From af588be143026d44fc1094d33eca0ba5209b48f3 Mon Sep 17 00:00:00 2001 From: hugcabbage <77980779+hugcabbage@users.noreply.github.com> Date: Wed, 24 Jan 2024 00:29:28 +0800 Subject: [PATCH] workflows: add hide sensitive inputs step --- .github/workflows/build-immortalwrt.yml | 14 +++-- .github/workflows/build-lede.yml | 14 +++-- .github/workflows/build-lienol-openwrt.yml | 14 +++-- .github/workflows/build-multi-devices.yml | 66 ++++++++++++++++++---- .github/workflows/build-openwrt.yml | 15 +++-- .github/workflows/build-x-wrt.yml | 14 +++-- templet/build.yml | 6 +- 7 files changed, 108 insertions(+), 35 deletions(-) diff --git a/.github/workflows/build-immortalwrt.yml b/.github/workflows/build-immortalwrt.yml index 5fd42d1f..f4d7c5b0 100644 --- a/.github/workflows/build-immortalwrt.yml +++ b/.github/workflows/build-immortalwrt.yml @@ -100,6 +100,12 @@ jobs: EXTRA_STR: _some steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -182,7 +188,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ inputs.model }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -191,14 +197,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -213,7 +219,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/.github/workflows/build-lede.yml b/.github/workflows/build-lede.yml index cb66ed84..608dbdc9 100644 --- a/.github/workflows/build-lede.yml +++ b/.github/workflows/build-lede.yml @@ -93,6 +93,12 @@ jobs: EXTRA_STR: _some steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -179,7 +185,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ inputs.model }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -188,14 +194,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -210,7 +216,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/.github/workflows/build-lienol-openwrt.yml b/.github/workflows/build-lienol-openwrt.yml index a54048c5..aaf2ace2 100644 --- a/.github/workflows/build-lienol-openwrt.yml +++ b/.github/workflows/build-lienol-openwrt.yml @@ -97,6 +97,12 @@ jobs: EXTRA_STR: _some steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -178,7 +184,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ inputs.model }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -187,14 +193,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -209,7 +215,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/.github/workflows/build-multi-devices.yml b/.github/workflows/build-multi-devices.yml index 77898a55..c1bb6dde 100644 --- a/.github/workflows/build-multi-devices.yml +++ b/.github/workflows/build-multi-devices.yml @@ -8,8 +8,32 @@ name: build multi devices on: +# schedule: +# - cron: 0 22 * * 5 workflow_dispatch: inputs: + branch: + description: 'select version' + required: true + type: choice + options: + - 'openwrt-23.05' + - 'openwrt-22.03' + - 'master' + latest_tag: + description: 'switch to the latest stable version (none in master)' + required: false + type: boolean + lan_ipad: + description: 'set LAN port IP address (will override settings in modify script)' + required: false + default: '' + type: string + login_pwd: + description: 'set initial login password (will override settings in modify script)' + required: false + default: '' + type: string record: description: 'input version description' required: false @@ -31,12 +55,24 @@ permissions: jobs: to-build: - name: build + name: ${{ matrix.multi_config }} runs-on: ubuntu-latest env: EXTRA_STR: _some + strategy: + fail-fast: false + matrix: + multi_config: + - 'multi-common.config' + - 'multi-mini.config' steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -47,22 +83,28 @@ jobs: path: ${{ env.EXTRA_STR }} - name: Prepare environments + env: + REQUIREMENTS: ${{ env.EXTRA_STR }}/extra-files/requirements-transit.txt run: | sudo apt-get update - sudo apt-get -y install gcc-multilib gettext + sudo apt-get -y install gcc-multilib