Allow direct Cloudflare deploy token
Some checks failed
deploy-cloudflare / checks (push) Successful in 1m48s
deploy-cloudflare/breadcrumb bootstrap ok
deploy-cloudflare / deploy (push) Failing after 23s
ci-gates / checks (push) Successful in 6m22s

This commit is contained in:
Conrad Kramer 2026-06-10 04:10:12 -07:00
parent d94a48594e
commit d5588360f9
No known key found for this signature in database
2 changed files with 20 additions and 15 deletions

View file

@ -153,16 +153,28 @@ jobs:
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \ "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null -d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null
- name: Configure CI Age identity - name: Configure Cloudflare credentials
env: env:
DIRECT_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }} AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
GITHUB_TOKEN: ${{ github.token }} GITHUB_TOKEN: ${{ github.token }}
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
cd .repo cd .repo
if [[ -n "${DIRECT_CLOUDFLARE_API_TOKEN:-}" ]]; then
echo "::add-mask::${DIRECT_CLOUDFLARE_API_TOKEN}"
echo "CLOUDFLARE_API_TOKEN=${DIRECT_CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV"
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
-H "content-type: application/json" \
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"direct token ok"}' >/dev/null
exit 0
fi
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
echo "error: missing Actions secret AGE_FORGE_SSH_KEY" echo "error: missing Actions secret CLOUDFLARE_API_TOKEN or AGE_FORGE_SSH_KEY"
exit 2 exit 2
fi fi
install -d -m 700 "$HOME/.ssh" install -d -m 700 "$HOME/.ssh"
@ -178,13 +190,6 @@ jobs:
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \ "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null -d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null
- name: Decrypt CI secrets from repo
env:
GITHUB_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
cd .repo
key_file="$HOME/.ssh/age_forge_ed25519" key_file="$HOME/.ssh/age_forge_ed25519"
secret_file="secrets/cloudflare-api-token.age" secret_file="secrets/cloudflare-api-token.age"
if [[ ! -f "$secret_file" ]]; then if [[ ! -f "$secret_file" ]]; then

View file

@ -125,42 +125,42 @@
"title": "KCBS Los Angeles", "title": "KCBS Los Angeles",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-kcbs", "broadcast_name": "la-kcbs",
"track_name": "0.m4s" "track_name": "video0.m4s"
}, },
{ {
"stream_id": "la-ktla", "stream_id": "la-ktla",
"title": "KTLA", "title": "KTLA",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-ktla", "broadcast_name": "la-ktla",
"track_name": "0.m4s" "track_name": "video0.m4s"
}, },
{ {
"stream_id": "la-kcet", "stream_id": "la-kcet",
"title": "KCET", "title": "KCET",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-kcet", "broadcast_name": "la-kcet",
"track_name": "0.m4s" "track_name": "video0.m4s"
}, },
{ {
"stream_id": "la-pbs-socal", "stream_id": "la-pbs-socal",
"title": "PBS SoCal", "title": "PBS SoCal",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-pbs-socal", "broadcast_name": "la-pbs-socal",
"track_name": "0.m4s" "track_name": "video0.m4s"
}, },
{ {
"stream_id": "la-nbc4", "stream_id": "la-nbc4",
"title": "NBC4 Los Angeles", "title": "NBC4 Los Angeles",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-nbc4", "broadcast_name": "la-nbc4",
"track_name": "0.m4s" "track_name": "video0.m4s"
}, },
{ {
"stream_id": "la-kcop", "stream_id": "la-kcop",
"title": "KCOP", "title": "KCOP",
"relay_url": "https://relay.every.channel/anon", "relay_url": "https://relay.every.channel/anon",
"broadcast_name": "la-kcop", "broadcast_name": "la-kcop",
"track_name": "0.m4s" "track_name": "video0.m4s"
} }
] ]
} }