BitMaster/shaka-packager
1
0
Fork 0
mirror of https://github.com/shaka-project/shaka-packager.git synced 2026-04-02 11:20:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
main
shaka-packager/.github/workflows/settings.yaml
Joey Parrish 89d59a3601 ci: Update comments for the settings workflow (#1476) 
Since the introduction of `vars` to GitHub Actions, I started using that
instead of the "environments" trick I used in Packager. However, it has
become clear now that the `vars` strategy has major drawbacks, such as
requiring the use of `pull_request_target`, which should only be used
for actions that do not execute PR-author-controlled code.

This updates the comments to clarify why this is used. This reusable
settings workflow will also be deployed now in other repos to
standardize on this "environments" mechanism, which is safer than
`vars`.
2025-01-17 14:18:54 -08:00

53 lines
1.9 KiB
YAML
Raw Permalink Blame History

# Copyright 2022 Google LLC
#
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file or at
# https://developers.google.com/open-source/licenses/bsd
# A reusable workflow to extract settings from a repository.
# To enable a setting, create a "GitHub Environment" with the same name.
#
# This enables per-repo settings that aren't copied to a fork. This is better
# than "vars" or "secrets", since those would require the use of
# `pull_request_target` instead of `pull_request` triggers, which come with
# additional risks such as the bypassing of "require approval" rules for
# workflows.
#
# Without a setting for flags like "self_hosted", test workflows for a fork
# would time out waiting for self-hosted runners that the fork doesn't have.
name: Settings
# Runs when called from another workflow.
on:
workflow_call:
outputs:
self_hosted:
description: "Enable jobs requiring a self-hosted runner."
value: ${{ jobs.settings.outputs.self_hosted }}
debug:
description: "Enable SSH debugging when a workflow fails."
value: ${{ jobs.settings.outputs.debug }}
jobs:
settings:
runs-on: ubuntu-latest
outputs:
self_hosted: ${{ steps.settings.outputs.self_hosted }}
debug: ${{ steps.settings.outputs.debug }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- id: settings
run: |
environments=$(gh api /repos/${{ github.repository }}/environments)
for name in self_hosted debug; do
exists=$(echo $environments | jq ".environments[] | select(.name == \"$name\")")
if [[ "$exists" != "" ]]; then
echo "$name=true" >> $GITHUB_OUTPUT
echo "\"$name\" enabled."
else
echo "$name=" >> $GITHUB_OUTPUT
echo "\"$name\" disabled."
fi
done
Reference in New Issue View Git Blame Copy Permalink