From d4cbdc84ca40608bb968258328e7abe6de23d435 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20B=C3=A1lint=20Misius?= Date: Thu, 24 Oct 2024 08:50:32 +0200 Subject: [PATCH] Migrate starcatcher-publish step to sftp --- .github/starcatcher-publish.sh | 27 +++++++++++++++------------ .github/workflows/build.yaml | 22 +++++++++++----------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/.github/starcatcher-publish.sh b/.github/starcatcher-publish.sh index ef89a4f53..1c14fda94 100755 --- a/.github/starcatcher-publish.sh +++ b/.github/starcatcher-publish.sh @@ -3,18 +3,21 @@ set -euo pipefail IFS=$'\n\t' -cat << NETRC > ~/.netrc -machine $(echo $PUBLISH_HOSTPORT | cut -d ':' -f 1) -login $PUBLISH_USERNAME -password $PUBLISH_PASSWORD -NETRC -chmod 660 ~/.netrc +host=$(echo "$PUBLISH_HOSTPORT" | cut -d ':' -f 1) +port=$(echo "$PUBLISH_HOSTPORT" | cut -d ':' -f 2) -mountpoint=ftpmnt -mkdir $mountpoint -curlftpfs "$PUBLISH_HOSTPORT" $mountpoint -o ssl,ciphers='ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256' +set +e +mkdir ~/.ssh +chmod 700 ~/.ssh +touch ~/.ssh/known_hosts +chmod 600 ~/.ssh/known_hosts +set -e + +echo "[$host]:$port ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsmJkDd7Rxnuuf4kpbJCDZvkO03lp4lmpzGmFW6LCqG" >> ~/.ssh/known_hosts + +commands="quit"$'\n' if [[ -z ${PUBLISH_ACCESSCHECK-} ]]; then - cp $PUBLISH_FILENAME $mountpoint/${PUBLISH_DIRECTORY:-.}/ + commands="put $PUBLISH_FILENAME"$'\n'"$commands" + commands="cd ${PUBLISH_DIRECTORY:-.}"$'\n'"$commands" fi -fusermount -u $mountpoint -rmdir $mountpoint +SSHPASS="$PUBLISH_PASSWORD" sshpass -e sftp -oPort="$port" -oBatchMode=no -b - "$PUBLISH_USERNAME@$host" <<< "$commands" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 47f71d101..2ec0beb79 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -14,7 +14,7 @@ on: jobs: prepare: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: do_release: ${{ steps.prepare.outputs.do_release }} build_matrix: ${{ steps.prepare.outputs.build_matrix }} @@ -39,13 +39,13 @@ jobs: - id: prepare run: python ./.github/prepare.py env: - PUBLISH_HOSTPORT: ${{ secrets.STARCATCHER_PUBLISH_HOSTPORT }} + PUBLISH_HOSTPORT: ${{ vars.STARCATCHER_PUBLISH_HOSTPORT }} GITHUB_REF: ${{ github.ref }} - if: steps.prepare.outputs.do_publish == 'yes' - run: sudo apt update && sudo apt install curlftpfs && bash -c './.github/starcatcher-publish.sh' + run: bash -c './.github/starcatcher-publish.sh' env: - PUBLISH_HOSTPORT: ${{ secrets.STARCATCHER_PUBLISH_HOSTPORT }} - PUBLISH_USERNAME: ${{ secrets.STARCATCHER_PUBLISH_USERNAME }} + PUBLISH_HOSTPORT: ${{ vars.STARCATCHER_PUBLISH_HOSTPORT }} + PUBLISH_USERNAME: ${{ vars.STARCATCHER_PUBLISH_USERNAME }} PUBLISH_PASSWORD: ${{ secrets.STARCATCHER_PUBLISH_PASSWORD }} PUBLISH_ACCESSCHECK: yes - if: steps.prepare.outputs.do_release == 'yes' @@ -147,7 +147,7 @@ jobs: path: build/${{ matrix.debug_asset_path }} name: ${{ matrix.debug_asset_name }} publish: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: [build, prepare] strategy: fail-fast: false @@ -160,15 +160,15 @@ jobs: with: name: ${{ matrix.asset_name }} - run: mv ${{ matrix.asset_path }} ${{ matrix.starcatcher_name }} - - run: sudo apt update && sudo apt install curlftpfs && bash -c './.github/starcatcher-publish.sh' + - run: bash -c './.github/starcatcher-publish.sh' env: - PUBLISH_HOSTPORT: ${{ secrets.STARCATCHER_PUBLISH_HOSTPORT }} - PUBLISH_USERNAME: ${{ secrets.STARCATCHER_PUBLISH_USERNAME }} + PUBLISH_HOSTPORT: ${{ vars.STARCATCHER_PUBLISH_HOSTPORT }} + PUBLISH_USERNAME: ${{ vars.STARCATCHER_PUBLISH_USERNAME }} PUBLISH_PASSWORD: ${{ secrets.STARCATCHER_PUBLISH_PASSWORD }} - PUBLISH_DIRECTORY: ${{ secrets.STARCATCHER_PUBLISH_DIRECTORY }} + PUBLISH_DIRECTORY: ${{ vars.STARCATCHER_PUBLISH_DIRECTORY }} PUBLISH_FILENAME: ${{ matrix.starcatcher_name }} release: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: [build, publish, prepare] if: needs.prepare.outputs.do_publish == 'yes' steps: