it out.

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

@sourcelocation commented on GitHub (Mar 3, 2021): <img width="478" alt="Screenshot 2021-03-03 at 21 59 40" src="https://user-images.githubusercontent.com/52459150/109857458-c3028800-7c6b-11eb-8364-87ada8c08b53.png">

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

Very weird. From https://github.com/SignTools/XReSign/blob/master/XReSign/Scripts/xresign.sh:

if [ -z "$SOURCEIPA" ] || [ -z "$DEVELOPER" ]; then
    echo "$usage" >&2
    exit 1
fi

This is the error that it's hitting. It means that either the "-c" or "-i" argument is empty. How are you running the workflow? It's being triggered by the service when you upload an app, correct?

@ViRb3 commented on GitHub (Mar 3, 2021): Very weird. From https://github.com/SignTools/XReSign/blob/master/XReSign/Scripts/xresign.sh: ```bash if [ -z "$SOURCEIPA" ] || [ -z "$DEVELOPER" ]; then echo "$usage" >&2 exit 1 fi ``` This is the error that it's hitting. It means that either the "-c" or "-i" argument is empty. How are you running the workflow? It's being triggered by the service when you upload an app, correct?

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Right

@sourcelocation commented on GitHub (Mar 3, 2021): Right

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

So "-i" can't be empty as we're setting it to "unsigned.ipa". This only leaves "-c" being empty. That comes from here in sign.sh:

IDENTITY=$(security find-identity -p appleID -v |  grep -o '".*"' | cut -d '"' -f 2)

I suppose this command doesn't successfully obtain the certificate common name. Maybe the certificate isn't being properly imported?

In this line:

security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "1234" > /dev/null 2>&1

can you remove the output suppression bit again (> /dev/null 2>&1), and see what it says?
Could you also add a line echo $IDENTITY after the IDENTITY=... line, and see if it prints anything?

@ViRb3 commented on GitHub (Mar 3, 2021): So "-i" can't be empty as we're setting it to "unsigned.ipa". This only leaves "-c" being empty. That comes from here in `sign.sh`: ```bash IDENTITY=$(security find-identity -p appleID -v | grep -o '".*"' | cut -d '"' -f 2) ``` I suppose this command doesn't successfully obtain the certificate common name. Maybe the certificate isn't being properly imported? In this line: ```bash security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "1234" > /dev/null 2>&1 ``` can you remove the output suppression bit again (`> /dev/null 2>&1`), and see what it says? Could you also add a line `echo $IDENTITY` after the `IDENTITY=...` line, and see if it prints anything?

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Sure, give me just a second 👍🏻

@sourcelocation commented on GitHub (Mar 3, 2021): Sure, give me just a second 👍🏻

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

Am I right to understand that echo $IDENTITY printed nothing, so the common name reading failed?

@ViRb3 commented on GitHub (Mar 3, 2021): Am I right to understand that `echo $IDENTITY` printed nothing, so the common name reading failed?

kerem commented

2026-03-04 00:23:02 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Oh wait, forgot to add it. Will upload another iPA right now...

@sourcelocation commented on GitHub (Mar 3, 2021): Oh wait, forgot to add it. Will upload another iPA right now...

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

I deleted your logs to preserve any private information that could have been in them.

I suppose the print statement was in line 105, which is empty. That confirms my theory. The question now is, did you export an incorrect certificate, or is my command not working correctly? This is the line that fails:

IDENTITY=$(security find-identity -p appleID -v |  grep -o '".*"' | cut -d '"' -f 2)

Do you have any ideas? Can you try this on your Mac:

security find-identity -p appleID -v

Does it return anything?

@ViRb3 commented on GitHub (Mar 3, 2021): I deleted your logs to preserve any private information that could have been in them. I suppose the print statement was in line 105, which is empty. That confirms my theory. The question now is, did you export an incorrect certificate, or is my command not working correctly? This is the line that fails: ```bash IDENTITY=$(security find-identity -p appleID -v | grep -o '".*"' | cut -d '"' -f 2) ``` Do you have any ideas? Can you try this on your Mac: ```bash security find-identity -p appleID -v ``` Does it return anything?

