From e07bf1c0a27cfb37c67c5ffdc92bb92975eabbbf Mon Sep 17 00:00:00 2001 From: Signal Linden Date: Mon, 4 Mar 2024 17:32:35 -0800 Subject: Do not automatically close issues (#929) Mark issues as stale but do not close them. --- .github/workflows/stale.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 35ac41420c..e44e223589 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -17,7 +17,8 @@ jobs: with: stale-pr-message: This pull request is stale because it has been open 30 days with no activity. Remove stale label or comment or it will be closed in 7 days days-before-stale: 30 - days-before-close: 7 + days-before-close: 7 + days-before-issue-close: -1 exempt-pr-labels: blocked,must,should,keep stale-pr-label: stale - name: Print outputs -- cgit v1.2.3 From 6328cb7817174765d068685f67809108eb64f2b1 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 13:36:18 -0500 Subject: Make signing and symbol posting jobs conditional on secrets. Specifically, when secrets aren't available (e.g. for external PRs), skip the affected steps. --- .github/workflows/build.yaml | 4 ++++ 1 file changed, 4 insertions(+) (limited to '.github') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1dd2c1d5df..edb180a2d1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -250,6 +250,7 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: + if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID needs: build runs-on: windows steps: @@ -263,6 +264,7 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: + if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD needs: build runs-on: macos-latest steps: @@ -298,6 +300,7 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: @@ -311,6 +314,7 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: + if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From 73a12f5529cd6646b4d0a19ac3de15dc3a3570a6 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 13:50:38 -0500 Subject: Enclose 'if:' expressions in ${{ ... }}. The previous construct produced: Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.AZURE_KEY_VAULT_URI && ... --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '.github') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index edb180a2d1..5fad232203 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -250,7 +250,7 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID + if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: @@ -264,7 +264,7 @@ jobs: tenant_id: "${{ secrets.AZURE_TENANT_ID }}" sign-and-package-mac: - if: secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD + if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: @@ -300,7 +300,7 @@ jobs: note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: @@ -314,7 +314,7 @@ jobs: version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS + if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: -- cgit v1.2.3 From 74ee07d94268a76bcf24dfc0063fb5b6964ed607 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 5 Mar 2024 14:23:32 -0500 Subject: To test for presence of secrets, set environment variables. From https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow : "Secrets cannot be directly referenced in if: conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job." --- .github/workflows/build.yaml | 54 ++++++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 19 deletions(-) (limited to '.github') diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5fad232203..13798fc607 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -37,8 +37,6 @@ jobs: DEVELOPER_DIR: ${{ matrix.developer_dir }} # Ensure that Linden viewer builds engage Bugsplat. BUGSPLAT_DB: ${{ matrix.configuration != 'ReleaseOS' && 'SecondLife_Viewer_2018' || '' }} - BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} - BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} build_coverity: