From 1c7163e2ce5bc404551bcc15224d3a1c37b7ab68 Mon Sep 17 00:00:00 2001 From: s3rj1k Date: Sat, 22 Jun 2024 18:49:55 +0200 Subject: [PATCH] [GHA] Fail early when required secret not set. --- .github/docker/debian/bookworm/amd64/Dockerfile | 3 +-- .github/docker/debian/bookworm/arm32v7/Dockerfile | 3 +-- .github/docker/debian/bookworm/arm64v8/Dockerfile | 3 +-- .github/docker/debian/bullseye/amd64/Dockerfile | 3 +-- .github/docker/debian/bullseye/arm32v7/Dockerfile | 3 +-- .github/docker/debian/bullseye/arm64v8/Dockerfile | 3 +-- .github/docker/debian/buster/amd64/Dockerfile | 3 +-- .github/docker/debian/buster/arm32v7/Dockerfile | 3 +-- .github/docker/debian/buster/arm64v8/Dockerfile | 3 +-- .github/workflows/build.yml | 8 +++++++- 10 files changed, 16 insertions(+), 19 deletions(-) diff --git a/.github/docker/debian/bookworm/amd64/Dockerfile b/.github/docker/debian/bookworm/amd64/Dockerfile index 844d9494a4..7b1dc8bf38 100644 --- a/.github/docker/debian/bookworm/amd64/Dockerfile +++ b/.github/docker/debian/bookworm/amd64/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/bookworm/arm32v7/Dockerfile b/.github/docker/debian/bookworm/arm32v7/Dockerfile index 164e602356..08608032a4 100644 --- a/.github/docker/debian/bookworm/arm32v7/Dockerfile +++ b/.github/docker/debian/bookworm/arm32v7/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/bookworm/arm64v8/Dockerfile b/.github/docker/debian/bookworm/arm64v8/Dockerfile index 0e30f8504e..e509a587e6 100644 --- a/.github/docker/debian/bookworm/arm64v8/Dockerfile +++ b/.github/docker/debian/bookworm/arm64v8/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/bullseye/amd64/Dockerfile b/.github/docker/debian/bullseye/amd64/Dockerfile index e4557f1ed6..0d11c84dec 100644 --- a/.github/docker/debian/bullseye/amd64/Dockerfile +++ b/.github/docker/debian/bullseye/amd64/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/bullseye/arm32v7/Dockerfile b/.github/docker/debian/bullseye/arm32v7/Dockerfile index 03eb59b40f..7ea36d1bcc 100644 --- a/.github/docker/debian/bullseye/arm32v7/Dockerfile +++ b/.github/docker/debian/bullseye/arm32v7/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/bullseye/arm64v8/Dockerfile b/.github/docker/debian/bullseye/arm64v8/Dockerfile index ca216a82d7..ae3429cff7 100644 --- a/.github/docker/debian/bullseye/arm64v8/Dockerfile +++ b/.github/docker/debian/bullseye/arm64v8/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/buster/amd64/Dockerfile b/.github/docker/debian/buster/amd64/Dockerfile index a0da4dbe7c..9f3d03f14c 100644 --- a/.github/docker/debian/buster/amd64/Dockerfile +++ b/.github/docker/debian/buster/amd64/Dockerfile @@ -64,7 +64,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -73,7 +73,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/buster/arm32v7/Dockerfile b/.github/docker/debian/buster/arm32v7/Dockerfile index c283d9c6ce..362c2a6602 100644 --- a/.github/docker/debian/buster/arm32v7/Dockerfile +++ b/.github/docker/debian/buster/arm32v7/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/docker/debian/buster/arm64v8/Dockerfile b/.github/docker/debian/buster/arm64v8/Dockerfile index ac1f77959f..ed678405a9 100644 --- a/.github/docker/debian/buster/arm64v8/Dockerfile +++ b/.github/docker/debian/buster/arm64v8/Dockerfile @@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN --mount=type=secret,id=REPO_PASSWORD \ +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ printf "password " >> /etc/apt/auth.conf && \ @@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \ --fail \ --netrc-file /etc/apt/auth.conf \ --output ${GPG_KEY} \ - --silent \ https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ file ${GPG_KEY} && \ apt-get --quiet update && \ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e16da9a364..ec183137b4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,12 @@ name: Build and Distribute on: + pull_request_target: + types: + - ready_for_review + paths: + - '**' + - '!.github/' pull_request: push: branches: @@ -23,7 +29,7 @@ jobs: run: | JSON="[]" - if [[ "${{ github.event_name }}" == "pull_request" ]]; then + if [[ "${{ github.event_name }}" == "pull_request" || "${{ github.event_name }}" == "pull_request_target" ]]; then JSON=$(jq -n '[ { "version": "bookworm",