wp-lazy-loading icon indicating copy to clipboard operation
wp-lazy-loading copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Add GitHub Actions for deploys to WordPress.org

Open jeffpaul opened this issue 5 years ago • 5 comments

Description of the Change

  • Deploys newly tagged releases on GitHub to WordPress.ORG SVN
  • Deploys single commits to master that only affecting readme and asset files on GitHub to WordPress.ORG SVN

Benefits

  • Automates deploys to WordPress.ORG SVN and eliminates future human error

Possible Drawbacks

  • Requires GitHub Actions to be available and free to @WordPress org account
  • Requires an SVN_USERNAME and SVN_PASSWORD secret be set within the Settings of this wp-lazy-loading GitHub repo
  • Requires the above mentioned SVN username and password be a valid WordPress.ORG SVN account with access to the wp-lazyloading` WordPress.ORG SVN repo

Applicable Issues

Relates to #1

jeffpaul avatar Jan 29 '20 06:01 jeffpaul

Note that I didn't say this PR closes the related issue as there are additional steps needed, as noted in the Possible Drawbacks section, in order for these GitHub Actions to function properly.

jeffpaul avatar Jan 29 '20 06:01 jeffpaul

Nice work 👍🏻

tillkruss avatar Jan 31 '20 17:01 tillkruss

@jeffpaul This would be really neat. I'm just a bit wary about the SVN username and password - of course it's needed, but I'm not sure what we could do here. I personally at least rather wouldn't provide mine.

felixarntz avatar Jan 31 '20 19:01 felixarntz

@felixarntz the SVN username and password are encrypted GitHub secrets, so if your concern is someone else gaining access to your credentials that seems like a low probability. If your concern relates to the account being tied to you instead of some generic core/committer account, then maybe see if someone from Systems or Meta could have the .org @wordpressdotorg account's SVN credentials added as GitHub secrets (or some similar account)?

jeffpaul avatar Feb 13 '20 04:02 jeffpaul

@felixarntz

To avoid storing the credentials of a personal account, I recommend setting up a bot account for the purpose. I use peterwilsoncc-syncbot on wp.org, for example.

It will allow you to give the account minimum required permissions, I certainly recommend against storing the credentials of an account with core commit in the GH secrets.

To reenforce @jeffpaul's point, not even the account that added them can see the secrets once they're stored.

Secrets

peterwilsoncc avatar Feb 23 '20 01:02 peterwilsoncc