{"id":49877956,"url":"https://github.com/absaoss/validate-certificates","last_synced_at":"2026-05-15T13:08:55.680Z","repository":{"id":354606283,"uuid":"1223486684","full_name":"AbsaOSS/validate-certificates","owner":"AbsaOSS","description":"Certificate validation check working as GitHub action","archived":false,"fork":false,"pushed_at":"2026-04-29T08:06:10.000Z","size":29,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-29T10:08:55.409Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AbsaOSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-28T11:20:59.000Z","updated_at":"2026-04-29T08:05:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/AbsaOSS/validate-certificates","commit_stats":null,"previous_names":["absaoss/validate-certificates"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/AbsaOSS/validate-certificates","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AbsaOSS%2Fvalidate-certificates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AbsaOSS%2Fvalidate-certificates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AbsaOSS%2Fvalidate-certificates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AbsaOSS%2Fvalidate-certificates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AbsaOSS","download_url":"https://codeload.github.com/AbsaOSS/validate-certificates/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AbsaOSS%2Fvalidate-certificates/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33067573,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T11:35:32.926Z","status":"ssl_error","status_checked_at":"2026-05-15T11:35:31.362Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-15T13:08:50.397Z","updated_at":"2026-05-15T13:08:55.672Z","avatar_url":"https://github.com/AbsaOSS.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# validate-certificates\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![GitHub Release](https://img.shields.io/github/v/release/AbsaOSS/validate-certificates)](https://github.com/AbsaOSS/validate-certificates/releases)\n\nA GitHub composite action that validates **multiple** SSL/TLS certificates provided as a JSON array and produces a consolidated summary table in the job log and the GitHub Step Summary panel.\n\nCertificates are **grouped by subject**, so an expired cert with a newer valid replacement for the same subject does not fail the check — only truly unrecoverable expirations cause a failure.\n\n---\n\n## Features\n\n- Accepts any number of certificates as a JSON array of file paths\n- Parses subject, issuer, and validity dates using `openssl`\n- Works on **Linux** (GNU date) and **macOS** (BSD date) runners\n- Groups certificates by subject — expired certs with a valid replacement are downgraded to informational\n- Emits `::warning` annotations in the Actions log for actionable issues\n- Writes a rich Markdown table to the **GitHub Step Summary** panel\n- Exits **1** only when there is an unrecoverable failure (no valid replacement exists)\n\n---\n\n## Inputs\n\n| Input          | Required | Default | Description                                             |\n|----------------|----------|---------|---------------------------------------------------------|\n| `certificates` | ✅       | —       | JSON array of certificate file paths to validate        |\n| `warning_days` | ❌       | `30`    | Days before expiry to emit a warning instead of passing |\n\n---\n\n## Outputs\n\n- Per-certificate validation details printed to the job log\n- A Markdown summary table written to the **GitHub Step Summary** panel\n- Exits **1** if any certificate is expired, not yet valid, or cannot be parsed and has no valid replacement\n- Exits **0** (with warnings) if all certs are valid but some are nearing expiry\n\n---\n\n## Status legend\n\n| Icon | Meaning                                                      |\n|------|--------------------------------------------------------------|\n| ✅   | Valid — expiry is beyond `warning_days`                      |\n| ⚠️   | Expiring Soon — expiry within `warning_days`                 |\n| ⏳   | Expired (newer replacement exists) — does not fail the check |\n| ❌   | Expired / Failed — no valid replacement found                |\n\n---\n\n## Usage\n\n### Recommended: pin to a specific version tag\n\n```yaml\n- name: Validate certificates\n  uses: AbsaOSS/validate-certificates@v1\n  with:\n    certificates: '[\"./certs/server.crt\", \"./certs/client.pem\"]'\n    warning_days: '30'\n```\n\n### Discover certificates dynamically, then validate\n\n```yaml\njobs:\n  find-certs:\n    name: Find Certificates\n    runs-on: ubuntu-latest\n    outputs:\n      certs: ${{ steps.set-certificates.outputs.certs }}\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Find all .crt and .pem files\n        id: set-certificates\n        run: |\n          certs=$(find ./deployment/certs \\\n            -type f \\( -name \"*.crt\" -o -name \"*.pem\" \\) \\\n            | jq -R -s -c 'split(\"\\n\")[:-1]')\n          echo \"certs=$certs\" \u003e\u003e $GITHUB_OUTPUT\n\n  validate-certificates:\n    name: Validate Certificates\n    needs: find-certs\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Validate all deployment certificates\n        uses: AbsaOSS/validate-certificates@v1\n        with:\n          certificates: ${{ needs.find-certs.outputs.certs }}\n          warning_days: '60'\n```\n\n### Scheduled certificate health check\n\n```yaml\non:\n  schedule:\n    - cron: '0 6 * * 1'   # every Monday at 06:00 UTC\n\njobs:\n  cert-check:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Validate certificates\n        uses: AbsaOSS/validate-certificates@v1\n        with:\n          certificates: |\n            [\n              \"./certs/api.example.com.crt\",\n              \"./certs/internal.example.com.pem\",\n              \"./certs/legacy.example.com.crt\"\n            ]\n          warning_days: '45'\n```\n\nSee the [`examples/`](examples/) directory for ready-to-use workflow files.\n\n---\n\n## Requirements\n\n- Runner must have `openssl` and `jq` installed (both are available by default on `ubuntu-latest` and `macos-latest` GitHub-hosted runners)\n\n---\n\n## Contributing\n\nContributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) before opening a pull request.\n\n---\n\n## License\n\nCopyright 2026 ABSA Group Limited — licensed under the [Apache License 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabsaoss%2Fvalidate-certificates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabsaoss%2Fvalidate-certificates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabsaoss%2Fvalidate-certificates/lists"}