This repository was archived by the owner on Jan 7, 2026. It is now read-only.
Check Certificate Statuses #791
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Certificate Statuses | |
| on: | |
| schedule: | |
| - cron: '*/30 * * * *' | |
| # Also allow manual triggers | |
| workflow_dispatch: | |
| # Run on pushes to main branch (optional) | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| check-certificates: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install requests beautifulsoup4 lxml | |
| - name: Normalize p12 passwords to ProStore | |
| run: | | |
| set -euo pipefail | |
| find . -type f -name "password.txt" -print0 | while IFS= read -r -d '' passfile; do | |
| dir="$(dirname "$passfile")" | |
| current_pass="$(tr -d '\r\n' < "$passfile")" | |
| if [ "$current_pass" = "ProStore" ]; then | |
| echo "β Already ProStore: $dir" | |
| continue | |
| fi | |
| mapfile -t p12s < <(find "$dir" -maxdepth 1 -name "*.p12") | |
| if [ "${#p12s[@]}" -eq 0 ]; then | |
| echo "β No .p12 found in $dir" | |
| continue | |
| fi | |
| for p12_file in "${p12s[@]}"; do | |
| echo "π Updating password for $p12_file" | |
| pem_file="$dir/temp.pem" | |
| new_p12="$dir/temp.p12" | |
| # Extract (legacy fixes older Apple / enterprise certs) | |
| openssl pkcs12 \ | |
| -legacy \ | |
| -in "$p12_file" \ | |
| -out "$pem_file" \ | |
| -nodes \ | |
| -passin pass:"$current_pass" | |
| # Re-export with new password | |
| openssl pkcs12 \ | |
| -export \ | |
| -in "$pem_file" \ | |
| -out "$new_p12" \ | |
| -passout pass:ProStore | |
| mv "$new_p12" "$p12_file" | |
| rm -f "$pem_file" | |
| done | |
| echo "ProStore" > "$passfile" | |
| echo "β Updated passwords in $dir" | |
| done | |
| - name: Check certificate statuses | |
| run: | | |
| python scripts/check_certificates.py | |
| - name: Commit changes if any | |
| run: | | |
| git config --global user.name 'GitHub Actions' | |
| git config --global user.email '[email protected]' | |
| git add . | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit" | |
| else | |
| git commit -m "π Update certificate statuses [$(date +'%Y-%m-%d %H:%M')]" | |
| git push | |
| fi |