From 9d911cb37881ff823d7b204a7bb108554298850f Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Mon, 14 Aug 2023 14:34:44 -0700
Subject: [PATCH] Add check for NGINX Plus cert

---
 .github/workflows/ci.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index be6de2c8..94adddff 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -39,6 +39,15 @@ jobs:
       - name: Determine NGINX Plus version
         run: echo "NGINX_PLUS_VERSION=$(cat Makefile | grep -m1 NGINX_PLUS_VERSION | cut -d "=" -f2)" >> $GITHUB_ENV
 
+      - name: Check if NGINX Plus cert is still valid
+        env:
+          NGINX_CRT: ${{ secrets.NGINX_CRT }}
+        run: |
+          expire_date=$( date --date="$(openssl x509 -enddate -noout -in <(echo $NGINX_CRT) | cut -d= -f2)" --iso-8601 )
+          echo "NGINX Plus cert expires on $expire_date"
+          echo "Checking if cert will expire in 7 days..."
+          openssl x509 -checkend 604800 -noout -in <(echo $NGINX_CRT) || exit 1
+
       - name: Switch Repository (Nightly)
         if: (github.event_name == 'schedule')
         run: |