dn724/dncurrency
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Merge pull request #3822 from zhyatt/limit-workflow-publish

Browse source 
Limit the publishing of public builds and Docker images to only the public repository
This commit is contained in:
Thiago Silva 2022-05-27 18:25:16 -03:00 committed by GitHub
commit 3e2b49e208
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/beta_artifacts.yml vendored
View file

@ -36,6 +36,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -61,6 +62,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -83,7 +85,8 @@ jobs:
run: ci/actions/linux/install_deps.sh run: ci/actions/linux/install_deps.sh
- name: Build Docker (nanocurrency/nano-beta) - name: Build Docker (nanocurrency/nano-beta)
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh
- name: Deploy Docker (nanocurrency/nano-beta) - name: Deploy Docker Hub (nanocurrency/nano-beta)
if: ${{ github.repository == 'nanocurrency/nano-node' }}
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh
env: env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@ -118,6 +121,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/windows/deploy.ps1 run: ci/actions/windows/deploy.ps1
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2

8
.github/workflows/live_artifacts.yml vendored
View file

@ -35,6 +35,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -60,6 +61,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -82,7 +84,8 @@ jobs:
run: ci/actions/linux/install_deps.sh run: ci/actions/linux/install_deps.sh
- name: Build Docker (nanocurrency/nano) - name: Build Docker (nanocurrency/nano)
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh
- name: Deploy Docker (nanocurrency/nano) - name: Deploy Docker Hub (nanocurrency/nano)
if: ${{ github.repository == 'nanocurrency/nano-node' }}
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh
env: env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@ -92,7 +95,7 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PAT }} password: ${{ secrets.GHCR_PAT }}
- name: Deploy Docker (ghcr.io - name: Deploy Docker (ghcr.io)
run: ci/actions/linux/ghcr_push.sh run: ci/actions/linux/ghcr_push.sh
windows_job: windows_job:
@ -117,6 +120,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/windows/deploy.ps1 run: ci/actions/windows/deploy.ps1
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2

6
.github/workflows/test_network_artifacts.yml vendored
View file

@ -36,6 +36,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -61,6 +62,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/deploy.sh run: ci/actions/deploy.sh
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2
@ -83,7 +85,8 @@ jobs:
run: ci/actions/linux/install_deps.sh run: ci/actions/linux/install_deps.sh
- name: Build Docker (nanocurrency/nano) - name: Build Docker (nanocurrency/nano)
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-build.sh
- name: Deploy Docker (nanocurrency/nano) - name: Deploy Docker Hub (nanocurrency/nano-test)
if: ${{ github.repository == 'nanocurrency/nano-node' }}
run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh run: TRAVIS_TAG=${TAG} ci/actions/linux/docker-deploy.sh
env: env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@ -118,6 +121,7 @@ jobs:
- name: Deploy Artifact - name: Deploy Artifact
run: ci/actions/windows/deploy.ps1 run: ci/actions/windows/deploy.ps1
env: env:
S3_BUILD_DIRECTORY: ${{ secrets.S3_BUILD_DIRECTORY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-2 AWS_DEFAULT_REGION: us-east-2

