Merge pull request #1025 from EOSIO/cicd_checking_credentials

Adjusting CI/CD to check for credentials before starting certain workflows
EOSIO · Sep 20, 2021 · 792b131 · 792b131
2 parents 99d21e8 + c4c7da9
commit 792b131
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 3 deletions.
diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
@@ -5,9 +5,31 @@ on:
   workflow_dispatch:
 
 jobs:
+  check-tokens:
+    name: "Check Docker Hub Token"
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Check for DOCKERHUB_TOKEN
+        id: check_token
+        run: echo ::set-output name=token_exists::${HAS_SECRET}
+        env:
+          HAS_SECRET: ${{ secrets.DOCKERHUB_TOKEN != null }}
+      - name: Succeed job on existing DOCKERHUB_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'true' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setOutput('Success. DOCKERHUB_TOKEN is present in repository secrets.');
+      - name: Fail on missing DOCKERHUB_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'false' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setFailed('Failure: No DOCKERHUB_TOKEN present in repository secrets.');
   build-docker-2_1_x:
     name: Build Docker - nodeos release/2.1.x
     runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@@ -64,6 +86,7 @@ jobs:
   build-docker-2_2_x:
     name: Build Docker - nodeos release/2.2.x
     runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@@ -120,6 +143,7 @@ jobs:
   build-docker-develop:
     name: Build Docker - nodeos develop
     runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -65,7 +65,7 @@ jobs:
           PROTECTED=$(curl "https://api.github.com/repos/${{ github.repository }}/branches/${GITHUB_REF#refs/*/}" 2>/dev/null | jq -r '.protected')
           echo ::set-output name=protected::$PROTECTED
       - name: Commit/Push
-        if: github.event_name == 'push' && steps.protected_step.outputs.protected == 'false'
+        if: github.event_name == 'push' && steps.protected_step.outputs.protected == 'false' && github.actor != 'dependabot[bot]'
         run: |
           git config --global user.name 'Block.one DevOps'
           git config --global user.email '[email protected]'

diff --git a/.github/workflows/publish-edge.yml b/.github/workflows/publish-edge.yml
@@ -5,9 +5,31 @@ on:
       - develop
 
 jobs:
+  check-tokens:
+    name: "Check NPM Token"
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Check for NPM_AUTH_TOKEN
+        id: check_token
+        run: echo ::set-output name=token_exists::${HAS_SECRET}
+        env:
+          HAS_SECRET: ${{ secrets.NPM_AUTH_TOKEN != null }}
+      - name: Succeed job on existing NPM_AUTH_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'true' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setOutput('Success. NPM_AUTH_TOKEN is present in repository secrets.');
+      - name: Fail on missing NPM_AUTH_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'false' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setFailed('Failure: No NPM_AUTH_TOKEN present in repository secrets.');
   publish-edge:
     name: Publish Edge
     runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -4,10 +4,33 @@ on:
     types: [published]
 
 jobs:
+  check-tokens:
+    name: "Check NPM Token"
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Check for NPM_AUTH_TOKEN
+        id: check_token
+        run: echo ::set-output name=token_exists::${HAS_SECRET}
+        env:
+          HAS_SECRET: ${{ secrets.NPM_AUTH_TOKEN != null }}
+      - name: Succeed job on existing NPM_AUTH_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'true' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setOutput('Success. NPM_AUTH_TOKEN is present in repository secrets.');
+      - name: Fail on missing NPM_AUTH_TOKEN
+        if: ${{ steps.check_token.outputs.token_exists == 'false' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setFailed('Failure: No NPM_AUTH_TOKEN present in repository secrets.');
+
   publish-release:
     if: "!github.event.release.prerelease"
     name: Publish Release
     runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
@@ -56,11 +79,11 @@ jobs:
           - 8888:8888
           - 9876:9876
 
-
   publish-rc:
     if: "github.event.release.prerelease"
     name: Publish RC
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-18.04
+    needs: check-tokens
     steps:
       - name: Checkout
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f