чт, 24 дек. 2020 г. в 16:44, Tim Düsterhus <[email protected]>:
> Ilya,
>
> Am 24.12.20 um 03:53 schrieb Илья Шипицин:
> > I particularly like this one:
> >
> > if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
> >
> >
> > can it be done job wide ? i.e. nothing should start, neither checkout,
> nor
> > job itself if token is not set (which is true for forks)
>
> Yes, I think it is possible:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif
>
> By the way: I don't think secrets are exposed via environment variables
> automatically. You would need to pass them explicitly. See:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow
I specified COVERITY_SCAN_TOKEN in my github fork, indeed it was not
exposed.
I thought it might be due to variables are not exposed for forks
(documentation is not very clear).
I tested in my fork using "export COVERITY_SCAN_TOKEN=....."
I'm ok with not specifiyn secrets in a file, but in github variables
instead. if so, every fork will skip that pipeline (good thing).
>
>
> I've attached an updated patch that I believe does the correct thing:
>
> 1. The `if` is on the job level now.
> 2. It takes the secret from the `secrets` variable and passes it as the
> `env` for the actual step.
>
> Can you test this in your repository, please?
>
> >
> > Also, Tim, I've forgotten to limit builds to "master" branch. Should we
> > add some condition as well to prevent coverity scan for other branches ?
> >
>
> According to the documentation
> (
> https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule
> )
> any workflows that are triggered by a schedule will run on the default
> branch (i.e. `master`). So I don't think we need to change anything for
> that.
>
> Best regards
> Tim Düsterhus
>
