Skip to content

Use ASC API key env vars instead of JSON key#25692

Merged
mokagio merged 1 commit into
trunkfrom
ainfra-230-use-env-var-instead-of-encrypted-json-for-asc-api-key-in-wjr
Jun 24, 2026
Merged

Use ASC API key env vars instead of JSON key#25692
mokagio merged 1 commit into
trunkfrom
ainfra-230-use-env-var-instead-of-encrypted-json-for-asc-api-key-in-wjr

Conversation

@mokagio

@mokagio mokagio commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

See https://linear.app/a8c/issue/AINFRA-230

This matches the newer Automattic fastlane pattern and removes the decrypted JSON key from .configure.


Generated with the help of Codex, https://chatgpt.com/codex

This matches the newer Automattic fastlane pattern and removes the decrypted JSON key from `.configure`.
fastlane's `app_store_connect_api_key` action reads `APP_STORE_CONNECT_API_KEY_*` directly, so release automation no longer depends on the encrypted ASC JSON payload.

---

Generated with the help of Codex, https://chatgpt.com/codex

Co-Authored-By: Codex GPT-5 <noreply@openai.com>
@mokagio mokagio marked this pull request as ready for review June 24, 2026 04:10
@mokagio mokagio requested a review from a team as a code owner June 24, 2026 04:10
Copilot AI review requested due to automatic review settings June 24, 2026 04:10
@mokagio mokagio force-pushed the ainfra-230-use-env-var-instead-of-encrypted-json-for-asc-api-key-in-wjr branch from 415680c to 3ee8d30 Compare June 24, 2026 04:10
@mokagio mokagio added this to the 27.2 milestone Jun 24, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@mokagio mokagio modified the milestones: 27.2, 27.1 Jun 24, 2026
@mokagio mokagio added the Tooling Build, Release, and Validation Tools label Jun 24, 2026
@mokagio mokagio self-assigned this Jun 24, 2026
@mokagio mokagio enabled auto-merge June 24, 2026 04:11
Comment on lines 124 to 139
@@ -140,7 +134,7 @@ def update_code_signing_enterprise(readonly:, app_identifiers:)
team_id: get_required_env('INT_EXPORT_TEAM_ID'),
readonly: readonly,
app_identifiers: app_identifiers,
api_key_path: api_key_path
api_key: nil
)
end

@mokagio mokagio Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes me realize that it's time to update the various lanes that generate Enterprise certificates and profiles to use app_store_connect_api_key(in_house: true). However, that's not as simple as it sound because it will require updating the logic to look for dedicated env vars, as the Enterprise key is different from the App Store Connect one.

More details in https://linear.app/a8c/issue/AINFRA-2023

@wpmobilebot

Copy link
Copy Markdown
Contributor
App Icon📲 You can test the changes from this Pull Request in WordPress by scanning the QR code below to install the corresponding build.
App NameWordPress
ConfigurationRelease-Alpha
Build Number32781
VersionPR #25692
Bundle IDorg.wordpress.alpha
Commit3ee8d30
Installation URL6bhtbmusqlgd8
Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

@wpmobilebot

Copy link
Copy Markdown
Contributor
App Icon📲 You can test the changes from this Pull Request in Jetpack by scanning the QR code below to install the corresponding build.
App NameJetpack
ConfigurationRelease-Alpha
Build Number32781
VersionPR #25692
Bundle IDcom.jetpack.alpha
Commit3ee8d30
Installation URL0qg7tm6j2js70
Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

@mokagio mokagio requested review from crazytonyli and jkmassel June 24, 2026 04:47

@jkmassel jkmassel left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm that these keys exist in the CI environment, so we should be good to go here

@mokagio mokagio added this pull request to the merge queue Jun 24, 2026
Merged via the queue into trunk with commit 011851a Jun 24, 2026
25 of 26 checks passed
@mokagio mokagio deleted the ainfra-230-use-env-var-instead-of-encrypted-json-for-asc-api-key-in-wjr branch June 24, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Tooling Build, Release, and Validation Tools

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants