Use ASC API key env vars instead of JSON key#25692
Merged
mokagio merged 1 commit intoJun 24, 2026
Merged
Conversation
This matches the newer Automattic fastlane pattern and removes the decrypted JSON key from `.configure`. fastlane's `app_store_connect_api_key` action reads `APP_STORE_CONNECT_API_KEY_*` directly, so release automation no longer depends on the encrypted ASC JSON payload. --- Generated with the help of Codex, https://chatgpt.com/codex Co-Authored-By: Codex GPT-5 <noreply@openai.com>
415680c to
3ee8d30
Compare
mokagio
commented
Jun 24, 2026
Comment on lines
124
to
139
| @@ -140,7 +134,7 @@ def update_code_signing_enterprise(readonly:, app_identifiers:) | |||
| team_id: get_required_env('INT_EXPORT_TEAM_ID'), | |||
| readonly: readonly, | |||
| app_identifiers: app_identifiers, | |||
| api_key_path: api_key_path | |||
| api_key: nil | |||
| ) | |||
| end | |||
Contributor
Author
There was a problem hiding this comment.
This makes me realize that it's time to update the various lanes that generate Enterprise certificates and profiles to use app_store_connect_api_key(in_house: true). However, that's not as simple as it sound because it will require updating the logic to look for dedicated env vars, as the Enterprise key is different from the App Store Connect one.
More details in https://linear.app/a8c/issue/AINFRA-2023
Contributor
|
| App Name | WordPress | |
| Configuration | Release-Alpha | |
| Build Number | 32781 | |
| Version | PR #25692 | |
| Bundle ID | org.wordpress.alpha | |
| Commit | 3ee8d30 | |
| Installation URL | 6bhtbmusqlgd8 |
Contributor
|
| App Name | Jetpack | |
| Configuration | Release-Alpha | |
| Build Number | 32781 | |
| Version | PR #25692 | |
| Bundle ID | com.jetpack.alpha | |
| Commit | 3ee8d30 | |
| Installation URL | 0qg7tm6j2js70 |
jkmassel
approved these changes
Jun 24, 2026
jkmassel
left a comment
Contributor
There was a problem hiding this comment.
I can confirm that these keys exist in the CI environment, so we should be good to go here
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.


See https://linear.app/a8c/issue/AINFRA-230
This matches the newer Automattic fastlane pattern and removes the decrypted JSON key from
.configure.Generated with the help of Codex, https://chatgpt.com/codex