Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit dfc288d

Browse files
committed
Skip publishing releases to AWS if credentials not configured
The "Release" and "Publish Nightly Build" workflows upload the generated build files to the AWS S3 bucket used by Arduino's downloads server. The necessary credentials are configured in Arduino's repository. However, these workflows might be used in other contexts: - by contributors validating proposed changes to the release infrastructure in their fork - by hard forks of the project In either case (especially the former), the fork owner is unlikely to be willing/able to set up the AWS infrastructure that would be needed to use this capability of the workflow. Since these workflows also publish the builds to GitHub, the AWS upload is not essential to either 3rd party use case. The workflow code is hereby configured to skip the AWS upload steps if the necessary credentials have not been configured in the repository. The existence of the `AWS_ROLE_TO_ASSUME` repository secret is used as the indicator of whether the credentials are configured. This will allow runs of the workflow in forks without the need to remove the AWS upload steps.
1 parent 624f905 commit dfc288d

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

‎.github/workflows/publish-go-nightly-task.yml‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -261,21 +261,29 @@ jobs:
261261
id-token: write # This is required for requesting the JWT
262262

263263
steps:
264+
- name: Determine whether publishing to AWS is possible
265+
id: aws-determination
266+
run: |
267+
echo "publish=${{ secrets.AWS_ROLE_TO_ASSUME != '' }}" >>$GITHUB_OUTPUT
268+
264269
- name: Download artifact
270+
if: steps.aws-determination.outputs.publish == 'true'
265271
uses: actions/download-artifact@v6
266272
with:
267273
pattern: ${{ env.ARTIFACT_PREFIX }}*
268274
merge-multiple: true
269275
path: ${{ env.DIST_DIR }}
270276

271277
- name: configure aws credentials
278+
if: steps.aws-determination.outputs.publish == 'true'
272279
uses: aws-actions/configure-aws-credentials@v5
273280
with:
274281
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
275282
role-session-name: "github_${{ env.PROJECT_NAME }}"
276283
aws-region: ${{ env.AWS_REGION }}
277284

278285
- name: Upload release files on Arduino downloads servers
286+
if: steps.aws-determination.outputs.publish == 'true'
279287
run: |
280288
aws s3 sync \
281289
${{ env.DIST_DIR }} \

‎.github/workflows/release-go-task.yml‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,11 @@ jobs:
221221
id-token: write # This is required for requesting the JWT
222222

223223
steps:
224+
- name: Determine whether publishing to AWS is possible
225+
id: aws-determination
226+
run: |
227+
echo "publish=${{ secrets.AWS_ROLE_TO_ASSUME != '' }}" >>$GITHUB_OUTPUT
228+
224229
- name: Download artifact
225230
uses: actions/download-artifact@v6
226231
with:
@@ -275,13 +280,15 @@ jobs:
275280
artifacts: ${{ env.DIST_DIR }}/*
276281

277282
- name: configure aws credentials
283+
if: steps.aws-determination.outputs.publish == 'true'
278284
uses: aws-actions/configure-aws-credentials@v5
279285
with:
280286
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
281287
role-session-name: "github_${{ env.PROJECT_NAME }}"
282288
aws-region: ${{ env.AWS_REGION }}
283289

284290
- name: Upload release files on Arduino downloads servers
291+
if: steps.aws-determination.outputs.publish == 'true'
285292
run: |
286293
aws s3 sync \
287294
${{ env.DIST_DIR }} \

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /