fix: tokens

Skylar Simoncelli · Skylar Simoncelli · commit 8ad8c3517bf4 · 2024-10-07T14:48:49.000+02:00
diff --git a/.github/actions/images/build-and-publish-ghcr/action.yml b/.github/actions/images/build-and-publish-ghcr/action.yml
@@ -56,9 +56,7 @@ runs:
         registry: ghcr.io
         username: ${{ env.GITHUB_ACTOR }}
         password: ${{ env.GITHUB_TOKEN }}
-      env:
-        SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-        FORCE_COLOR: 1
+        logout: true
 
     - name: Tag and Push Image to GHCR
       run: |
diff --git a/.github/actions/release/publish-draft-release/action.yml b/.github/actions/release/publish-draft-release/action.yml
@@ -21,7 +21,7 @@ runs:
       run: |
         set -e
         tag="${{ inputs.tag }}"
-        release_response=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }} \
+        release_response=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
           "https://api.github.com/repos/${{ github.repository }}/releases/tags/$tag")
 
         if echo "$release_response" | grep -q '"message": "Not Found"'; then
@@ -35,18 +35,21 @@ runs:
       shell: bash
 
     - name: Publish release
-      if: ${{ steps.check_release.outputs.release_exists == 'true' }}
       run: |
         set -e
-        release_id="${{ steps.check_release.outputs.release_id }}"
-        response=$(curl -s -X PATCH -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
-          -d '{"draft": false}' \
-          "https://api.github.com/repos/${{ github.repository }}/releases/$release_id")
-        echo "Response: $response"
-        if echo "$response" | jq -e '.id' >/dev/null; then
-          echo "Release updated successfully"
+        if [[ "${{ steps.check_release.outputs.release_exists }}" == "true" ]]; then
+          release_id="${{ steps.check_release.outputs.release_id }}"
+          response=$(curl -s -X PATCH -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \
+            -d '{"draft": false}' \
+            "https://api.github.com/repos/${{ github.repository }}/releases/$release_id")
+          echo "Response: $response"
+          if echo "$response" | jq -e '.id' >/dev/null; then
+            echo "Release updated successfully"
+          else
+            echo "Failed to update release"
+            exit 1
+          fi
         else
-          echo "Failed to update release"
-          exit 1
+          echo "Release does not exist, skipping publish step."
         fi
       shell: bash
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -15,6 +15,7 @@ on:
 permissions:
   id-token: write
   contents: write
+  packages: write
 
 env:
   AWS_REGION: "eu-central-1"
@@ -37,63 +38,64 @@ jobs:
           tag: ${{ inputs.tag }}
           os: linux
 
-  build-macos-x86_64:
-    permissions:
-      id-token: write
-      contents: write
-    runs-on: macos-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.sha }} 
-      - name: Build and Upload for macOS x86_64
-        uses: ./.github/actions/artifacts/build-pc-artifacts
-        with:
-          tag: ${{ inputs.tag }}
-          os: macos-x86_64
-
-  build-macos-arm64:
-    permissions:
-      id-token: write
-      contents: write
-    runs-on: macos-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.sha }}
-      - name: Build and Upload for macOS arm64
-        uses: ./.github/actions/artifacts/build-pc-artifacts
-        with:
-          tag: ${{ inputs.tag }}
-          os: macos-arm64
-
-  build-and-publish-ecr:
-    permissions:
-      id-token: write
-      contents: write
-    needs: build-linux
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Build and Publish to ECR
-        uses: ./.github/actions/images/build-and-publish-ecr
-        with:
-          sha: ${{ inputs.sha }}
-          tag: ${{ inputs.tag }}
-        env:
-          AWS_REGION: "eu-central-1"
-          ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
-          AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
-          SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
+#  build-macos-x86_64:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    runs-on: macos-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#        with:
+#          ref: ${{ inputs.sha }} 
+#      - name: Build and Upload for macOS x86_64
+#        uses: ./.github/actions/artifacts/build-pc-artifacts
+#        with:
+#          tag: ${{ inputs.tag }}
+#          os: macos-x86_64
+#
+#  build-macos-arm64:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    runs-on: macos-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#        with:
+#          ref: ${{ inputs.sha }}
+#      - name: Build and Upload for macOS arm64
+#        uses: ./.github/actions/artifacts/build-pc-artifacts
+#        with:
+#          tag: ${{ inputs.tag }}
+#          os: macos-arm64
+#
+#  build-and-publish-ecr:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    needs: build-linux
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#      - name: Build and Publish to ECR
+#        uses: ./.github/actions/images/build-and-publish-ecr
+#        with:
+#          sha: ${{ inputs.sha }}
+#          tag: ${{ inputs.tag }}
+#        env:
+#          AWS_REGION: "eu-central-1"
+#          ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+#          AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+#          SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }}
 
