From 0cb206cc524067a75eacc52006b31f4be2d4acf2 Mon Sep 17 00:00:00 2001 From: Hazel Date: Wed, 24 Apr 2024 23:10:17 +0100 Subject: [PATCH] fix(ci): private repo auth, for real this time (#510) --- .github/actions/setup-haxe/action.yml | 10 ++- .github/workflows/build-docker-image.yml | 70 ++++++++++---------- .github/workflows/build-game.yml | 1 + .github/workflows/cancel-merged-branches.yml | 2 +- build/Dockerfile | 2 - 5 files changed, 44 insertions(+), 41 deletions(-) diff --git a/.github/actions/setup-haxe/action.yml b/.github/actions/setup-haxe/action.yml index fd0da3187..5a9f7b293 100644 --- a/.github/actions/setup-haxe/action.yml +++ b/.github/actions/setup-haxe/action.yml @@ -71,14 +71,18 @@ runs: path: .haxelib key: haxe-hmm-${{ runner.os }}-${{ hashFiles('**/hmm.json') }} + - if: ${{ steps.cache-hmm.outputs.cache-hit != 'true' }} + name: Prep git for dependency install + uses: gacts/run-and-post-run@v1 + with: + run: git config --global 'url.https://x-access-token:${{ inputs.gh-token }}@github.com/.insteadOf' https://github.com/ + post: git config --global --unset 'url.https://x-access-token:${{ inputs.gh-token }}@github.com/.insteadOf' + - if: ${{ steps.cache-hmm.outputs.cache-hit != 'true' }} name: Install dependencies shell: bash run: | - git config --global --unset 'url.https://x-access-token:${{ inputs.gh-token }}@github.com/.insteadOf' || true - git config --global 'url.https://x-access-token:${{ inputs.gh-token }}@github.com/.insteadOf' https://github.com/ haxelib --global run hmm install -q - git config --global --unset 'url.https://x-access-token:${{ inputs.gh-token }}@github.com/.insteadOf' echo "TIMER_DONE=$(date +%s)" >> "$GITHUB_ENV" # by default use a shared hxcpp cache diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index 15c9e5582..6fbc9677e 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -4,8 +4,8 @@ on: workflow_dispatch: push: paths: - - '**/Dockerfile' - - '.github/workflows/build-docker-image.yml' + - '**/Dockerfile' + - '.github/workflows/build-docker-image.yml' jobs: build-and-push-image: @@ -15,39 +15,39 @@ jobs: packages: write steps: - - name: Get checkout token - uses: actions/create-github-app-token@v1 - id: app_token - with: - app-id: ${{ vars.APP_ID }} - private-key: ${{ secrets.APP_PEM }} - owner: ${{ github.repository_owner }} + - name: Get checkout token + uses: actions/create-github-app-token@v1 + id: app_token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PEM }} + owner: ${{ github.repository_owner }} - - name: Checkout repo - uses: funkincrew/ci-checkout@v6 - with: - submodules: false - token: ${{ steps.app_token.outputs.token }} + - name: Checkout repo + uses: funkincrew/ci-checkout@v6 + with: + submodules: false + token: ${{ steps.app_token.outputs.token }} - - name: Log into GitHub Container Registry - uses: docker/login-action@v3.1.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Log into GitHub Container Registry + uses: docker/login-action@v3.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push Docker image - uses: docker/build-push-action@v5.3.0 - with: - context: ./build - push: true - tags: | - ghcr.io/funkincrew/build-dependencies:latest - ghcr.io/funkincrew/build-dependencies:${{ github.sha }} - labels: | - org.opencontainers.image.description=precooked haxe build-dependencies - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.source=https://github.com/${{ github.repository }} - org.opencontainers.image.title=${{ github.repository_owner }}/build-dependencies - org.opencontainers.image.url=https://github.com/${{ github.repository }} - org.opencontainers.image.version=${{ github.sha }} + - name: Build and push Docker image + uses: docker/build-push-action@v5.3.0 + with: + context: ./build + push: true + tags: | + ghcr.io/funkincrew/build-dependencies:latest + ghcr.io/funkincrew/build-dependencies:${{ github.sha }} + labels: | + org.opencontainers.image.description=precooked haxe build-dependencies + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.title=${{ github.repository_owner }}/build-dependencies + org.opencontainers.image.url=https://github.com/${{ github.repository }} + org.opencontainers.image.version=${{ github.sha }} diff --git a/.github/workflows/build-game.yml b/.github/workflows/build-game.yml index 25c7edcd5..07802557c 100644 --- a/.github/workflows/build-game.yml +++ b/.github/workflows/build-game.yml @@ -39,6 +39,7 @@ jobs: with: submodules: 'recursive' token: ${{ steps.app_token.outputs.token }} + persist-credentials: false - name: Setup build environment uses: ./.github/actions/setup-haxe diff --git a/.github/workflows/cancel-merged-branches.yml b/.github/workflows/cancel-merged-branches.yml index f66f9647b..254b21a24 100644 --- a/.github/workflows/cancel-merged-branches.yml +++ b/.github/workflows/cancel-merged-branches.yml @@ -3,7 +3,7 @@ name: Cancel queued workflows on PR merge on: pull_request: types: - - closed + - closed jobs: diff --git a/build/Dockerfile b/build/Dockerfile index a52749e11..c545d1364 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -71,8 +71,6 @@ RUN <> /etc/gitconfig [safe] directory = * -[credential] - helper = cache EOC ssh-keyscan -t rsa,ecdsa,ed25519 github.com >> /etc/ssh/ssh_known_hosts