gettext libfuse-dev sudo apt-get clean + pip3 install -r $REQUIREMENTS - name: Prepare deployment id: prepare-deployment env: + MULTI_CONFIG: ${{ matrix.multi_config }} + BRANCH_NAME: ${{ inputs.branch }} + LATEST_TAG: ${{ inputs.latest_tag }} + LOGIN_IP: ${{ inputs.lan_ipad }} + LOGIN_PWD: ${{ inputs.login_pwd }} + TEMP_PREFIX: ${{ env.EXTRA_STR }} DEPLOY_DIR: ${{ env.EXTRA_STR }}/preset-openwrt + TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | - CLONE_SH=$DEPLOY_DIR/1.clone.sh - echo "modelname=${GITHUB_WORKFLOW#* }" >> "$GITHUB_OUTPUT" - echo "codedir=$(grep '^CODE_DIR=' $CLONE_SH | cut -d '=' -f 2)" >> "$GITHUB_OUTPUT" - echo "clone_sh=$CLONE_SH" >> "$GITHUB_OUTPUT" - echo "modify_sh=$DEPLOY_DIR/1.modify.sh" >> "$GITHUB_OUTPUT" - echo "dot_config=$DEPLOY_DIR/multi.config" >> "$GITHUB_OUTPUT" + chmod +x $TRANSIT_PY + $TRANSIT_PY - name: Clone sources env: @@ -113,7 +155,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ steps.prepare-deployment.outputs.modelname }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -122,14 +164,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release || github.event_name != 'workflow_dispatch' uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release || github.event_name != 'workflow_dispatch' continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -144,7 +186,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/.github/workflows/build-openwrt.yml b/.github/workflows/build-openwrt.yml index db853d29..aa29a995 100644 --- a/.github/workflows/build-openwrt.yml +++ b/.github/workflows/build-openwrt.yml @@ -52,6 +52,7 @@ on: - 'xiaomi-4c' - 'miwifi-3c' - 'miwifi-nano' + - 'other' branch: description: '选择版本' required: true @@ -102,6 +103,12 @@ jobs: EXTRA_STR: _some steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -184,7 +191,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ inputs.model }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -193,14 +200,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -215,7 +222,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/.github/workflows/build-x-wrt.yml b/.github/workflows/build-x-wrt.yml index 043bbc66..e1bab237 100644 --- a/.github/workflows/build-x-wrt.yml +++ b/.github/workflows/build-x-wrt.yml @@ -90,6 +90,12 @@ jobs: EXTRA_STR: _some steps: + - name: Hide sensitive inputs + if: github.event_name == 'workflow_dispatch' + uses: hugcabbage/action-hide-sensitive-inputs@v1 + with: + include_inputs: login_pwd + - name: Display initial disk space run: | df -h @@ -171,7 +177,7 @@ jobs: continue-on-error: true id: generate-summary env: - MODEL_NAME: ${{ inputs.model }} + FOR_DEVICE: ${{ steps.prepare-deployment.outputs.fordevice }} CODE_DIR: ${{ steps.prepare-deployment.outputs.codedir }} TRANSIT_PY: ${{ env.EXTRA_STR }}/extra-files/transit.py run: | @@ -180,14 +186,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -202,7 +208,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware diff --git a/templet/build.yml b/templet/build.yml index f26ca6fc..8d44af5a 100644 --- a/templet/build.yml +++ b/templet/build.yml @@ -123,14 +123,14 @@ jobs: - name: Calculate tag version id: calculate-version - if: inputs.release == true + if: inputs.release uses: hugcabbage/next-version@v1 with: repo_path: ${{ env.EXTRA_STR }} - name: Upload firmware to release id: to-release - if: steps.calculate-version.conclusion == 'success' && inputs.release == true + if: steps.calculate-version.conclusion == 'success' && inputs.release continue-on-error: true uses: svenstaro/upload-release-action@v2 with: @@ -145,7 +145,7 @@ jobs: file_glob: true - name: Upload firmware to artifact - if: inputs.artifact == true || steps.to-release.outcome != 'success' + if: inputs.artifact || steps.to-release.outcome != 'success' uses: actions/upload-artifact@v3 with: name: collected_firmware