CI: do not run deploy.sh if secrets are unset

merges manubot/rootstock#302 GitHub Actions: do not run deploy.sh if secrets.MANUBOT_SSH_PRIVATE_KEY is not set resulting in `env: MANUBOT_SSH_PRIVATE_KEY: ""` https://github.community/t5/GitHub-Actions/If-expression-with-context-variable/m-p/34560/highlight/true#M1959 Travis CI: condition deploy on MANUBOT_SSH_PRIVATE_KEY being set or variable name expansion for encrypted_*. https://unix.stackexchange.com/a/290296/294987 https://wiki.bash-hackers.org/syntax/pe#variable_name_expansion
greenelab · Jan 19, 2020 · eab9b2a · eab9b2a
1 parent af52dea
commit eab9b2a
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/.github/workflows/manubot.yaml b/.github/workflows/manubot.yaml
@@ -36,4 +36,10 @@ jobs:
           MANUBOT_SSH_PRIVATE_KEY: ${{ secrets.MANUBOT_SSH_PRIVATE_KEY }}
           BUILD_WEB_URL: https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks
         shell: bash --login {0}        
-        run: bash ci/deploy.sh
+        run: |
+          if [ "$MANUBOT_SSH_PRIVATE_KEY" != "" ]; then
+            bash ci/deploy.sh
+          else
+            echo >&2 "Skipping deployment because the MANUBOT_SSH_PRIVATE_KEY secret is not set.
+            Instructions at https://github.com/manubot/rootstock/blob/master/SETUP.md#deploy-key"
+          fi
diff --git a/.travis.yml b/.travis.yml
@@ -15,8 +15,8 @@ cache:
     - ci/cache
 deploy:
   provider: script
-  script: bash -o xtrace ci/deploy.sh
+  script: bash ci/deploy.sh
   skip_cleanup: true
   on:
     branch: master
-    condition: $TRAVIS_EVENT_TYPE = "push"
+    condition: '[[ $TRAVIS_EVENT_TYPE = "push" && (-v MANUBOT_SSH_PRIVATE_KEY || "${!encrypted_*}" != "") ]]'
diff --git a/SETUP.md b/SETUP.md
@@ -105,7 +105,7 @@ cat ci/deploy.key.pub
 ```
 
 Go to the GitHub settings URL echoed above in a browser, and click "Add deploy key".
-For "Title", add a description like "Manubot Travis Deploy Key".
+For "Title", add a description like "Manubot Deploy Key".
 Copy-paste the contents of the `ci/deploy.key.pub` text file (printed above by `cat`) into the "Key" text box.
 Check the "Allow write access" box below.
 Finally, click "Add key".

diff --git a/ci/deploy.sh b/ci/deploy.sh
@@ -35,7 +35,7 @@ set +o xtrace  # disable xtrace in subshell for private key operations
 if [ -v MANUBOT_SSH_PRIVATE_KEY ]; then
   base64 --decode <<< "$MANUBOT_SSH_PRIVATE_KEY" | ssh-add -
 else
-echo "DeprecationWarning: Loading deploy.key from an encrypted file.
+echo >&2 "DeprecationWarning: Loading deploy.key from an encrypted file.
 In the future, using the MANUBOT_SSH_PRIVATE_KEY environment variable may be required."
 openssl aes-256-cbc \
   -K $encrypted_9befd6eddffe_key \