Exact same workflow fails with PR event as opposed to push event/manual run

Works locally no problem.
I have had zero issues with BitRise until I started to use the Pull Request workflow. I have a branch that is set up to kick off a workflow called “regressionTests” for PRs. Fastlane match will fail during this step for the PR event but works fine when there is a push / starting a job manually.

The bitrise.yml file is exactly the same between the two jobs, the branch is the same, the only difference I can think of is something in the machine setup that is disallowing keychain access:
PR (failing) job: https://www.bitrise.io/build/7f8a8a330a1a0983
Push (working) job: https://www.bitrise.io/build/4880c407cd7b2fb4

The error is occurring during the fastlane match step. This step does not ever fail in my other “jobs”, using the exact same environment variables.

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
[17:36:24]: No password found neither in environment nor in local keychain. Bailing out as in non interactive mode.
[17:36:24]: Couldn’t decrypt the repo, please make sure you enter the right password!

Seems to just not be pulling in the environment variable (secret variable) set for the match password properly.

1 Like

This is noted/highlighted with the orange text on Secret Env Vars, that those variable are not available for Pull Request builds, due to security concerns.

If you need a variable to be available for every build you should use App Env Vars instead of Secrets.

1 Like

Ah. For some reason the orange background made my eyes skip OVER the text instead of being drawn to it. Haha. Thanks for the info @viktorbenei. Since the pushes can still use fastlane match, I’ve switched the tests (PR flow) to use Bitrise’s built in certificate / profile installer. Seems to be going okay, other than the fact that I would have to update the cert manually whenever it is changed.


1 Like

Yeah, that’s true. We have a couple of ideas to help with this, but if you have any, feel free to share it with us (preferably in a new discussion ;))

Also, we had a small change so now you can decide of which secret you would like to expose or not in a PR.