etcher icon indicating copy to clipboard operation
etcher copied to clipboard

Published 20 hours ago verified publisher icon balena-io

patch: introducing github actions

Open mcraa opened this issue 2 years ago • 1 comments

patch: introducing github actions winget release, EP auto update, release build

Change-Type: patch

mcraa avatar Jul 05 '22 08:07 mcraa

The preview site has been deleted.

ghost avatar Jul 05 '22 08:07 ghost

@mcraa do we want to do this still?

ab77 avatar Nov 08 '22 02:11 ab77

@mcraa @builder555 @zwhitchcox this looks like a great first step to automating some more of these: https://en.wikipedia.org/wiki/List_of_software_package_management_systems

I would suggest we also consider brew and potentially macports (especially given our community brew maintainer has pulled out).

The ideal place for these steps to live would be in .github/actions/finalize/action.yml, since this action finalises GH releases and moves the latest pointer.

ab77 avatar Nov 08 '22 18:11 ab77

@ab77 yes, need to fix the commithash of the action (instead of master) for security reasons, and need to get a token, or PR an update to be able to pass a token instead using always secrets.Winget_token

mcraa avatar Nov 09 '22 19:11 mcraa

@ab77 yes, need to fix the commithash of the action (instead of master) for security reasons, and need to get a token, or PR an update to be able to pass a token instead using always secrets.Winget_token

Does the WInget token ever change @mcraa ?

ab77 avatar Nov 10 '22 15:11 ab77

Does the Winget token ever change @mcraa ?

No it does not. it is just a gh token so the action can open a PR for the microsoft/winget repo. The action in the PR looks for the secret with a specific name, IMO the token should be passed as a parameter / env var.

mcraa avatar Nov 10 '22 15:11 mcraa

Does the Winget token ever change @mcraa ?

No it does not. it is just a gh token so the action can open a PR for the microsoft/winget repo. The action in the PR looks for the secret with a specific name, IMO the token should be passed as a parameter / env var.

If the token is always the same, we need to store it in a github actions secrets. This way it will be fully protected and only accessible to PRs running in our org (not on forks). Please get the token setup with the ops team in bitwarden and share it with me so I can take of setting up GH secrets.

ab77 avatar Nov 10 '22 16:11 ab77

i don't know why i remembered wrong but here is the correction: the token is passed as a parameter

mcraa avatar Nov 10 '22 16:11 mcraa

i don't know why i remembered wrong but here is the correction: the token is passed as a parameter

@mcraa parameters aren't secure, so passing secrets via these is an anti-pattern IMO. Can we make it a secret please?

Also, we need to consider https://github.com/balena-io/etcher/issues/3853 in the context of package repositories which use PR flow (doesn't scale with auto release cadence).

ab77 avatar Nov 10 '22 19:11 ab77