Debug github cd variables

oursky · May 23, 2024 · 6ec2016 · 6ec2016
1 parent 9c02c69
commit 6ec2016
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 7 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -5,31 +5,70 @@ concurrency:
   cancel-in-progress: true
 
 on:
+  pull_request:
+    branches:
+      - test-cd
   push:
     branches:
-      - do-not-run-cd # dont run cd until pageship deployment with github OIDC token is resolved
+      - test-cd # dont run cd until pageship deployment with github OIDC token is resolved
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
   cd:
     name: cd
     runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      id-token: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 18
+      - name: Debug github actions env variables
+        run: |
+          echo hihi
+          echo hihi2
+          echo ACTIONS_RUNTIME_TOKEN___${ACTIONS_RUNTIME_TOKEN}
+          echo ${ACTIONS_ID_TOKEN_REQUEST_URL}
+          echo $ACTIONS_RUNTIME_TOKEN
+          echo $ACTIONS_ID_TOKEN_REQUEST_URL
+          echo ------------
+          env
+          echo hihiend
+      # START https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#requesting-the-jwt-using-environment-variables
+      - uses: actions/github-script@v6
+        id: script
+        timeout-minutes: 10
+        with:
+          debug: true
+          script: |
+            const token = process.env['ACTIONS_RUNTIME_TOKEN']
+            const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
+            core.setOutput('TOKEN', token.trim())
+            core.setOutput('IDTOKENURL', runtimeUrl.trim())
+      - run: |
+          IDTOKEN=$(curl -H "Authorization: bearer  ${{steps.script.outputs.TOKEN}}" ${{steps.script.outputs.IDTOKENURL}}  -H "Accept: application/json; api-version=2.0" -H "Content-Type: application/json" -d "{}" | jq -r '.value')
+          echo $IDTOKEN
+          jwtd() {
+              if [[ -x $(command -v jq) ]]; then
+                  jq -R 'split(".") | .[0],.[1] | @base64d | fromjson' <<< "${1}"
+                  echo "Signature: $(echo "${1}" | awk -F'.' '{print $3}')"
+              fi
+          }
+          jwtd $IDTOKEN
+          echo "idToken=${IDTOKEN}" >> $GITHUB_OUTPUT
+        id: tokenid
+      # END https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#requesting-the-jwt-using-environment-variables
       - run: npm ci
       - name: Set env to staging
         run: |
           if [[ "${{ github.ref_name }}" == "main" ]]; then
-            echo "ENV=staging" >> $GITHUB_ENV
+            echo "ENV=dev" >> $GITHUB_ENV
           elif [[ "${{ github.ref_name }}" == "production" ]]; then
             echo "ENV=production" >> $GITHUB_ENV
           fi
-      - name: build html
+      - name: Build html
         run: npm run build
       - name: Deploy
         env:

diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ PAGESHIP_API := https://api.pages.pandawork.com
 ifeq ($(GITHUB_REF_NAME),production)
 ENV ?= $(GITHUB_REF_NAME)
 else
-ENV ?= staging
+ENV ?= dev
 endif
 
 ifeq (${ACTIONS_ID_TOKEN_REQUEST_URL},)

diff --git a/pageship.dev.toml b/pageship.dev.toml
@@ -0,0 +1,21 @@
+[app]
+id = "mockuphone-dev"
+
+team = [
+    # Allow GitHub Actions in your repo to deploy
+    { gitHubRepositoryActions="oursky/mockuphone.com", access="deployer" },
+    { gitHubRepositoryActions="pkong-ds/mockuphone.com", access="deployer" }
+]
+
+
+[app.deployments]
+# ttl = "24h"
+# access = []
+
+[[app.sites]]
+name = "main"
+
+[site]
+public = "dist"
+
+# access = []