-
Notifications
You must be signed in to change notification settings - Fork 133
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update_manifest workflow: fix & use deploy_key instead of user token (#…
…973) * ci workflow: fix update_manifest update_manifest is currently failing to run for 2 reasons: GITHUB_PULL_REQUEST is set to a PR number during the pull_request event, and nothing during the push event, the script expects `false` fixing by testing GITHUB_PULL_REQUEST for nonempty GITHUB_BRANCH is set to github.head_ref, only available during pull_request events, the script tests for "master" or "stable" fixing by updating GITHUB_BRANCH to use github.ref sans the refs/heads/ prefix and removed the unused vars, as well as github.event.after which doesn't seem documented for push builds * update_manifest: use deploy key instead of user token same as ansible/ansible-hub-ui#946 the gpg-encrypted key is added to the repo, encrypted by a passphrase added to secrets No-Issue * post-job-template.yml.j2 - update and rerun `plugin-template --github galaxy_ng`
- Loading branch information
Showing
4 changed files
with
23 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,8 +10,7 @@ readonly GITHUB_BRANCH="${GITHUB_BRANCH:-}" | |
|
|
||
| readonly MANIFESTS_GIT_USER="${MANIFESTS_GIT_USER:-}" | ||
| readonly MANIFESTS_GIT_EMAIL="${MANIFESTS_GIT_EMAIL:-}" | ||
| readonly MANIFESTS_GIT_TOKEN="${MANIFESTS_GIT_TOKEN:-}" | ||
| readonly MANIFESTS_GIT_URL="https://${MANIFESTS_GIT_USER}:${MANIFESTS_GIT_TOKEN}@github.com/RedHatInsights/manifests.git" | ||
| readonly MANIFESTS_GIT_URL="[email protected]:RedHatInsights/manifests.git" | ||
|
|
||
| readonly MANIFESTS_DIR='/tmp/manifests' | ||
| readonly MANIFEST_FILE="${MANIFESTS_DIR}/automation-hub/automation-hub-api.txt" | ||
|
|
@@ -37,7 +36,7 @@ generate_docker_manifest() { | |
| echo "${PREFIX}/Dockerfile-FROM-${base_image}" | ||
| } | ||
|
|
||
| if [[ "$GITHUB_PULL_REQUEST" != 'false' ]]; then | ||
| if [[ -n "$GITHUB_PULL_REQUEST" ]]; then | ||
| log_message 'Ignoring manifest update for pull request.' | ||
| exit 0 | ||
| fi | ||
|
|
@@ -49,6 +48,14 @@ else | |
| exit 0 | ||
| fi | ||
|
|
||
| # decrypt deploy key and use | ||
| gpg --quiet --batch --yes --decrypt --passphrase="$MANIFEST_PASSPHRASE" --output .github/workflows/scripts/deploy_manifest .github/workflows/scripts/deploy_manifest.gpg | ||
|
|
||
| chmod 600 .github/workflows/scripts/deploy_manifest | ||
| eval `ssh-agent -s` | ||
| ssh-add .github/workflows/scripts/deploy_manifest | ||
|
|
||
|
|
||
| git clone --depth=10 --branch="${manifests_branch}" \ | ||
| "${MANIFESTS_GIT_URL}" "${MANIFESTS_DIR}" &>/dev/null | ||
|
|
||
|
|
||