From abeb008c833f8cc4b7a02ff757a3e20dc899562d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20Bj=C3=B6rkert?= <jonas@bjorkert.se>
Date: Tue, 10 Mar 2026 13:17:08 +0100
Subject: [PATCH] Fix NUKE_CERT variables to be case insensitive in bash

Use ${VAR,,} parameter expansion for case-insensitive comparisons
in bash. Also fix bug where FORCE_NUKE_CERTS was compared as a
literal string instead of a variable value.

The GitHub Actions if: expressions (nuke_certs job) are already
case-insensitive, so no changes needed there.
---
 .github/workflows/create_certs.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/create_certs.yml b/.github/workflows/create_certs.yml
index 37bda3320..07463fb65 100644
--- a/.github/workflows/create_certs.yml
+++ b/.github/workflows/create_certs.yml
@@ -60,6 +60,7 @@ jobs:
         run: |
           CERT_STATUS_FILE="${{ github.workspace }}/fastlane/new_certificate_needed.txt"
           ENABLE_NUKE_CERTS=${{ vars.ENABLE_NUKE_CERTS }}
+          FORCE_NUKE_CERTS=${{ vars.FORCE_NUKE_CERTS }}
 
           if [ -f "$CERT_STATUS_FILE" ]; then
             CERT_STATUS=$(cat "$CERT_STATUS_FILE" | tr -d '\n' | tr -d '\r') # Read file content and strip newlines
@@ -71,18 +72,18 @@ jobs:
           fi
 
           # Check if ENABLE_NUKE_CERTS is not set to true when certs are valid
-          if [ "$CERT_STATUS" != "true" ] && [ "$ENABLE_NUKE_CERTS" != "true" ]; then
+          if [ "$CERT_STATUS" != "true" ] && [ "${ENABLE_NUKE_CERTS,,}" != "true" ]; then
             echo "::notice::🔔 Automated renewal of certificates is disabled because the repository variable ENABLE_NUKE_CERTS is not set to 'true'."
           fi
 
           # Check if ENABLE_NUKE_CERTS is not set to true when certs are not valid
-          if [ "$CERT_STATUS" = "true" ] && [ "$ENABLE_NUKE_CERTS" != "true" ]; then
+          if [ "$CERT_STATUS" = "true" ] && [ "${ENABLE_NUKE_CERTS,,}" != "true" ]; then
             echo "::error::❌ No valid distribution certificate found. Automated renewal of certificates was skipped because the repository variable ENABLE_NUKE_CERTS is not set to 'true'."
             exit 1
           fi
 
-          # Check if vars.FORCE_NUKE_CERTS is not set to true
-          if [ vars.FORCE_NUKE_CERTS = "true" ]; then
+          # Check if FORCE_NUKE_CERTS is set to true
+          if [ "${FORCE_NUKE_CERTS,,}" = "true" ]; then
             echo "::warning::‼️ Nuking of certificates was forced because the repository variable FORCE_NUKE_CERTS is set to 'true'."
           fi