Exact same workflow fails with PR event as opposed to push event/manual run

juliancmg · May 3, 2017, 12:58am

Works locally no problem.
I have had zero issues with BitRise until I started to use the Pull Request workflow. I have a branch that is set up to kick off a workflow called “regressionTests” for PRs. Fastlane match will fail during this step for the PR event but works fine when there is a push / starting a job manually.

The bitrise.yml file is exactly the same between the two jobs, the branch is the same, the only difference I can think of is something in the machine setup that is disallowing keychain access:
PR (failing) job: https://www.bitrise.io/build/7f8a8a330a1a0983
Push (working) job: https://www.bitrise.io/build/4880c407cd7b2fb4

The error is occurring during the fastlane match step. This step does not ever fail in my other “jobs”, using the exact same environment variables.

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
[17:36:24]: No password found neither in environment nor in local keychain. Bailing out as in non interactive mode.
[17:36:24]: Couldn’t decrypt the repo, please make sure you enter the right password!

juliancmg · May 3, 2017, 1:03am

Seems to just not be pulling in the environment variable (secret variable) set for the match password properly.

viktorbenei · May 3, 2017, 7:48am

This is noted/highlighted with the orange text on Secret Env Vars, that those variable are not available for Pull Request builds, due to security concerns.

If you need a variable to be available for every build you should use App Env Vars instead of Secrets.

juliancmg · May 3, 2017, 5:03pm

Ah. For some reason the orange background made my eyes skip OVER the text instead of being drawn to it. Haha. Thanks for the info @viktorbenei. Since the pushes can still use fastlane match, I’ve switched the tests (PR flow) to use Bitrise’s built in certificate / profile installer. Seems to be going okay, other than the fact that I would have to update the cert manually whenever it is changed.

Thanks!

viktorbenei · May 4, 2017, 11:02am

Yeah, that’s true. We have a couple of ideas to help with this, but if you have any, feel free to share it with us (preferably in a new discussion ;))

tamaspapik · March 1, 2018, 8:25am

Also, we had a small change so now you can decide of which secret you would like to expose or not in a PR.
45%20AM

Topic		Replies	Views
TestFairy key with secret Issues step , ios	12	1289	May 3, 2018
${BITRISE_GIT_BRANCH} not working Builds	6	1896	June 16, 2021
Secrets not populating when running bitrise locally & deploy path not working Question & Answer ios	3	807	August 11, 2021
Fastlane Step result Question & Answer step , fastlane	3	632	January 13, 2017
Accessing the Pull Request URL within a workflow step Released step , build-config	7	1923	March 27, 2021

Exact same workflow fails with PR event as opposed to push event/manual run

Related Topics