From f614a14b2347912f35fe7dc42792698488f3507a Mon Sep 17 00:00:00 2001 From: Hussein Galal Date: Thu, 18 Jul 2024 03:50:26 +0300 Subject: [PATCH] Fix secrets for commit id uploads (#6368) Signed-off-by: galal-hussein --- .github/workflows/build.yml | 29 +++++++++++++++++++-------- .github/workflows/pr.yml | 40 +++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/pr.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 78acfd6bed..75c5497cef 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,16 +8,11 @@ on: branches: - master - release-** - pull_request: - paths-ignore: - - "**.md" - - "channel.yaml" - - "install.sh" - - "!.github/workflows/test-suite.yaml" -name: Build +name: Branch Merge Build permissions: - contents: read + contents: write + id-token: write jobs: build-amd64: runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 @@ -28,9 +23,18 @@ jobs: run: | curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_SECRET_ACCESS_KEY ; - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci + env: + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} - name: Test run: | dapper -f Dockerfile --target dapper make test @@ -43,7 +47,16 @@ jobs: run: | curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper chmod +x /usr/local/bin/dapper + - name: "Read secrets" + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_ACCESS_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/aws/rke2-ci-uploader/credentials AWS_SECRET_ACCESS_KEY ; - name: Build run: | dapper -f Dockerfile --target dapper make dapper-ci + env: + AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000000..3eb84d1e96 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,40 @@ +on: + pull_request: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "!.github/workflows/test-suite.yaml" + +name: PR Build +permissions: + contents: read +jobs: + build-amd64: + runs-on: runs-on,runner=8cpu-linux-x64,run-id=${{ github.run_id }},image=ubuntu22-full-x64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + - name: Test + run: | + dapper -f Dockerfile --target dapper make test + build-arm64: + runs-on: runs-on,runner=8cpu-linux-arm64,run-id=${{ github.run_id }},image=ubuntu22-full-arm64,hdd=64 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Dapper + run: | + curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m) > /usr/local/bin/dapper + chmod +x /usr/local/bin/dapper + - name: Build + run: | + dapper -f Dockerfile --target dapper make dapper-ci + \ No newline at end of file