CI: Misc

.github/workflows/docker-publish-latest.yml

@@ -5,7 +5,6 @@ on:
     types: [released]
 
 env:
-  ASF_PRIVATE_SNK: ${{ secrets.ASF_PRIVATE_SNK }}
   PLATFORMS: linux/amd64,linux/arm,linux/arm64
   TAG: latest
 
@@ -40,15 +39,6 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-    - name: Prepare private key for signing
-      shell: sh
-      run: |
-        set -eu
-
-        if [ -n "${ASF_PRIVATE_SNK-}" ]; then
-            echo "$ASF_PRIVATE_SNK" | base64 -d > "resources/ArchiSteamFarm.snk"
-        fi
-
     - name: Prepare environment outputs
       shell: sh
       run: |
@@ -67,7 +57,9 @@ jobs:
         platforms: ${{ env.PLATFORMS }}
         provenance: true
         sbom: true
-        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        secrets: |
+          ASF_PRIVATE_SNK=${{ secrets.ASF_PRIVATE_SNK }}
+          STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
         labels: |
           org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
           org.opencontainers.image.version=${{ env.FIXED_TAG }}

.github/workflows/docker-publish-main.yml

@@ -6,7 +6,6 @@ on:
     - main
 
 env:
-  ASF_PRIVATE_SNK: ${{ secrets.ASF_PRIVATE_SNK }}
   PLATFORMS: linux/amd64,linux/arm,linux/arm64
   TAG: main
 
@@ -41,15 +40,6 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-    - name: Prepare private key for signing
-      shell: sh
-      run: |
-        set -eu
-
-        if [ -n "${ASF_PRIVATE_SNK-}" ]; then
-            echo "$ASF_PRIVATE_SNK" | base64 -d > "resources/ArchiSteamFarm.snk"
-        fi
-
     - name: Prepare environment outputs
       shell: sh
       run: |
@@ -66,7 +56,9 @@ jobs:
         platforms: ${{ env.PLATFORMS }}
         provenance: true
         sbom: true
-        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        secrets: |
+          ASF_PRIVATE_SNK=${{ secrets.ASF_PRIVATE_SNK }}
+          STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
         labels: |
           org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
           org.opencontainers.image.version=${{ github.sha }}

.github/workflows/docker-publish-released.yml

@@ -6,7 +6,6 @@ on:
     - '*'
 
 env:
-  ASF_PRIVATE_SNK: ${{ secrets.ASF_PRIVATE_SNK }}
   PLATFORMS: linux/amd64,linux/arm,linux/arm64
   TAG: released
 
@@ -41,15 +40,6 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-    - name: Prepare private key for signing
-      shell: sh
-      run: |
-        set -eu
-
-        if [ -n "${ASF_PRIVATE_SNK-}" ]; then
-            echo "$ASF_PRIVATE_SNK" | base64 -d > "resources/ArchiSteamFarm.snk"
-        fi
-
     - name: Prepare environment outputs
       shell: sh
       run: |
@@ -67,7 +57,9 @@ jobs:
         platforms: ${{ env.PLATFORMS }}
         provenance: true
         sbom: true
-        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        secrets: |
+          ASF_PRIVATE_SNK=${{ secrets.ASF_PRIVATE_SNK }}
+          STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
         labels: |
           org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
           org.opencontainers.image.version=${{ env.FIXED_TAG }}

Dockerfile

@@ -34,7 +34,7 @@ COPY Directory.Build.props Directory.Build.props
 COPY Directory.Packages.props Directory.Packages.props
 COPY LICENSE.txt LICENSE.txt
 
-RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
+RUN --mount=type=secret,id=ASF_PRIVATE_SNK --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
     set -eu
 
     dotnet --info
@@ -51,6 +51,12 @@ RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
         *) echo "ERROR: Unsupported CPU architecture: ${TARGETARCH}"; exit 1 ;;
     esac
 
+    if [ -f "/run/secrets/ASF_PRIVATE_SNK" ]; then
+        base64 -d "/run/secrets/ASF_PRIVATE_SNK" > "resources/ArchiSteamFarm.snk"
+    else
+        echo "WARN: No ASF_PRIVATE_SNK provided!"
+    fi
+
     dotnet publish ArchiSteamFarm -c "$CONFIGURATION" -o "out" -p:ASFVariant=docker -p:ContinuousIntegrationBuild=true -p:UseAppHost=false -r "$asf_variant" --nologo --no-self-contained
 
     if [ -f "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN" ]; then

Dockerfile.Service

@@ -34,7 +34,7 @@ COPY Directory.Build.props Directory.Build.props
 COPY Directory.Packages.props Directory.Packages.props
 COPY LICENSE.txt LICENSE.txt
 
-RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
+RUN --mount=type=secret,id=ASF_PRIVATE_SNK --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
     set -eu
 
     dotnet --info
@@ -51,6 +51,12 @@ RUN --mount=type=secret,id=STEAM_TOKEN_DUMPER_TOKEN <<EOF
         *) echo "ERROR: Unsupported CPU architecture: ${TARGETARCH}"; exit 1 ;;
     esac
 
+    if [ -f "/run/secrets/ASF_PRIVATE_SNK" ]; then
+        base64 -d "/run/secrets/ASF_PRIVATE_SNK" > "resources/ArchiSteamFarm.snk"
+    else
+        echo "WARN: No ASF_PRIVATE_SNK provided!"
+    fi
+
     dotnet publish ArchiSteamFarm -c "$CONFIGURATION" -o "out" "-p:ASFVariant=${asf_variant}" -p:ContinuousIntegrationBuild=true -p:PublishSingleFile=true -p:PublishTrimmed=true -r "$asf_variant" --nologo --self-contained
 
     if [ -f "/run/secrets/STEAM_TOKEN_DUMPER_TOKEN" ]; then