Merge pull request #2498 from signalwire/gha

[GHA] Fail early when required secret not set.
signalwire · Jun 25, 2024 · 6bf2237 · 6bf2237
2 parents 70c5520 + 1c7163e
commit 6bf2237
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 19 deletions.
diff --git a/.github/docker/debian/bookworm/amd64/Dockerfile b/.github/docker/debian/bookworm/amd64/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bookworm/arm32v7/Dockerfile b/.github/docker/debian/bookworm/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bookworm/arm64v8/Dockerfile b/.github/docker/debian/bookworm/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/amd64/Dockerfile b/.github/docker/debian/bullseye/amd64/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/arm32v7/Dockerfile b/.github/docker/debian/bullseye/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/arm64v8/Dockerfile b/.github/docker/debian/bullseye/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/amd64/Dockerfile b/.github/docker/debian/buster/amd64/Dockerfile
@@ -64,7 +64,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -73,7 +73,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/arm32v7/Dockerfile b/.github/docker/debian/buster/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/arm64v8/Dockerfile b/.github/docker/debian/buster/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,6 +1,12 @@
 name: Build and Distribute
 
 on:
+  pull_request_target:
+    types:
+      - ready_for_review
+    paths:
+      - '**'
+      - '!.github/'
   pull_request:
   push:
     branches:
@@ -23,7 +29,7 @@ jobs:
         run: |
           JSON="[]"
 
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+          if [[ "${{ github.event_name }}" == "pull_request" || "${{ github.event_name }}" == "pull_request_target" ]]; then
             JSON=$(jq -n '[
               {
                 "version": "bookworm",