Add github actions workflow for mirroring images using regsync #854
Conversation
adamkpickering
force-pushed
the
github-actions-mirror
branch
2 times, most recently
from
0fd0c4d to
f90b76e
Compare
adamkpickering
force-pushed
the
github-actions-mirror
branch
from
f90b76e to
0485f38
Compare
adamkpickering
force-pushed
the
github-actions-mirror
branch
from
0485f38 to
313dce5
Compare
| if [ -n "${{ secrets.DEBUG_DOCKER_USERNAME }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| elif [ -n "${{ secrets.DEBUG_DOCKER_PASSWORD }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| elif [ -n "${{ secrets.DEBUG_APPCO_USERNAME }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| elif [ -n "${{ secrets.DEBUG_APPCO_PASSWORD }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| elif [ -n "${{ secrets.DEBUG_PRIME_USERNAME }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| elif [ -n "${{ secrets.DEBUG_PRIME_PASSWORD }}" ]; then | ||
| echo "manual_secrets=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "manual_secrets=false" >> $GITHUB_OUTPUT | ||
| fi |
There was a problem hiding this comment.
is this something that needs to be committed, or is this just for debugging in PR CI?
There was a problem hiding this comment.
This is for developing the workflow. Specifically, its for setting the secrets when running the workflow in one's personal fork - there is no way to do this when fetching the secrets via the EIO action.
Do you not want it there? I suppose this can be added back if we need to develop further, but IMO it's nice to have for when things break in the future. Certainly not ideal, but then again, neither is github actions...
There was a problem hiding this comment.
I'm a little sketched out by having stuff that's not used by GHA, in the GHA config. Is there any reason you can't just set the non-DEBUG env vars when you're running the tests locally?
There was a problem hiding this comment.
The idea behind the DEBUG env vars was to be able to test the workflow with as close as possible of an environment as I could get to the final one. I find it's easy to make little mistakes in GHA, so this has been my strategy to avoid having to make a bunch of PRs to what is essentially production.
But I see your point. Having DEBUG vars possibly opens the door to abuse, and it clutters up the workflow somewhat. I'll remove the DEBUG variables.
| DOCKER_USERNAME: ${{ secrets.DEBUG_DOCKER_USERNAME && secrets.DEBUG_DOCKER_USERNAME || secrets.DOCKER_USERNAME }} | ||
| DOCKER_PASSWORD: ${{ secrets.DEBUG_DOCKER_PASSWORD && secrets.DEBUG_DOCKER_PASSWORD || secrets.DOCKER_PASSWORD }} | ||
| APPCO_USERNAME: ${{ secrets.DEBUG_APPCO_USERNAME && secrets.DEBUG_APPCO_USERNAME || secrets.APPCO_USERNAME }} | ||
| APPCO_PASSWORD: ${{ secrets.DEBUG_APPCO_PASSWORD && secrets.DEBUG_APPCO_PASSWORD || secrets.APPCO_PASSWORD }} | ||
| PRIME_USERNAME: ${{ secrets.DEBUG_PRIME_USERNAME && secrets.DEBUG_PRIME_USERNAME || secrets.PRIME_USERNAME }} | ||
| PRIME_PASSWORD: ${{ secrets.DEBUG_PRIME_PASSWORD && secrets.DEBUG_PRIME_PASSWORD || secrets.PRIME_PASSWORD }} |
There was a problem hiding this comment.
same question - what is the purposed of the DEBUG_ secrets?
There was a problem hiding this comment.
Addressed in #854 (comment)
Also:
golangci-lintandgo teston Go code during PR checks.config.yaml.Until we are more confident in these changes, regsync-based mirroring can only be triggered via a
workflow_dispatchevent.