Skip to content

Commit

Permalink
Fix issues with deploy.yml workflow.
Browse files Browse the repository at this point in the history
- Don't substitute values from GitHub Actions directly into shell
  commands.
- Fix shellcheck issues (mostly with quoting).
sengi committed May 18, 2024
1 parent 11b9028 commit 2f5a3a2
Showing 2 changed files with 6 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-and-push-image.yml
Original file line number Diff line number Diff line change
@@ -54,7 +54,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
- run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
id: local-head

- name: Determine image tags
9 changes: 5 additions & 4 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@ on:
environment:
description: 'Environment to deploy to'
required: false
default: 'integration'
default: integration
type: string
secrets:
WEBHOOK_TOKEN:
@@ -39,11 +39,12 @@ jobs:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
GITHUB_TEAM: gov-uk-production-deploy
GITHUB_USER: ${{ github.triggering_actor }}
TRIGGERING_ACTOR: ${{ github.triggering_actor }}
run: |
TEAM_MEMBERSHIP=$(gh api orgs/alphagov/teams/${GITHUB_TEAM}/memberships/${GITHUB_USER} -q .state || echo "false")
TEAM_MEMBERSHIP=$(gh api "orgs/alphagov/teams/$GITHUB_TEAM/memberships/$GITHUB_USER" -q .state || echo false)
if ! [[ "${TEAM_MEMBERSHIP}" = "active" || "${ENVIRONMENT}" = 'integration' ]]; then
echo '::error title=Insufficient permissions to deploy::User ${{ github.triggering_actor }} needs to be a member of the GOV.UK Production Deploy team'
if ! [[ "$TEAM_MEMBERSHIP" = active || "$ENVIRONMENT" = integration ]]; then
echo "::error title=Insufficient permissions to deploy::User $TRIGGERING_ACTOR needs to be a member of the GOV.UK Production Deploy team"
exit 1
fi

0 comments on commit 2f5a3a2

Please sign in to comment.