Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] IEP-1042: Run the installer action with the publishing of release on idf-eclipse-plugin github page #836

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/run_idf_installer_build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: run_idf_installer_build

on:
release:
types:
- published
pull_request:

Comment on lines +7 to +8
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull_request trigger does not specify event types. If the intention is to run the workflow for all pull request events, the colon after pull_request should be removed. If specific event types are desired, they need to be listed.

-  pull_request:
+  pull_request

Committable suggestion

IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change
pull_request:
pull_request

jobs:
run-idf-installer-build:
name: IDF Installer Build
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Get IDE version from release tag
run: |
TAG=${{ github.event.release.tag_name }}
IDE_VERSION=${TAG#v}
echo "IDE Version is $IDE_VERSION"
echo "IDE_VERSION=$IDE_VERSION" >> $GITHUB_ENV
Comment on lines +20 to +23
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IDE version extraction assumes the tag starts with 'v'. If this is not always the case, the script may fail to extract the correct version. A check should be added to ensure the tag starts with 'v' before stripping it.


- name: Get latest release from espressif/esp-idf
run: |
RESPONSE=$(curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.REPO_ACCESS_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/espressif/esp-idf/releases/latest)

TAG_NAME=$(echo "$RESPONSE" | jq -r '.tag_name')
IDF_VERSION=${TAG_NAME#v}
echo "Latest IDF Version is: $IDF_VERSION"
echo "IDF_VERSION=$IDF_VERSION" >> $GITHUB_ENV
Comment on lines +27 to +36
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a personal access token with potentially broad permissions could be a security risk. Ensure that the token used has the minimum required permissions, or consider fetching the release without authentication if possible.

Comment on lines +33 to +36
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script assumes that the IDF version tag will always start with 'v'. If this is not always the case, the script may fail to extract the correct version. A check should be added to ensure the tag starts with 'v' before stripping it.



- name: Trigger the Receiver Action
run: |
curl -X POST \
-H "Authorization: Bearer ${{ secrets.REPO_ACCESS_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/espressif/idf-installer/actions/workflows/build-espressif-ide-installer.yml/dispatches \
-d '{
"ref": "main",
"inputs": {
"espressif_ide_version": "'$IDE_VERSION'",
"esp_idf_version": "'$IDF_VERSION'",
"python_version": "3.11"
}
}'
Comment on lines +41 to +52
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script uses a personal access token to trigger the Receiver Action. Ensure that the token used has the minimum required permissions to mitigate security risks.


Loading