fix(ci): use authenticated clone for private vault repository
Some checks failed
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been cancelled
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been cancelled
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been cancelled
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been cancelled
Build and Release / Build Binary (linux/arm64) (push) Has been cancelled
Build and Release / Create Release (push) Has been cancelled
Build and Release / Integration Tests (PostgreSQL) (push) Has been cancelled
Build and Release / Lint (push) Has been cancelled
Build and Release / Unit Tests (push) Has been cancelled
Some checks failed
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been cancelled
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been cancelled
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been cancelled
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been cancelled
Build and Release / Build Binary (linux/arm64) (push) Has been cancelled
Build and Release / Create Release (push) Has been cancelled
Build and Release / Integration Tests (PostgreSQL) (push) Has been cancelled
Build and Release / Lint (push) Has been cancelled
Build and Release / Unit Tests (push) Has been cancelled
Add VAULT_TOKEN environment variable to vault sync steps and use token-based authentication when cloning gitcaddy-vault repository. Falls back to unauthenticated clone if token is not provided. This enables CI builds to access the private vault repository using the RELEASE_TOKEN secret.
This commit is contained in:
@@ -296,6 +296,8 @@ jobs:
|
||||
|
||||
- name: Sync vault templates and locales (Unix)
|
||||
if: matrix.goos != 'windows'
|
||||
env:
|
||||
VAULT_TOKEN: ${{ secrets.RELEASE_TOKEN }}
|
||||
run: |
|
||||
chmod +x scripts/sync-vault.sh
|
||||
./scripts/sync-vault.sh
|
||||
@@ -303,9 +305,11 @@ jobs:
|
||||
- name: Sync vault templates and locales (Windows)
|
||||
if: matrix.goos == 'windows'
|
||||
shell: pwsh
|
||||
env:
|
||||
VAULT_TOKEN: ${{ secrets.RELEASE_TOKEN }}
|
||||
run: |
|
||||
# Clone vault repo
|
||||
git clone --depth 1 https://git.marketally.com/gitcaddy/gitcaddy-vault.git $env:TEMP\gitcaddy-vault
|
||||
git clone --depth 1 "https://token:$($env:VAULT_TOKEN)@git.marketally.com/gitcaddy/gitcaddy-vault.git" "$env:TEMP\gitcaddy-vault"
|
||||
|
||||
# Sync templates
|
||||
Copy-Item -Path "$env:TEMP\gitcaddy-vault\templates\repo\vault\*" -Destination "templates\repo\vault\" -Force -Recurse
|
||||
@@ -603,6 +607,8 @@ jobs:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Sync vault templates and locales
|
||||
env:
|
||||
VAULT_TOKEN: ${{ secrets.RELEASE_TOKEN }}
|
||||
run: |
|
||||
chmod +x scripts/sync-vault.sh
|
||||
./scripts/sync-vault.sh
|
||||
|
||||
@@ -15,7 +15,11 @@ if [ -z "$VAULT_PATH" ]; then
|
||||
VAULT_PATH=$(mktemp -d)
|
||||
CLEANUP_VAULT=true
|
||||
echo "Cloning gitcaddy-vault to $VAULT_PATH..."
|
||||
git clone --depth 1 https://git.marketally.com/gitcaddy/gitcaddy-vault.git "$VAULT_PATH"
|
||||
if [ -n "${VAULT_TOKEN:-}" ]; then
|
||||
git clone --depth 1 "https://token:${VAULT_TOKEN}@git.marketally.com/gitcaddy/gitcaddy-vault.git" "$VAULT_PATH"
|
||||
else
|
||||
git clone --depth 1 https://git.marketally.com/gitcaddy/gitcaddy-vault.git "$VAULT_PATH"
|
||||
fi
|
||||
else
|
||||
CLEANUP_VAULT=false
|
||||
echo "Using vault from $VAULT_PATH"
|
||||
|
||||
Reference in New Issue
Block a user