hotfix: fix error when trying to skip ssl verify using envar PHASE_VE… (

#162) * hotfix: fix error when trying to skip ssl verify using envar PHASE_VERIFY_SSL * chore: bump versions --------- Co-authored-by: Nimish <[email protected]>
phasehq · Sep 14, 2024 · 37995eb · 37995eb
1 parent 6a6434b
commit 37995eb
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 27 deletions.
diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml
@@ -28,10 +28,25 @@ jobs:
         run: echo "PYTHONPATH=$PWD" >> $GITHUB_ENV
       - run: pytest tests/*.py
 
+  extract_version:
+    name: Extract Version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Extract version
+        run: |
+          PHASE_CLI_VERSION=$(grep -oP '(?<=__version__ = ")[^"]*' phase_cli/utils/const.py)
+          echo "PHASE_CLI_VERSION=$PHASE_CLI_VERSION" >> $GITHUB_ENV
+          echo "$PHASE_CLI_VERSION" > ./PHASE_CLI_VERSION.txt
+      - uses: actions/upload-artifact@v4
+        with:
+          name: phase-version
+          path: ./PHASE_CLI_VERSION.txt
+
   build:
     name: Build CLI
     runs-on: ${{ matrix.os }}
-    needs: [pytest]
+    needs: [pytest, extract_version]
     strategy:
       matrix:
         # ubuntu-20.04 - context: https://github.com/phasehq/cli/issues/94
@@ -65,18 +80,25 @@ jobs:
         if: runner.os == 'Windows'
         shell: pwsh
 
-      # Extract version
-      - run: echo "PHASE_CLI_VERSION=$(grep -oP '(?<=__version__ = ")[^"]*' phase_cli/utils/const.py)" >> $GITHUB_ENV
-        shell: bash
-      - run: echo "${{ env.PHASE_CLI_VERSION }}" > ./PHASE_CLI_VERSION.txt
-
-      # Upload version
-      - uses: actions/upload-artifact@v2
+      # Download the version file
+      - uses: actions/download-artifact@v4
         with:
           name: phase-version
-          path: ./PHASE_CLI_VERSION.txt
+
+      # DEBUG
+      - name: List files after downloading artifact
+        shell: bash
+        run: ls -al
+
+      # Set the version environment variable
+      - name: Set VERSION
+        shell: bash
+        run: |
+          PHASE_CLI_VERSION=$(cat PHASE_CLI_VERSION.txt)
+          echo "PHASE_CLI_VERSION is: $PHASE_CLI_VERSION"
+          echo "PHASE_CLI_VERSION=$PHASE_CLI_VERSION" >> $GITHUB_ENV
 
-        # Build DEB and RPM packages for Linux
+      # Build DEB and RPM packages for Linux
       - run: |
           sudo apt-get update
           sudo apt-get install -y ruby-dev rubygems build-essential 
@@ -87,12 +109,12 @@ jobs:
         shell: bash
 
       # Upload DEB and RPM packages
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: phase-deb
           path: "*.deb"
         if: matrix.os == 'ubuntu-20.04'
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: phase-rpm
           path: "*.rpm"
@@ -110,7 +132,7 @@ jobs:
         shell: bash
 
       - name: Upload binary
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ env.ARTIFACT_NAME }}
           path: dist/phase*
@@ -120,7 +142,7 @@ jobs:
     runs-on: self-hosted
     container:
       image: python:3.11.0-bullseye
-    needs: [pytest]
+    needs: [pytest, extract_version]
     steps:
       - uses: actions/checkout@v2
       - name: Setup Environment
@@ -130,15 +152,15 @@ jobs:
           pip install pyinstaller
       - name: Build with PyInstaller
         run: pyinstaller --hidden-import _cffi_backend --paths ./phase_cli --name phase phase_cli/main.py
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: Linux-binary-arm64
           path: dist/phase*
 
   build_apk:
     name: Build CLI (alpine-latest, 3.11)
     runs-on: ubuntu-20.04
-    needs: [pytest]
+    needs: [pytest, extract_version]
     container:
       image: python:3.11-alpine
     steps:
@@ -164,11 +186,11 @@ jobs:
           sudo -u builder abuild checksum
           sudo -u builder abuild -r
         shell: sh
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: phase-apk
           path: /home/builder/packages/builder/x86_64/*.apk
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: phase-alpine-build
           path: ./dist/phase
@@ -182,15 +204,15 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: Download phase-version artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: phase-version
           path: phase-version
 
       - name: Set VERSION from file
         run: echo "VERSION=$(cat ./phase-version/PHASE_CLI_VERSION.txt | tr -d '\r')" >> $GITHUB_ENV
       - name: Download phase-alpine-build artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: phase-alpine-build
           path: dist
@@ -211,7 +233,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Download phase-version artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: phase-version
           path: phase-version
@@ -237,7 +259,7 @@ jobs:
     steps:
       # Download all the artifacts from the build jobs
       - name: Download all artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
 
       # # Debug: List the content of the current directory
       # - name: Debug - List contents of artifacts directory
@@ -308,7 +330,7 @@ jobs:
           rm -rf Linux-binary
 
       # Upload the entire release directory as a single artifact
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: phase-cli-release
           path: ./phase_cli_release_*/
diff --git a/APKBUILD b/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Phase <[email protected]>
 pkgname=phase
-pkgver=1.18.2
+pkgver=1.18.3
 pkgrel=0
 pkgdesc="Phase CLI"
 url="https://phase.dev"

diff --git a/phase_cli/utils/const.py b/phase_cli/utils/const.py
@@ -1,7 +1,7 @@
 import os
 import re
 
-__version__ = "1.18.2"
+__version__ = "1.18.3"
 __ph_version__ = "v1"
 
 description = "Securely manage application secrets and environment variables with Phase."

diff --git a/phase_cli/utils/network.py b/phase_cli/utils/network.py
@@ -124,7 +124,7 @@ def fetch_app_key(token_type: str, app_token, host) -> str:
 
     URL =  f"{host}/service/secrets/tokens/"
 
-    response = requests.get(URL, headers=headers)
+    response = requests.get(URL, headers=headers, verify=VERIFY_SSL)
 
     if response.status_code != 200:
         raise ValueError(f"Request failed with status code {response.status_code}: {response.text}")
@@ -164,7 +164,7 @@ def fetch_wrapped_key_share(token_type: str, app_token: str, host: str) -> str:
 
     URL = f"{host}/service/secrets/tokens/"
 
-    response = requests.get(URL, headers=headers)
+    response = requests.get(URL, headers=headers, verify=VERIFY_SSL)
 
     if response.status_code != 200:
         raise ValueError(f"Request failed with status code {response.status_code}: {response.text}")