Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

misc(gha): expose action cache url and runtime as secrets #2964

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

misc(gha): expose action cache url and runtime as secrets #2964

wants to merge 8 commits into from

Conversation

mfuntowicz
Copy link
Member

Avoid leaking token and cache url

@mfuntowicz mfuntowicz requested a review from Narsil January 29, 2025 09:30
Narsil
Narsil reviewed Jan 29, 2025
View reviewed changes
.github/workflows/build.yaml
id: aws-creds
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: ${{ secrets.AWS_ROLE_GITHUB_BUILDX_CACHE }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WE still had issues with those for release, isn't that why we remvoed it altogether ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @glegendre01

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i increased the session time, but the run tests is failing now.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not about session time, it's also that the role couldn't be assumed on anything else than PRs.
Where we need to run the CI for building and pushing also on tags/main and basically any kind of branch.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So adding this crippled the release process.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can allow all branches if you need ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's currently filtering on theses : refs/heads/main + refs/tags/v*

@mfuntowicz
Copy link
Member Author

Maybe we should split the two scopes that we are addressing here:

  • Focus this PR on making GHA argument secrets and not ENV
  • Open a second PR to address the flakyness of AWS S3 stuff

wdyt @Narsil, @glegendre01 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Narsil Narsil Narsil left review comments

@glegendre01 glegendre01 glegendre01 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mfuntowicz @Narsil @glegendre01