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Thank you for the reply! Yes, it returns. Here's the output:

1.2.8*******
  1) ******* "Apple Development: ******* (*******QBY)" (Missing required extension)
  2) ******* "Apple Distribution: ******* (*******7W2)" (Missing required extension)
  3) ******* "localhost" (CSSMERR_TP_NOT_TRUSTED)
  4) *******04ABC "Developer ID Application: ******* (*******X27W2)" (Missing required extension)
  5) *******F90DD0ECB "iPhone Developer: ******* (MN6F3NJQBY)" (Missing required extension)
     5 valid identities found

(Relaced some parts with *******)

@sourcelocation commented on GitHub (Mar 3, 2021): Thank you for the reply! Yes, it returns. Here's the output: ``` 1.2.8******* 1) ******* "Apple Development: ******* (*******QBY)" (Missing required extension) 2) ******* "Apple Distribution: ******* (*******7W2)" (Missing required extension) 3) ******* "localhost" (CSSMERR_TP_NOT_TRUSTED) 4) *******04ABC "Developer ID Application: ******* (*******X27W2)" (Missing required extension) 5) *******F90DD0ECB "iPhone Developer: ******* (MN6F3NJQBY)" (Missing required extension) 5 valid identities found ``` (Relaced some parts with *******)

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

Can you run the same command on the CI? Meanwhile I will see what possible commands for -p there are, and we can see which one returns your certificate.

@ViRb3 commented on GitHub (Mar 3, 2021): Can you run the same command on the CI? Meanwhile I will see what possible commands for `-p` there are, and we can see which one returns your certificate.

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

Also, is this the right certificate I need to export?
Screenshot 2021-03-03 at 22 31 15

@sourcelocation commented on GitHub (Mar 3, 2021): Also, is this the right certificate I need to export? <img width="273" alt="Screenshot 2021-03-03 at 22 31 15" src="https://user-images.githubusercontent.com/52459150/109861266-2c849580-7c70-11eb-889c-131ed2d4ec92.png">

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

You need the one in the middle, not the key icon, but the certificate icon.

EDIT: That doesn't let you export it in .p12 format. If I remember correctly, .p12 was an archive of multiple signing objects, namely a certificate and a key. So what you did before was you exported just the key without the certificate, which is why the CI failed. You'll need to export the whole signing identity as a single .p12 file. I will look into this and let you know in a bit.

@ViRb3 commented on GitHub (Mar 3, 2021): You need the one in the middle, not the key icon, but the certificate icon. EDIT: That doesn't let you export it in .p12 format. If I remember correctly, .p12 was an archive of multiple signing objects, namely a certificate and a key. So what you did before was you exported just the key without the certificate, which is why the CI failed. You'll need to export the whole signing identity as a single .p12 file. I will look into this and let you know in a bit.

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@sourcelocation commented on GitHub (Mar 3, 2021):

But when I try to export the certificate, Keychain does not allow me to export it in .p12.
Screenshot 2021-03-03 at 22 49 31
EDIT: Right

@sourcelocation commented on GitHub (Mar 3, 2021): But when I try to export the certificate, Keychain does not allow me to export it in .p12. <img width="316" alt="Screenshot 2021-03-03 at 22 49 31" src="https://user-images.githubusercontent.com/52459150/109863468-b9305300-7c72-11eb-9a52-2bd134745c9c.png"> EDIT: Right

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

Check the edit above. Do you have a Discord or Telegram where I could contact you to troubleshoot this faster?

@ViRb3 commented on GitHub (Mar 3, 2021): Check the edit above. Do you have a Discord or Telegram where I could contact you to troubleshoot this faster?

kerem commented

2026-03-04 00:23:03 +03:00

Author

Owner

@ViRb3 commented on GitHub (Mar 3, 2021):

I deleted your comment again to preserve your account names.

As we discussed over chat, the problem was the way the certificate was exported. You want to select both the signing key and the certificate, and export them as one single .p12 file. Failing this you end up with incomplete information to achieve signing. I will reflect this in the documentation. Either way, as we verified over chat, you got the CI to work, so I am closing this now.

@ViRb3 commented on GitHub (Mar 3, 2021): I deleted your comment again to preserve your account names. As we discussed over chat, the problem was the way the certificate was exported. You want to select *both* the signing key *and* the certificate, and export them as one single .p12 file. Failing this you end up with incomplete information to achieve signing. I will reflect this in the documentation. Either way, as we verified over chat, you got the CI to work, so I am closing this now.

kerem referenced this issue

2026-03-04 00:24:16 +03:00

[PR #3] [MERGED] fix(deps): bump alpine from 3.13.1 to 3.13.2 #125

Rows
Columns

[GH-ISSUE #7] GitHub Actions CI troubleshooting #3