Self hosted runners config

.depcheckrc.json

@@ -11,6 +11,8 @@
     "@swc/cli",
     "@swc/core",
     "ts-node",
-    "typedoc"
+    "typedoc",
+    "@actions/core",
+    "@actions/github"
   ]
 }

.github/actions/configure-keystore/action.yml

@@ -8,14 +8,11 @@ inputs:
   aws-region:
     description: 'The AWS region where the secret is stored'
     required: true
-  secret-name:
-    description: 'The name of the secret in AWS Secrets Manager'
-    required: true
   platform:
     description: 'The platform for which the keystore is being configured (e.g., ios, android)'
     required: true
-  environment:
-    description: 'The environment for which the keystore is being configured (e.g., qa, flask, main)'
+  target:
+    description: 'The target for which the keystore is being configured (e.g., qa, flask, main)'
     required: true
 
 runs:
@@ -24,7 +21,7 @@ runs:
     - name: Determine signing secret name
       shell: bash
       run: |
-        case "${{ inputs.environment }}" in
+        case "${{ inputs.target }}" in
           qa)
             SECRET_NAME="metamask-mobile-qa-signing-certificates"
             ;;
@@ -35,7 +32,7 @@ runs:
             SECRET_NAME="metamask-mobile-main-signing-certificates"
             ;;
           *)
-            echo "❌ Unknown environment: ${{ inputs.environment }}"
+            echo "❌ Unknown target: ${{ inputs.target }}"
             exit 1
             ;;
         esac
@@ -103,12 +100,45 @@ runs:
         security unlock-keychain -p "$CERT_PW" "$KEYCHAIN_PATH"
 
         # Import cert
-        security import "$CERT_PATH" -P "$CERT_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" > /dev/null
-        security set-key-partition-list -S apple-tool:,apple: -k "$CERT_PW" "$KEYCHAIN_PATH" > /dev/null
-        security find-identity -p codesigning "$KEYCHAIN_PATH"
+        echo "🔐 Importing certificate..."
+        if ! security import "$CERT_PATH" -P "$CERT_PW" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"; then
+          echo "❌ Failed to import certificate. Check if the password is correct or the .p12 is valid."
+          exit 1
+        fi
+        echo "✅ Certificate imported"
+
+        # Set key partition list
+        echo "🔑 Setting key partition list..."
+        if ! security set-key-partition-list -S apple-tool:,apple: -k "$CERT_PW" "$KEYCHAIN_PATH" 2>/dev/null; then
+          echo "❌ Failed to set key partition list. Codesigning tools may not have access."
+          exit 1
+        fi
+        echo "✅ Key partition list set"
+
 
+        # Verify signing identities
+        echo "🔍 Verifying code signing identities in keychain..."
+        IDENTITIES=$(security find-identity -p codesigning "$KEYCHAIN_PATH")
+
+        if ! echo "$IDENTITIES" | grep -q "Valid identities"; then
+          echo "❌ No valid code signing identities found in keychain."
+          echo "$IDENTITIES"
+          exit 1
+        fi
+
+        # Extract and print alias (first CN string)
+        CERT_ALIAS=$(echo "$IDENTITIES" | awk -F '"' '/"Apple/ {print $2; exit}')
+        if [[ -n "$CERT_ALIAS" ]]; then
+          echo "✅ Code signing identity available: $CERT_ALIAS"
+        else
+          echo "✅ Code signing identity is available (alias not parsed)"
+        fi
 
         # Install provisioning profile
         mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
         cp "$PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
         echo "✅ Installed provisioning profile"
+
+        echo "Configuring default keychain"
+        security default-keychain -s "$KEYCHAIN_PATH"
+        echo "✅ default keychain set"