   create-draft-release:
     permissions:
       id-token: write
       contents: write
-    needs: [build-linux, build-macos-x86_64, build-macos-arm64]
+    needs: [build-linux]
+    #needs: [build-linux, build-macos-x86_64, build-macos-arm64]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -103,63 +105,63 @@ jobs:
         with:
           tag: ${{ inputs.tag }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
-  generate-chain-specs:
-    permissions:
-      id-token: write
-      contents: write
-    needs: build-linux
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Generate Chain Specs
-        uses: ./.github/actions/artifacts/generate-chain-specs
-        with:
-          tag: ${{ inputs.tag }}
-
-  upload-chain-specs:
-    permissions:
-      id-token: write
-      contents: write
-    needs: generate-chain-specs
-    runs-on: [self-hosted, eks]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Upload chain spec artifacts to Kubernetes
-        uses: ./.github/actions/deploy/upload-chain-specs
-        with:
-          sha: ${{ github.sha }}
-        env:
-          kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
-          K8S_SERVER: ${{ secrets.K8S_SERVER }}
-          K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
-
-  deploy-staging-preview:
-    permissions:
-      id-token: write
-      contents: write
-    needs: [build-and-publish-ecr, upload-chain-specs]
-    runs-on: [self-hosted, eks]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Deploy staging-preview
-        uses: ./.github/actions/deploy/deploy-staging-preview
-        with:
-          image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
-          sha: ${{ github.sha }}
-        env:
-          AWS_REGION: "eu-central-1"
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
-          AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
-          ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
-          kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
-          K8S_SERVER: ${{ secrets.K8S_SERVER }}
-          K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+#  generate-chain-specs:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    needs: build-linux
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#      - name: Generate Chain Specs
+#        uses: ./.github/actions/artifacts/generate-chain-specs
+#        with:
+#          tag: ${{ inputs.tag }}
+#
+#  upload-chain-specs:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    needs: generate-chain-specs
+#    runs-on: [self-hosted, eks]
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#      - name: Upload chain spec artifacts to Kubernetes
+#        uses: ./.github/actions/deploy/upload-chain-specs
+#        with:
+#          sha: ${{ github.sha }}
+#        env:
+#          kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+#          K8S_SERVER: ${{ secrets.K8S_SERVER }}
+#          K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
+#
+#  deploy-staging-preview:
+#    permissions:
+#      id-token: write
+#      contents: write
+#    needs: [build-and-publish-ecr, upload-chain-specs]
+#    runs-on: [self-hosted, eks]
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#      - name: Deploy staging-preview
+#        uses: ./.github/actions/deploy/deploy-staging-preview
+#        with:
+#          image: ${{ secrets.ECR_REGISTRY_SECRET }}/substrate-node:${{ inputs.sha }}
+#          sha: ${{ github.sha }}
+#        env:
+#          AWS_REGION: "eu-central-1"
+#          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+#          ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }}
+#          AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+#          ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }}
+#          kubeconfig_base64: ${{ secrets.kubeconfig_base64 }}
+#          K8S_SERVER: ${{ secrets.K8S_SERVER }}
+#          K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }}
 
 #  staging-preview-tests: 
 #    permissions:
@@ -190,7 +192,8 @@ jobs:
     permissions:
       id-token: write
       contents: write
-    needs: deploy-staging-preview
+      packages: write
+    needs: build-linux 
     #needs: staging-preview-tests
     runs-on: ubuntu-latest
     steps:
@@ -203,14 +206,15 @@ jobs:
           tag: ${{ inputs.tag }}
         env:
           GITHUB_ACTOR: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
   publish-release:
     permissions:
       id-token: write
       contents: write
+      packages: write
 #    needs: staging-preview-tests
-    needs: deploy-staging-preview
+    needs: create-draft-release 
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -220,7 +224,7 @@ jobs:
         with:
           tag: ${{ inputs.tag }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 #
 #  deploy-staging-preprod:
 #    permissions:
