From b37e726a442266660fbfb289f622ee2b3777fb04 Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paul.lol>
Date: Wed, 12 Feb 2025 19:04:58 -0600
Subject: [PATCH] make sure env secrets are set

---
 .github/workflows/release.yml      |  2 +-
 .github/workflows/test-secrets.yml | 26 +++++++++++++++++++++
 scripts/test-secrets.sh            | 37 ++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/test-secrets.yml
 create mode 100755 scripts/test-secrets.sh

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7674ca7..60987ec 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,7 +48,7 @@ jobs:
           MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
           MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
           MACOS_NOTARIZATION_PWD: ${{ secrets.MACOS_NOTARIZATION_PWD }}
-        run: nix develop --command bash -c "bash scripts/sign-macos.sh"
+        run: nix develop --command bash -c "scripts/sign-macos.sh"
 
       - name: Package DMG
         run: nix develop --command bash -c "${{ matrix.target.package }}"
diff --git a/.github/workflows/test-secrets.yml b/.github/workflows/test-secrets.yml
new file mode 100644
index 0000000..a30284a
--- /dev/null
+++ b/.github/workflows/test-secrets.yml
@@ -0,0 +1,26 @@
+name: "Test Secrets"
+
+on:
+  workflow_dispatch:  # Allow manual triggering
+
+permissions:
+  contents: read
+
+jobs:
+  test-secrets:
+    name: Test Secrets Access
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Make script executable
+        run: chmod +x scripts/test-secrets.sh
+
+      - name: Test Secrets
+        env:
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+          MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
+        run: nix develop --command bash -c "./scripts/test-secrets.sh" 
\ No newline at end of file
diff --git a/scripts/test-secrets.sh b/scripts/test-secrets.sh
new file mode 100755
index 0000000..3126166
--- /dev/null
+++ b/scripts/test-secrets.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -e # Exit on error
+
+# Source the environment variables if .env exists
+if [ -f ".env" ]; then
+    set -a  # automatically export all variables
+    source .env
+    set +a
+fi
+
+# Debug: Print shell information
+echo "Shell: $SHELL"
+echo "Bash Version: $BASH_VERSION"
+
+# Script to test access to GitHub secrets
+echo "Testing access to GitHub secrets..."
+
+# Check required environment variables
+environment=(
+    "MACOS_CERTIFICATE"
+    "MACOS_CERTIFICATE_PWD"
+    "MACOS_CERTIFICATE_NAME"
+)
+
+for var in "${environment[@]}"; do
+    if [[ -z "${!var}" ]]; then
+        echo "❌ Error: $var is not set"
+        exit 1
+    else
+        echo "✅ $var is set"
+        # Print first character of the secret if it exists (for safety)
+        echo "$var starts with: ${!var:0:1}"
+    fi
+done
+
+echo "✨ Secret test complete!" 
\ No newline at end of file