From 9758c5096db9adfc5269979563c96423596aa462 Mon Sep 17 00:00:00 2001 From: Alex Bozarth Date: Wed, 18 Dec 2024 11:12:20 -0600 Subject: [PATCH] Update CI to inherit secrets between workflows (#335) By default called workflows don't have access to secrets, this causes issues when needing access to our dockerhib secrets for push. This adds `secrets: inherit` to all local workflow calls Signed-off-by: Alex Bozarth --- .github/workflow-templates/template.yml | 11 +++++------ .github/workflows/build.yml | 12 ++++++++++++ .github/workflows/curl.yml | 3 +++ .github/workflows/h2load.yml | 1 + .github/workflows/haproxy.yml | 1 + .github/workflows/httpd.yml | 1 + .github/workflows/locust.yml | 1 + .github/workflows/mosquitto.yml | 1 + .github/workflows/nginx.yml | 1 + .github/workflows/ngtcp2.yml | 2 ++ .github/workflows/openssh.yml | 1 + .github/workflows/openssl3.yml | 1 + .github/workflows/openvpn.yml | 1 + .github/workflows/wireshark.yml | 1 + 14 files changed, 32 insertions(+), 6 deletions(-) diff --git a/.github/workflow-templates/template.yml b/.github/workflow-templates/template.yml index 0e4a294..29fd0d7 100644 --- a/.github/workflow-templates/template.yml +++ b/.github/workflow-templates/template.yml @@ -92,9 +92,8 @@ jobs: push: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build - runs-on: ubuntu-latest - steps: - - uses: ./.github/workflows/manifest.yml - with: - image_name: - release_tag: ${{ inputs.release_tag || 'latest' }} + uses: ./.github/workflows/push-manifest.yml + secrets: inherit + with: + image_name: + release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b914ff2..caf3f71 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,72 +29,84 @@ on: jobs: curl: uses: ./.github/workflows/curl.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} h2load: uses: ./.github/workflows/h2load.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} haproxy: uses: ./.github/workflows/haproxy.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} httpd: uses: ./.github/workflows/httpd.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} locust: uses: ./.github/workflows/locust.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} mosquitto: uses: ./.github/workflows/mosquitto.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} nginx: uses: ./.github/workflows/nginx.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} ngtcp2: uses: ./.github/workflows/ngtcp2.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openssh: uses: ./.github/workflows/openssh.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openssl3: uses: ./.github/workflows/openssl3.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} openvpn: uses: ./.github/workflows/openvpn.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} wireshark: uses: ./.github/workflows/wireshark.yml + secrets: inherit with: build_main: ${{ !contains(inputs.build_main == 'true', 'false') }} release_tag: ${{ inputs.release_tag }} diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 290730b..a98e229 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -142,6 +142,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: curl release_tag: optimized @@ -150,6 +151,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: curl-dev release_tag: latest @@ -158,6 +160,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: curl release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/h2load.yml b/.github/workflows/h2load.yml index ffa2065..cea5b00 100644 --- a/.github/workflows/h2load.yml +++ b/.github/workflows/h2load.yml @@ -101,6 +101,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: h2load release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml index e9e1dd0..a142667 100644 --- a/.github/workflows/haproxy.yml +++ b/.github/workflows/haproxy.yml @@ -104,6 +104,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: haproxy release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/httpd.yml b/.github/workflows/httpd.yml index 5794105..ac38857 100644 --- a/.github/workflows/httpd.yml +++ b/.github/workflows/httpd.yml @@ -104,6 +104,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: httpd release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/locust.yml b/.github/workflows/locust.yml index c98907f..33ffa52 100644 --- a/.github/workflows/locust.yml +++ b/.github/workflows/locust.yml @@ -128,6 +128,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: locust release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index d0dfb7d..4e2a9da 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -95,6 +95,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: mosquitto release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index dab9ced..a08d02a 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -105,6 +105,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: nginx release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/ngtcp2.yml b/.github/workflows/ngtcp2.yml index e1504f9..74e9e05 100644 --- a/.github/workflows/ngtcp2.yml +++ b/.github/workflows/ngtcp2.yml @@ -121,6 +121,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: ngtcp2-server release_tag: ${{ inputs.release_tag || 'latest' }} @@ -129,6 +130,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: ngtcp2-client release_tag: ${{ inputs.release_tag || 'latest' }} \ No newline at end of file diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index b28d608..8a0daec 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -91,6 +91,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: openssh release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 79487c1..a792786 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -92,6 +92,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: openssl3 release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 02d6c64..178b313 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -92,6 +92,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: openvpn release_tag: ${{ inputs.release_tag || 'latest' }} diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml index ad3c6db..25aff34 100644 --- a/.github/workflows/wireshark.yml +++ b/.github/workflows/wireshark.yml @@ -85,6 +85,7 @@ jobs: if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' && inputs.build_main != 'true' }} needs: build uses: ./.github/workflows/push-manifest.yml + secrets: inherit with: image_name: wireshark release_tag: ${{ inputs.release_tag || 'latest' }}