false build_log_dir: ${{ github.workspace }}/.logs build_viewer: true @@ -250,25 +248,36 @@ jobs: ${{ steps.build.outputs.physicstpv }} sign-and-package-windows: - if: ${{ secrets.AZURE_KEY_VAULT_URI && secrets.AZURE_CERT_NAME && secrets.AZURE_CLIENT_ID && secrets.AZURE_CLIENT_SECRET && secrets.AZURE_TENANT_ID }} + env: + AZURE_KEY_VAULT_URI: ${{ secrets.AZURE_KEY_VAULT_URI }} + AZURE_CERT_NAME: ${{ secrets.AZURE_CERT_NAME }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} needs: build runs-on: windows steps: - name: Sign and package Windows viewer + if: env.AZURE_KEY_VAULT_URI && env.AZURE_CERT_NAME && env.AZURE_CLIENT_ID && env.AZURE_CLIENT_SECRET && env.AZURE_TENANT_ID uses: secondlife/viewer-build-util/sign-pkg-windows@v1 with: - vault_uri: "${{ secrets.AZURE_KEY_VAULT_URI }}" - cert_name: "${{ secrets.AZURE_CERT_NAME }}" - client_id: "${{ secrets.AZURE_CLIENT_ID }}" - client_secret: "${{ secrets.AZURE_CLIENT_SECRET }}" - tenant_id: "${{ secrets.AZURE_TENANT_ID }}" + vault_uri: "${{ env.AZURE_KEY_VAULT_URI }}" + cert_name: "${{ env.AZURE_CERT_NAME }}" + client_id: "${{ env.AZURE_CLIENT_ID }}" + client_secret: "${{ env.AZURE_CLIENT_SECRET }}" + tenant_id: "${{ env.AZURE_TENANT_ID }}" sign-and-package-mac: - if: ${{ secrets.NOTARIZE_CREDS_MACOS && secrets.SIGNING_CERT_MACOS && secrets.SIGNING_CERT_MACOS_IDENTITY && secrets.SIGNING_CERT_MACOS_PASSWORD }} + env: + NOTARIZE_CREDS_MACOS: ${{ secrets.NOTARIZE_CREDS_MACOS }} + SIGNING_CERT_MACOS: ${{ secrets.SIGNING_CERT_MACOS }} + SIGNING_CERT_MACOS_IDENTITY: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + SIGNING_CERT_MACOS_PASSWORD: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} needs: build runs-on: macos-latest steps: - name: Unpack Mac notarization credentials + if: env.NOTARIZE_CREDS_MACOS id: note-creds shell: bash run: | @@ -276,7 +285,7 @@ jobs: # USERNAME="..." # PASSWORD="..." # TEAM_ID="..." - eval "${{ secrets.NOTARIZE_CREDS_MACOS }}" + eval "${{ env.NOTARIZE_CREDS_MACOS }}" echo "::add-mask::$USERNAME" echo "::add-mask::$PASSWORD" echo "::add-mask::$TEAM_ID" @@ -288,41 +297,48 @@ jobs: [[ -n "$USERNAME" && -n "$PASSWORD" && -n "$TEAM_ID" ]] - name: Sign and package Mac viewer + if: env.SIGNING_CERT_MACOS && env.SIGNING_CERT_MACOS_IDENTITY && env.SIGNING_CERT_MACOS_PASSWORD && steps.note-creds.outputs.note_user && steps.note-creds.outputs.note_pass && steps.note-creds.outputs.note_team uses: secondlife/viewer-build-util/sign-pkg-mac@v1 with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} - cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} - cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} - cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + cert_base64: ${{ env.SIGNING_CERT_MACOS }} + cert_name: ${{ env.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ env.SIGNING_CERT_MACOS_PASSWORD }} note_user: ${{ steps.note-creds.outputs.note_user }} note_pass: ${{ steps.note-creds.outputs.note_pass }} note_team: ${{ steps.note-creds.outputs.note_team }} post-windows-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Windows symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-windows@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} post-mac-symbols: - if: ${{ secrets.BUGSPLAT_USER && secrets.BUGSPLAT_PASS }} + env: + BUGSPLAT_USER: ${{ secrets.BUGSPLAT_USER }} + BUGSPLAT_PASS: ${{ secrets.BUGSPLAT_PASS }} needs: build runs-on: ubuntu-latest steps: - name: Post Mac symbols + if: env.BUGSPLAT_USER && env.BUGSPLAT_PASS uses: secondlife/viewer-build-util/post-bugsplat-mac@v1 with: - username: ${{ secrets.BUGSPLAT_USER }} - password: ${{ secrets.BUGSPLAT_PASS }} + username: ${{ env.BUGSPLAT_USER }} + password: ${{ env.BUGSPLAT_PASS }} database: "SecondLife_Viewer_2018" channel: ${{ needs.build.outputs.viewer_channel }} version: ${{ needs.build.outputs.viewer_version }} -- cgit v1.2.3