Commit 06d44af

authored

Merge pull request #212 from per1234/update-check-certificate

Sync "Check Certificates" CI workflow with template

2 parents 6edad11 + 137ed3a commit 06d44afCopy full SHA for 06d44af

File tree

2 files changed

+28

-20

lines changed

.github/workflows
- check-certificates.yml
README.md

2 files changed

+28

-20

lines changed

`‎.github/workflows/check-certificates.yml‎`

Lines changed: 27 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,38 +1,46 @@`
`1`		`-name: Check for issues with signing certificates`
	`1`	`+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-certificates.md`
	`2`	`+name: Check Certificates`
`2`	`3`
	`4`	`+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows`
`3`	`5`	`on:`
`4`	`6`	`push:`
	`7`	`+ paths:`
	`8`	`+ - ".github/workflows/check-certificates.ya?ml"`
	`9`	`+ pull_request:`
	`10`	`+ paths:`
	`11`	`+ - ".github/workflows/check-certificates.ya?ml"`
`5`	`12`	`schedule:`
`6`		`- # run every 10 hours`
	`13`	`+ # Run every 10 hours.`
`7`	`14`	`- cron: "0 /10 * *"`
`8`		`- # workflow_dispatch event allows the workflow to be triggered manually.`
`9`		`- # This could be used to run an immediate check after updating certificate secrets.`
`10`		`- # See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch`
`11`	`15`	`workflow_dispatch:`
	`16`	`+ repository_dispatch:`
`12`	`17`
`13`	`18`	`env:`
`14`		`- # Begin notifications when there are less than this many days remaining before expiration`
	`19`	`+ # Begin notifications when there are less than this many days remaining before expiration.`
`15`	`20`	`EXPIRATION_WARNING_PERIOD: 30`
`16`	`21`
`17`	`22`	`jobs:`
`18`	`23`	`check-certificates:`
`19`		`- # This workflow would always fail in forks`
`20`		`- if: github.repository == 'arduino/arduino-lint'`
	`24`	`+ name: ${{ matrix.certificate.identifier }}`
	`25`	`+ # Only run when the workflow will have access to the certificate secrets.`
	`26`	`+ if: >`
	`27`	`+ (github.event_name != 'pull_request' && github.repository == 'arduino/arduino-lint') \|\|`
	`28`	`+ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'arduino/arduino-lint')`
`21`	`29`	`runs-on: ubuntu-latest`
`22`		`-`
`23`	`30`	`strategy:`
`24`	`31`	`fail-fast: false`
`25`	`32`
`26`	`33`	`matrix:`
`27`	`34`	`certificate:`
`28`		`- - identifier: macOS signing certificate # Text used to identify the certificate in notifications`
`29`		`- certificate-secret: INSTALLER_CERT_MAC_P12 # The name of the secret that contains the certificate`
`30`		`- password-secret: INSTALLER_CERT_MAC_PASSWORD # The name of the secret that contains the certificate password`
	`35`	`+ # Additional certificate definitions can be added to this list.`
	`36`	`+ - identifier: macOS signing certificate # Text used to identify certificate in notifications.`
	`37`	`+ certificate-secret: INSTALLER_CERT_MAC_P12 # Name of the secret that contains the certificate.`
	`38`	`+ password-secret: INSTALLER_CERT_MAC_PASSWORD # Name of the secret that contains the certificate password.`
`31`	`39`
`32`	`40`	`steps:`
`33`	`41`	`- name: Set certificate path environment variable`
`34`	`42`	`run: \|`
`35`		`- # See: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable`
	`43`	`+ # See: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable`
`36`	`44`	`echo "CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12" >> "$GITHUB_ENV"`
`37`	`45`
`38`	`46`	`- name: Decode certificate`
`@@ -54,18 +62,17 @@ jobs:`
`54`	`62`	`exit 1`
`55`	`63`	`)`
`56`	`64`
`57`		`- # See: https://github.com/rtCamp/action-slack-notify`
`58`	`65`	`- name: Slack notification of certificate verification failure`
`59`	`66`	`if: failure()`
`60`		`- uses: rtCamp/action-slack-notify@v2`
`61`	`67`	`env:`
`62`		`- SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }}`
	`68`	`+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}`
`63`	`69`	`SLACK_MESSAGE: \|`
`64`	`70`	`:warning::warning::warning::warning:`
`65`	`71`	`WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} verification failed!!!`
`66`	`72`	`:warning::warning::warning::warning:`
`67`	`73`	`SLACK_COLOR: danger`
`68`	`74`	`MSG_MINIMAL: true`
	`75`	`+ uses: rtCamp/action-slack-notify@v2`
`69`	`76`
`70`	`77`	`- name: Get days remaining before certificate expiration date`
`71`	`78`	`env:`
`@@ -94,7 +101,7 @@ jobs:`
`94`	`101`
`95`	`102`	`DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))"`
`96`	`103`
`97`		`- # Display the expiration information in the log`
	`104`	`+ # Display the expiration information in the log.`
`98`	`105`	`echo "Certificate expiration date: $EXPIRATION_DATE"`
`99`	`106`	`echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION"`
`100`	`107`
`@@ -109,14 +116,14 @@ jobs:`
`109`	`116`	`fi`
`110`	`117`
`111`	`118`	`- name: Slack notification of pending certificate expiration`
`112`		`- # Don't send spurious expiration notification if verification fails`
	`119`	`+ # Don't send spurious expiration notification if verification fails.`
`113`	`120`	`if: failure() && steps.check-expiration.outcome == 'failure'`
`114`		`- uses: rtCamp/action-slack-notify@v2`
`115`	`121`	`env:`
`116`		`- SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }}`
	`122`	`+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}`
`117`	`123`	`SLACK_MESSAGE: \|`
`118`	`124`	`:warning::warning::warning::warning:`
`119`	`125`	`WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!!`
`120`	`126`	`:warning::warning::warning::warning:`
`121`	`127`	`SLACK_COLOR: danger`
`122`	`128`	`MSG_MINIMAL: true`
	`129`	`+ uses: rtCamp/action-slack-notify@v2`

`‎README.md‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`[![Nightly Status](https://github.com/arduino/arduino-lint/workflows/Nightly%20build/badge.svg)](https://github.com/arduino/arduino-lint/actions?workflow=Nightly+build)`
`5`	`5`	`[![Docs Status](https://github.com/arduino/arduino-lint/workflows/Publish%20documentation/badge.svg)](https://github.com/arduino/arduino-lint/actions?workflow=Publish+documentation)`
`6`	`6`	`[![Codecov](https://codecov.io/gh/arduino/arduino-lint/branch/main/graph/badge.svg?token=nprqPQMbdh)](https://codecov.io/gh/arduino/arduino-lint)`
	`7`	`+[![Check Certificates status](https://github.com/arduino/arduino-lint/actions/workflows/check-certificates.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/check-certificates.yml)`
`7`	`8`
`8`	`9`	`Arduino Lint is a command line tool that checks for common problems in [Arduino](https://www.arduino.cc/) projects:`
`9`	`10`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit 06d44af

File tree

2 files changed

2 files changed

`‎.github/workflows/check-certificates.yml‎`

`‎README.md‎`

0 commit comments