ci: use new github secrets and variables (#107)

linode · Jul 11, 2024 · f8905d3 · f8905d3
1 parent 0502050
commit f8905d3
Showing 1 changed file with 17 additions and 10 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -17,50 +17,56 @@ env:
   CACHE_REGISTRY: ghcr.io
   CACHE_REPO: linode/apl-tasks
   REPO: otomi/tasks
-  GIT_USER: linode-gh-bot
-  GIT_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
   DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_OTOMI_TOKEN }}
+  DOCKER_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+  BOT_EMAIL: ${{ vars.BOT_EMAIL }}
+  BOT_USERNAME: ${{ vars.BOT_USERNAME }}
+  BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
+
 jobs:
   build-test-push-release:
     if: "((contains(github.event.head_commit.message, 'chore(release)') && github.ref == 'refs/heads/main') || !contains(github.event.head_commit.message, 'chore(release)')) && !contains(github.event.head_commit.message, 'ci skip') && !startsWith(github.ref, 'refs/tags/')"
     runs-on: ubuntu-latest
     steps:
       - name: Set env
         run: |
+          set -u
           tag=$(echo $(basename $GITHUB_REF))
           echo "Creating tag: $tag"
           echo "TAG=$tag" >> $GITHUB_ENV
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: CI tests, image build and push tag to cache for main or branch
         uses: whoan/docker-build-with-cache-action@v6
         with:
-          username: linode-gh-bot
-          password: '${{ secrets.GITHUB_TOKEN }}'
+          username: ${{ env.BOT_USERNAME }}
+          password: '${{ env.BOT_TOKEN }}'
           registry: ${{ env.CACHE_REGISTRY }}
           image_name: ${{ env.CACHE_REPO }}
           image_tag: ${{ env.TAG }}
           build_extra_args: '--build-arg=NPM_TOKEN=${{ secrets.GITHUB_TOKEN }}'
       - name: Retag from cache and push
         run: |
-          docker login -u otomi -p $DOCKER_PASSWORD
+          set -u
+          docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
           docker tag $CACHE_REGISTRY/$CACHE_REPO:$TAG $REPO:$TAG
           docker push $REPO:$TAG
       - if: "contains(github.event.head_commit.message, 'chore(release)')"
         name: Create latest and push git tag
         id: git_tag
         run: |
-          docker login -u otomi -p $DOCKER_PASSWORD
+          set -u
+          docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
           docker tag $REPO:$TAG $REPO:latest
           docker push $REPO:latest
           release_tag=v${COMMIT_MSG#* }
           echo tag=$release_tag >> $GITHUB_OUTPUT
           echo "Releasing $REPO:$release_tag"
           docker tag $REPO:$TAG $REPO:$release_tag
           docker push $REPO:$release_tag
-          git config --global user.email $GIT_USER@users.noreply.github.com
-          git config --global user.name $GIT_USER
-          echo "machine github.com login $GIT_USER password $GIT_PASSWORD" > ~/.netrc
+          git config --global user.email $BOT_EMAIL
+          git config --global user.name $BOT_USERNAME
+          echo "machine github.com login $BOT_USERNAME password $BOT_TOKEN" > ~/.netrc
           git tag -am "$COMMIT_MSG" $release_tag && git push --follow-tags origin main
           changelog=$(cat CHANGELOG.md | awk -v n=2 '/### \[[0-9]*/&&!--n{exit}{print}')
           # now do some escaping because github does not help us here:
@@ -77,3 +83,4 @@ jobs:
           tag: ${{ steps.git_tag.outputs.tag }}
           name: Release ${{ steps.git_tag.outputs.tag }}
           body: ${{ steps.git_tag.outputs.changes }}
+