Passing secrets - certificate gets 0 bytes

I’m trying to codesign a Mac app, and I’ve been following the GitHub guide.

The problem is that my repository secret BUILD_CERTIFICATE_BASE64 is somehow not getting to base64 to decode the certificate.

    - name: Install the Apple certificate
      # From GitHub docs:
      if: runner.os == 'macOS'
      run: |
        # import certificate and provisioning profile from secrets
        echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
        # check that it was created properly
        ls -l $CERTIFICATE_PATH

This returns a zero-byte at $CERTIFICATE_PATH

I’ve tried a few things, but I can’t figure out why the secret seems empty. I even used gh CLI to re-import the base64 certificate.

Any ideas? Thanks in advance!

I also just tried sending echo -n "$BUILD_CERTIFICATE_BASE64" >cert.tmp and that’s empty too.

In short, somehow my BUILD_CERTIFICATE_BASE64 variable is empty, despite running:

gh secret set BUILD_CERTIFICATE_BASE64 <cert.base64

And I can see BUILD_CERTIFICATE_BASE64 in the repository secrets list:

gh secret list 
BUILD_CERTIFICATE_BASE64  Updated 2022-05-13

Never mind… I realized that I’m submitting a pull request from my fork, and the secrets aren’t imported to a fork.


Let me see if I can add the secrets to my fork - presumably that should work.