Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update-manifest: drop user token #946

Merged
merged 1 commit into from
Oct 11, 2021
Merged

update-manifest: drop user token #946

merged 1 commit into from
Oct 11, 2021

Conversation

himdel
Copy link
Collaborator

@himdel himdel commented Sep 16, 2021

use an encrypted deploy key instead

unlike the cloud deploy key (5d66b9c), this one uses gpg:

# encrypt
gpg --symmetric --cipher-algo AES256 .travis/deploy_manifest
# decrypt
gpg --quiet --batch --yes --decrypt --passphrase="$MANIFEST_PASSPHRASE" --output .travis/deploy_manifest .travis/deploy_manifest.gpg

@himdel
update-manifest: drop user token
bb6cd82 
use an encrypted deploy key instead

unlike the cloud deploy key (5d66b9c), this one uses gpg:

    # encrypt
    gpg --symmetric --cipher-algo AES256 .travis/deploy_manifest
    # decrypt
    gpg --quiet --batch --yes --decrypt --passphrase="$MANIFEST_PASSPHRASE" --output .travis/deploy_manifest .travis/deploy_manifest.gpg
@himdel himdel mentioned this pull request Sep 16, 2021
Merged
newswangerd pushed a commit to ansible/galaxy_ng that referenced this pull request Sep 30, 2021
@himdel
update_manifest workflow: fix & use deploy_key instead of user token (#…
436ffc4 
…973)

* ci workflow: fix update_manifest

update_manifest is currently failing to run for 2 reasons:

GITHUB_PULL_REQUEST is set to a PR number during the pull_request event, and nothing during the push event,
the script expects `false`
fixing by testing GITHUB_PULL_REQUEST for nonempty

GITHUB_BRANCH is set to github.head_ref, only available during pull_request events,
the script tests for "master" or "stable"
fixing by updating GITHUB_BRANCH to use github.ref sans the refs/heads/ prefix

and removed the unused vars, as well as github.event.after which doesn't seem documented for push builds

* update_manifest: use deploy key instead of user token

same as ansible/ansible-hub-ui#946

the gpg-encrypted key is added to the repo, encrypted by a passphrase added to secrets

No-Issue

* post-job-template.yml.j2 - update and rerun `plugin-template --github galaxy_ng`
patchback bot pushed a commit to ansible/galaxy_ng that referenced this pull request Sep 30, 2021
@himdel
update_manifest workflow: fix & use deploy_key instead of user token (#…
3a0fdd7 
…973)

* ci workflow: fix update_manifest

update_manifest is currently failing to run for 2 reasons:

GITHUB_PULL_REQUEST is set to a PR number during the pull_request event, and nothing during the push event,
the script expects `false`
fixing by testing GITHUB_PULL_REQUEST for nonempty

GITHUB_BRANCH is set to github.head_ref, only available during pull_request events,
the script tests for "master" or "stable"
fixing by updating GITHUB_BRANCH to use github.ref sans the refs/heads/ prefix

and removed the unused vars, as well as github.event.after which doesn't seem documented for push builds

* update_manifest: use deploy key instead of user token

same as ansible/ansible-hub-ui#946

the gpg-encrypted key is added to the repo, encrypted by a passphrase added to secrets

No-Issue

* post-job-template.yml.j2 - update and rerun `plugin-template --github galaxy_ng`

(cherry picked from commit 436ffc4)
@patchback patchback bot mentioned this pull request Sep 30, 2021
Merged
newswangerd added a commit to ansible/galaxy_ng that referenced this pull request Sep 30, 2021
@patchback @himdel @newswangerd
update_manifest workflow: fix & use deploy_key instead of user token (#…
fce7a60 
…973) (#999)

* ci workflow: fix update_manifest

update_manifest is currently failing to run for 2 reasons:

GITHUB_PULL_REQUEST is set to a PR number during the pull_request event, and nothing during the push event,
the script expects `false`
fixing by testing GITHUB_PULL_REQUEST for nonempty

GITHUB_BRANCH is set to github.head_ref, only available during pull_request events,
the script tests for "master" or "stable"
fixing by updating GITHUB_BRANCH to use github.ref sans the refs/heads/ prefix

and removed the unused vars, as well as github.event.after which doesn't seem documented for push builds

* update_manifest: use deploy key instead of user token

same as ansible/ansible-hub-ui#946

the gpg-encrypted key is added to the repo, encrypted by a passphrase added to secrets

No-Issue

* post-job-template.yml.j2 - update and rerun `plugin-template --github galaxy_ng`

(cherry picked from commit 436ffc4)

Co-authored-by: Martin Hradil <mhradil@redhat.com>
Co-authored-by: David Newswanger <dnewswan@redhat.com>
@himdel himdel merged commit dbd6df2 into ansible:master Oct 11, 2021
@himdel himdel deleted the manifest-deploy-key branch October 11, 2021 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ZitaNemeckova ZitaNemeckova ZitaNemeckova approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@himdel @ZitaNemeckova