Allow direct Cloudflare deploy token
This commit is contained in:
parent
d94a48594e
commit
d5588360f9
2 changed files with 20 additions and 15 deletions
|
|
@ -153,16 +153,28 @@ jobs:
|
||||||
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||||
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null
|
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"bootstrap ok"}' >/dev/null
|
||||||
|
|
||||||
- name: Configure CI Age identity
|
- name: Configure Cloudflare credentials
|
||||||
env:
|
env:
|
||||||
|
DIRECT_CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||||
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
|
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
GITHUB_TOKEN: ${{ github.token }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
cd .repo
|
cd .repo
|
||||||
|
if [[ -n "${DIRECT_CLOUDFLARE_API_TOKEN:-}" ]]; then
|
||||||
|
echo "::add-mask::${DIRECT_CLOUDFLARE_API_TOKEN}"
|
||||||
|
echo "CLOUDFLARE_API_TOKEN=${DIRECT_CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
|
curl -fsSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" \
|
||||||
|
-H "content-type: application/json" \
|
||||||
|
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||||
|
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"direct token ok"}' >/dev/null
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
|
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
|
||||||
echo "error: missing Actions secret AGE_FORGE_SSH_KEY"
|
echo "error: missing Actions secret CLOUDFLARE_API_TOKEN or AGE_FORGE_SSH_KEY"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
install -d -m 700 "$HOME/.ssh"
|
install -d -m 700 "$HOME/.ssh"
|
||||||
|
|
@ -178,13 +190,6 @@ jobs:
|
||||||
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
"${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}" \
|
||||||
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null
|
-d '{"context":"deploy-cloudflare/breadcrumb","state":"pending","description":"age key ok"}' >/dev/null
|
||||||
|
|
||||||
- name: Decrypt CI secrets from repo
|
|
||||||
env:
|
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
set -euo pipefail
|
|
||||||
cd .repo
|
|
||||||
key_file="$HOME/.ssh/age_forge_ed25519"
|
key_file="$HOME/.ssh/age_forge_ed25519"
|
||||||
secret_file="secrets/cloudflare-api-token.age"
|
secret_file="secrets/cloudflare-api-token.age"
|
||||||
if [[ ! -f "$secret_file" ]]; then
|
if [[ ! -f "$secret_file" ]]; then
|
||||||
|
|
|
||||||
|
|
@ -125,42 +125,42 @@
|
||||||
"title": "KCBS Los Angeles",
|
"title": "KCBS Los Angeles",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-kcbs",
|
"broadcast_name": "la-kcbs",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"stream_id": "la-ktla",
|
"stream_id": "la-ktla",
|
||||||
"title": "KTLA",
|
"title": "KTLA",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-ktla",
|
"broadcast_name": "la-ktla",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"stream_id": "la-kcet",
|
"stream_id": "la-kcet",
|
||||||
"title": "KCET",
|
"title": "KCET",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-kcet",
|
"broadcast_name": "la-kcet",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"stream_id": "la-pbs-socal",
|
"stream_id": "la-pbs-socal",
|
||||||
"title": "PBS SoCal",
|
"title": "PBS SoCal",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-pbs-socal",
|
"broadcast_name": "la-pbs-socal",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"stream_id": "la-nbc4",
|
"stream_id": "la-nbc4",
|
||||||
"title": "NBC4 Los Angeles",
|
"title": "NBC4 Los Angeles",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-nbc4",
|
"broadcast_name": "la-nbc4",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"stream_id": "la-kcop",
|
"stream_id": "la-kcop",
|
||||||
"title": "KCOP",
|
"title": "KCOP",
|
||||||
"relay_url": "https://relay.every.channel/anon",
|
"relay_url": "https://relay.every.channel/anon",
|
||||||
"broadcast_name": "la-kcop",
|
"broadcast_name": "la-kcop",
|
||||||
"track_name": "0.m4s"
|
"track_name": "video0.m4s"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue