Allow direct Cloudflare deploy token
This commit is contained in:
parent
d94a48594e
commit
d5588360f9
2 changed files with 20 additions and 15 deletions
|
|
@ -153,16 +153,28 @@ jobs:
|
|||
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null
|
||||
|
||||
- name: Configure CI Age identity
|
||||
- name: Configure Cloudflare credentials
|
||||
env:
|
||||
DIRECT_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
cd .repo
|
||||
if [[ -n "${DIRECT_CLOUDFLARE_API_TOKEN:-}" ]]; then
|
||||
echo "::add-mask::${DIRECT_CLOUDFLARE_API_TOKEN}"
|
||||
echo "CLOUDFLARE_API_TOKEN=${DIRECT_CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV"
|
||||
|
||||
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
|
||||
-H "content-type: application/json" \
|
||||
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"direct token ok"}' >/dev/null
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
|
||||
echo "error: missing Actions secret AGE_FORGE_SSH_KEY"
|
||||
echo "error: missing Actions secret CLOUDFLARE_API_TOKEN or AGE_FORGE_SSH_KEY"
|
||||
exit 2
|
||||
fi
|
||||
install -d -m 700 "$HOME/.ssh"
|
||||
|
|
@ -178,13 +190,6 @@ jobs:
|
|||
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null
|
||||
|
||||
- name: Decrypt CI secrets from repo
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
cd .repo
|
||||
key_file="$HOME/.ssh/age_forge_ed25519"
|
||||
secret_file="secrets/cloudflare-api-token.age"
|
||||
if [[ ! -f "$secret_file" ]]; then
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue