Skip to content

Simplify actions/lp-snap-build to be reusable #14601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tomponline merged 2 commits into from
Dec 11, 2024
Merged

Simplify actions/lp-snap-build to be reusable #14601

tomponline merged 2 commits into from
Dec 11, 2024

Conversation

@simondeziel
Copy link
Member

@simondeziel simondeziel commented Dec 6, 2024
edited
Loading

I had not properly looked at all the possible variation of the Trigger Launchpad snap build step that all our repos and branches have. This step being repo/branch specific, it's hard to push it to a generic action.

As such, go back a little and keep the actual build trigger and some git interaction parts out of the action.

This also changes how the action gets access to the private SSH key as actions don't have access to the secrets context as seen in https://github.com/canonical/lxd/actions/runs/12201759238/job/34050919117

@simondeziel simondeziel marked this pull request as draft December 6, 2024 19:58
@simondeziel simondeziel changed the title Simplification of actions/lp-snap-build to be reusable Simplify actions/lp-snap-build to be reusable Dec 6, 2024
@simondeziel simondeziel marked this pull request as ready for review December 6, 2024 22:06
tomponline
tomponline reviewed Dec 7, 2024
View reviewed changes
Copy link
Member

@tomponline tomponline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does passing the secret to the action cause it to be logged somewhere as the input to the actions?

@simondeziel
Copy link
Member Author

simondeziel commented Dec 9, 2024

Does passing the secret to the action cause it to be logged somewhere as the input to the actions?

Since this is the official recommended way, I hope not. From what I've read, we should see this obfuscated with ***.

@tomponline
Copy link
Member

tomponline commented Dec 9, 2024

Since this is the official recommended way, I hope not. From what I've read, we should see this obfuscated with ***.

Can you check on your own fork with a test secret in a workflow and double check, as dont want that ssh key published.

@simondeziel
Copy link
Member Author

simondeziel commented Dec 9, 2024

Proper obfuscation happens (https://github.com/simondeziel/lxd/actions/runs/12243790782/job/34154120501) so the GH doc is accurate.

tomponline
tomponline reviewed Dec 10, 2024
View reviewed changes
@simondeziel
Copy link
Member Author

simondeziel commented Dec 10, 2024

@tomponline PTAL

tomponline
tomponline reviewed Dec 11, 2024
View reviewed changes
Copy link
Member

@tomponline tomponline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the reason we cant move the call to lxd-snapscraft and the commit, push etc into the action as well?

@tomponline tomponline merged commit 74fe2ff into canonical:main Dec 11, 2024
24 checks passed
@simondeziel simondeziel deleted the lp-snap-action branch December 11, 2024 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomponline tomponline tomponline approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simondeziel @tomponline