From 6ec201628fda2e2d6bf0c5201209835db7a86388 Mon Sep 17 00:00:00 2001 From: pkong-ds Date: Thu, 23 May 2024 15:34:18 +0800 Subject: [PATCH] Debug github cd variables --- .github/workflows/cd.yaml | 51 ++++++++++++++++++++++++++++++++++----- Makefile | 2 +- pageship.dev.toml | 21 ++++++++++++++++ 3 files changed, 67 insertions(+), 7 deletions(-) create mode 100644 pageship.dev.toml diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 31893d1..4f7471c 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -5,31 +5,70 @@ concurrency: cancel-in-progress: true on: + pull_request: + branches: + - test-cd push: branches: - - do-not-run-cd # dont run cd until pageship deployment with github OIDC token is resolved + - test-cd # dont run cd until pageship deployment with github OIDC token is resolved + +permissions: + contents: read + id-token: write jobs: cd: name: cd runs-on: ubuntu-22.04 - permissions: - contents: read - id-token: write steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: 18 + - name: Debug github actions env variables + run: | + echo hihi + echo hihi2 + echo ACTIONS_RUNTIME_TOKEN___${ACTIONS_RUNTIME_TOKEN} + echo ${ACTIONS_ID_TOKEN_REQUEST_URL} + echo $ACTIONS_RUNTIME_TOKEN + echo $ACTIONS_ID_TOKEN_REQUEST_URL + echo ------------ + env + echo hihiend + # START https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#requesting-the-jwt-using-environment-variables + - uses: actions/github-script@v6 + id: script + timeout-minutes: 10 + with: + debug: true + script: | + const token = process.env['ACTIONS_RUNTIME_TOKEN'] + const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'] + core.setOutput('TOKEN', token.trim()) + core.setOutput('IDTOKENURL', runtimeUrl.trim()) + - run: | + IDTOKEN=$(curl -H "Authorization: bearer ${{steps.script.outputs.TOKEN}}" ${{steps.script.outputs.IDTOKENURL}} -H "Accept: application/json; api-version=2.0" -H "Content-Type: application/json" -d "{}" | jq -r '.value') + echo $IDTOKEN + jwtd() { + if [[ -x $(command -v jq) ]]; then + jq -R 'split(".") | .[0],.[1] | @base64d | fromjson' <<< "${1}" + echo "Signature: $(echo "${1}" | awk -F'.' '{print $3}')" + fi + } + jwtd $IDTOKEN + echo "idToken=${IDTOKEN}" >> $GITHUB_OUTPUT + id: tokenid + # END https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#requesting-the-jwt-using-environment-variables - run: npm ci - name: Set env to staging run: | if [[ "${{ github.ref_name }}" == "main" ]]; then - echo "ENV=staging" >> $GITHUB_ENV + echo "ENV=dev" >> $GITHUB_ENV elif [[ "${{ github.ref_name }}" == "production" ]]; then echo "ENV=production" >> $GITHUB_ENV fi - - name: build html + - name: Build html run: npm run build - name: Deploy env: diff --git a/Makefile b/Makefile index b4b2019..f3f5fa6 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ PAGESHIP_API := https://api.pages.pandawork.com ifeq ($(GITHUB_REF_NAME),production) ENV ?= $(GITHUB_REF_NAME) else -ENV ?= staging +ENV ?= dev endif ifeq (${ACTIONS_ID_TOKEN_REQUEST_URL},) diff --git a/pageship.dev.toml b/pageship.dev.toml new file mode 100644 index 0000000..3bbc717 --- /dev/null +++ b/pageship.dev.toml @@ -0,0 +1,21 @@ +[app] +id = "mockuphone-dev" + +team = [ + # Allow GitHub Actions in your repo to deploy + { gitHubRepositoryActions="oursky/mockuphone.com", access="deployer" }, + { gitHubRepositoryActions="pkong-ds/mockuphone.com", access="deployer" } +] + + +[app.deployments] +# ttl = "24h" +# access = [] + +[[app.sites]] +name = "main" + +[site] +public = "dist" + +# access = []