Change CI behavior when MANUBOT_SSH_PRIVATE_KEY is unset #302
Conversation
| @@ -35,15 +35,9 @@ set +o xtrace # disable xtrace in subshell for private key operations | |||
| if [ -v MANUBOT_SSH_PRIVATE_KEY ]; then | |||
| base64 --decode <<< "$MANUBOT_SSH_PRIVATE_KEY" | ssh-add - | |||
| else | |||
| echo "DeprecationWarning: Loading deploy.key from an encrypted file. | |||
There was a problem hiding this comment.
This the only change I'm not completely sure about. It is probably safe to drop support for the deprecated deploy.key now.
There was a problem hiding this comment.
I'd love to get rid of it, but there's no need with the current way we're doing the conditionality.
.travis.yml
Outdated
| skip_cleanup: true | ||
| on: | ||
| branch: master | ||
| condition: $TRAVIS_EVENT_TYPE = "push" | ||
| condition: $TRAVIS_EVENT_TYPE = "push" && -v MANUBOT_SSH_PRIVATE_KEY |
There was a problem hiding this comment.
Should we add a similar condition to GitHub Actions? We wouldn't recommend enabling GitHub Actions and Travis CI and setting the private key only for Travis, but someone could do that.
There was a problem hiding this comment.
Good idea. This way we can continue supporting the encrypted file travis deploy keys.
There was a problem hiding this comment.
Wait actually this breaks the deploy for travis users still using the old method, because MANUBOT_SSH_PRIVATE_KEY is unset for them. Hmm not sure what to do.
There was a problem hiding this comment.
Oh, right. I had the logic mixed up.
dhimmel
force-pushed
the
envvar-config
branch
from
711a79b to
a235454
Compare
dhimmel
force-pushed
the
envvar-config
branch
from
321b0f8 to
83960c0
Compare
| @@ -36,4 +36,10 @@ jobs: | |||
| MANUBOT_SSH_PRIVATE_KEY: ${{ secrets.MANUBOT_SSH_PRIVATE_KEY }} | |||
| BUILD_WEB_URL: https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks | |||
| shell: bash --login {0} | |||
| run: bash ci/deploy.sh | |||
| run: | | |||
| if [ "$MANUBOT_SSH_PRIVATE_KEY" != "" ]; then | |||
There was a problem hiding this comment.
This would be better in an if expression for the step, but I couldn't figure out how to do that.
https://github.community/t5/GitHub-Actions/If-expression-with-context-variable/m-p/34560/highlight/true#M1959
do not know if this will work https://unix.stackexchange.com/a/290296/294987
|
Travis is working after fixup in f6b6231 Failure in https://travis-ci.com/manubot/rootstock/builds/145088017#L2183 expected, because I hadn't deleted the legacy encrypted_* env vars. |
merges manubot/rootstock#302 GitHub Actions: do not run deploy.sh if secrets.MANUBOT_SSH_PRIVATE_KEY is not set resulting in `env: MANUBOT_SSH_PRIVATE_KEY: ""` https://github.community/t5/GitHub-Actions/If-expression-with-context-variable/m-p/34560/highlight/true#M1959 Travis CI: condition deploy on MANUBOT_SSH_PRIVATE_KEY being set or variable name expansion for encrypted_*. https://unix.stackexchange.com/a/290296/294987 https://wiki.bash-hackers.org/syntax/pe#variable_name_expansion
Not sure yet which parts of this we want to keep