jdaugherty commented on code in PR #15206:
URL: https://github.com/apache/grails-core/pull/15206#discussion_r2491922481
##########
.github/workflows/release.yml:
##########
@@ -294,77 +247,86 @@ jobs:
rm -f grails/grails-forge/gradle/wrapper/gradle-wrapper.properties
rm -f grails/grails-forge/gradlew
rm -f grails/KEYS
- - name: "Download CHECKSUMS.txt and rename to CHECKSUMS"
- working-directory: "grails"
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: "📥 Download CHECKSUMS.txt and rename to CHECKSUMS"
+ working-directory: grails
run: |
- release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name == "CHECKSUMS.txt") | .url')
- curl -f -L -H "Authorization: token $GH_TOKEN" -o CHECKSUMS
"$release_url"
- - name: "Download PUBLISHED_ARTIFACTS.txt and rename to
PUBLISHED_ARTIFACTS"
- working-directory: "grails"
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ release_url=$(gh release view "${TAG}" --json assets --repo
"${REPO_SLUG}" --jq '.assets[] | select(.name == "CHECKSUMS.txt") | .url')
+ curl -f -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -o
CHECKSUMS "$release_url"
+ - name: "📥 Download PUBLISHED_ARTIFACTS.txt and rename to
PUBLISHED_ARTIFACTS"
+ working-directory: grails
run: |
- release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name ==
"PUBLISHED_ARTIFACTS.txt") | .url')
- curl -f -L -H "Authorization: token $GH_TOKEN" -o
PUBLISHED_ARTIFACTS "$release_url"
- - name: "Download BUILD_DATE.txt and rename to BUILD_DATE"
- working-directory: "grails"
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ release_url=$(gh release view "${TAG}" --json assets --repo
"${REPO_SLUG}" --jq '.assets[] | select(.name == "PUBLISHED_ARTIFACTS.txt") |
.url')
+ curl -f -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -o
PUBLISHED_ARTIFACTS "$release_url"
+ - name: "📥 Download BUILD_DATE.txt and rename to BUILD_DATE"
+ working-directory: grails
run: |
- release_url=$(gh release view v${{
needs.publish.outputs.release_version }} --json assets --repo ${{
github.repository }} --jq '.assets[] | select(.name == "BUILD_DATE.txt") |
.url')
- curl -f -L -H "Authorization: token $GH_TOKEN" -o BUILD_DATE
"$release_url"
- - name: "Ensure source files use common date"
+ release_url=$(gh release view "${TAG}" --json assets --repo
"${REPO_SLUG}" --jq '.assets[] | select(.name == "BUILD_DATE.txt") | .url')
+ curl -f -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -o
BUILD_DATE "$release_url"
+ - name: "📅 Ensure source files use common date"
run: |
SOURCE_DATE_EPOCH=$(cat grails/BUILD_DATE)
find . -depth \( -type f -o -type d \) -exec touch -d
"@${SOURCE_DATE_EPOCH}" {} +
- name: "📦 Create source distribution ZIP"
- run: |
- zip -r "apache-grails-${{ needs.publish.outputs.release_version
}}-src.zip" grails -x 'grails/.git/*' -x 'grails/.github/*'
+ run: >
+ zip -r
+ apache-grails-${VERSION}-src.zip
+ grails
+ -x 'grails/.git/*'
+ -x 'grails/.github/*'
- name: '🔐 Set up GPG'
run: |
echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import
Review Comment:
Sorry, I'm trying to advocate that we should fix this so that the files on
the filesystem dont' have hardcoded secrets =)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