18
ci/actions/deploy.sh
View file

@ -13,15 +13,21 @@ else
BUILD="live" BUILD="live"
fi fi
if [[ "${GITHUB_REPOSITORY:-}" == "nanocurrency/nano-node" ]]; then
DIRECTORY=$BUILD
else
DIRECTORY="${S3_BUILD_DIRECTORY}/${BUILD}"
fi
if [[ "$OS" == 'Linux' ]]; then if [[ "$OS" == 'Linux' ]]; then
sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Linux.tar.bz2 >$GITHUB_WORKSPACE/nano-node-$TAG-Linux.tar.bz2.sha256 sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Linux.tar.bz2 >$GITHUB_WORKSPACE/nano-node-$TAG-Linux.tar.bz2.sha256
sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Linux.deb >$GITHUB_WORKSPACE/nano-node-$TAG-Linux.deb.sha256 sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Linux.deb >$GITHUB_WORKSPACE/nano-node-$TAG-Linux.deb.sha256
aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Linux.tar.bz2 s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Linux.tar.bz2 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Linux.tar.bz2 s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Linux.tar.bz2 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp $GITHUB_WORKSPACE/nano-node-$TAG-Linux.tar.bz2.sha256 s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Linux.tar.bz2.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/nano-node-$TAG-Linux.tar.bz2.sha256 s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Linux.tar.bz2.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Linux.deb s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Linux.deb --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Linux.deb s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Linux.deb --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp $GITHUB_WORKSPACE/nano-node-$TAG-Linux.deb.sha256 s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Linux.deb.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/nano-node-$TAG-Linux.deb.sha256 s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Linux.deb.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
else else
sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Darwin.dmg >$GITHUB_WORKSPACE/build/nano-node-$TAG-Darwin.dmg.sha256 sha256sum $GITHUB_WORKSPACE/build/nano-node-*-Darwin.dmg >$GITHUB_WORKSPACE/build/nano-node-$TAG-Darwin.dmg.sha256
aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Darwin.dmg s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Darwin.dmg --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/build/nano-node-*-Darwin.dmg s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Darwin.dmg --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp $GITHUB_WORKSPACE/build/nano-node-$TAG-Darwin.dmg.sha256 s3://repo.nano.org/$BUILD/binaries/nano-node-$TAG-Darwin.dmg.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $GITHUB_WORKSPACE/build/nano-node-$TAG-Darwin.dmg.sha256 s3://repo.nano.org/$DIRECTORY/binaries/nano-node-$TAG-Darwin.dmg.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
fi fi

15
ci/actions/windows/deploy.ps1
View file

@ -10,13 +10,20 @@ else {
$network_cfg = "live" $network_cfg = "live"
} }
if ( ${env:GITHUB_REPOSITORY} -eq "nanocurrency/nano-node" ) {
$directory=$network_cfg
}
else {
$directory=${env:S3_BUILD_DIRECTORY}+"/"+$network_cfg
}
$exe = Resolve-Path -Path $env:GITHUB_WORKSPACE\build\nano-node-*-win64.exe $exe = Resolve-Path -Path $env:GITHUB_WORKSPACE\build\nano-node-*-win64.exe
$zip = Resolve-Path -Path $env:GITHUB_WORKSPACE\build\nano-node-*-win64.zip $zip = Resolve-Path -Path $env:GITHUB_WORKSPACE\build\nano-node-*-win64.zip
((Get-FileHash $exe).hash)+" "+(split-path -Path $exe -Resolve -leaf) | Out-file -FilePath "$exe.sha256" ((Get-FileHash $exe).hash)+" "+(split-path -Path $exe -Resolve -leaf) | Out-file -FilePath "$exe.sha256"
((Get-FileHash $zip).hash)+" "+(split-path -Path $zip -Resolve -leaf) | Out-file -FilePath "$zip.sha256" ((Get-FileHash $zip).hash)+" "+(split-path -Path $zip -Resolve -leaf) | Out-file -FilePath "$zip.sha256"
aws s3 cp $exe s3://repo.nano.org/$network_cfg/binaries/nano-node-$env:TAG-win64.exe --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp $exe s3://repo.nano.org/$directory/binaries/nano-node-$env:TAG-win64.exe --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp "$exe.sha256" s3://repo.nano.org/$network_cfg/binaries/nano-node-$env:TAG-win64.exe.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp "$exe.sha256" s3://repo.nano.org/$directory/binaries/nano-node-$env:TAG-win64.exe.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp "$zip" s3://repo.nano.org/$network_cfg/binaries/nano-node-$env:TAG-win64.zip --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp "$zip" s3://repo.nano.org/$directory/binaries/nano-node-$env:TAG-win64.zip --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
aws s3 cp "$zip.sha256" s3://repo.nano.org/$network_cfg/binaries/nano-node-$env:TAG-win64.zip.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers aws s3 cp "$zip.sha256" s3://repo.nano.org/$directory/binaries/nano-node-$env:TAG-win64.zip.sha256 --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers