Using secrets repo for special files

.github/actions/deploy/action.yml

@@ -13,9 +13,9 @@ inputs:
     default: "none@example.com"
     description: "email address for crash reporting "
     required: true
-  keystore_url:
+  secrets_repo_folder:
     default: ""
-    description: "direct download URL to APK signing keystore"
+    description: "AnySoftKeyboard secrets folder"
     required: true
   keystore_password:
     default: ""
@@ -25,10 +25,6 @@ inputs:
     default: ""
     description: "APK signing keystore default key password"
     required: true
-  publish_service_account_creds_json_url:
-    description: "url to the json certs file"
-    default: ""
-    required: true
 runs:
   using: "docker"
   image: "docker://menny/ndk_ask:1.14.0"
@@ -43,10 +39,9 @@ runs:
     - ${{ inputs.deployment_environment }}
     - ${{ inputs.deployment_task }}
     - ${{ inputs.crash_report_email }}
-    - ${{ inputs.keystore_url }}
+    - ${{ inputs.secrets_repo_folder }}
     - ${{ inputs.keystore_password }}
     - ${{ inputs.keystore_key_password }}
-    - ${{ inputs.publish_service_account_creds_json_url }}
 
 branding:
   icon: 'upload-cloud'

.github/actions/deploy/deploy.sh

@@ -6,14 +6,12 @@ DEPLOYMENT_TASK="${1}"
 shift
 export ANYSOFTKEYBOARD_CRASH_REPORT_EMAIL="${1}"
 shift
-KEYSTORE_FILE_URL="${1}"
+SECRETS_REPO_FOLDER="${1}"
 shift
 export KEY_STORE_FILE_PASSWORD="${1}"
 shift
 export KEY_STORE_FILE_DEFAULT_ALIAS_PASSWORD="${1}"
 shift
-PUBLISH_JSON_URL="${1}"
-shift
 
 function deployProcessFromEnvironmentName() {
     #imeMaster_alpha_100
@@ -41,11 +39,9 @@ FRACTION=$(deployFractionFromEnvironmentName "${DEPLOYMENT_ENVIRONMENT}")
 echo "for ${DEPLOYMENT_ENVIRONMENT}: will deploy process ${PROCESS_NAME} to ${DEPLOY_CHANNEL} with ${FRACTION} fraction."
 export BUILD_COUNT_FOR_VERSION=${GITHUB_RUN_NUMBER}
 
-echo "Downloading secret files..."
-wget --tries=5 --waitretry=5 "${KEYSTORE_FILE_URL}" -q -O /tmp/anysoftkeyboard.keystore
-stat /tmp/anysoftkeyboard.keystore
-wget --tries=5 --waitretry=5 "${PUBLISH_JSON_URL}" -q -O /tmp/apk_upload_key.json
-stat /tmp/apk_upload_key.json
+echo "Copying secret files..."
+cp "${SECRETS_REPO_FOLDER}/anysoftkeyboard.keystore" /tmp/anysoftkeyboard.keystore
+cp "${SECRETS_REPO_FOLDER}/playstore-publisher-certs.json" /tmp/apk_upload_key.json
 
 DEPLOY_TASKS=( "--continue" "--stacktrace" "-PwithAutoVersioning" ":generateFdroidYamls" "-DdeployChannel=${DEPLOY_CHANNEL}" "-DdeployFraction=${FRACTION}" )
 if [[ "${DEPLOYMENT_TASK}" == "deploy" ]]; then
@@ -96,7 +92,7 @@ if [[ "${FRACTION}" == "1.00" ]] && [[ "${DEPLOY_CHANNEL}" == "production" ]]; t
   else
     BRANCH_NAME="$(git name-rev --name-only HEAD)"
     echo "Will create ${MARKER_FILE} to halt future releases in the branch '${BRANCH_NAME}'."
-    echo "Full deployment to production '${DEPLOYMENT_ENVIRONMENT}' was done succesfully" > "${MARKER_FILE}"
+    echo "Full deployment to production '${DEPLOYMENT_ENVIRONMENT}' was successful." > "${MARKER_FILE}"
     git config --global user.email "ask@evendanan.net"
     git config --global user.name "Polyglot"
     git add "${MARKER_FILE}"

.github/workflows/deploy.yml

@@ -14,6 +14,14 @@ jobs:
     container: menny/ndk_ask:1.14.0
     steps:
       - uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.BOT_MASTER_RW_GITHUB_TOKEN }}
+      - uses: actions/checkout@v2
+        with:
+          repository: ${{ secrets.SECRETS_REPOSITORY }}
+          token: ${{ secrets.BOT_SECRETS_R_GITHUB_TOKEN }}
+          path: ${{ secrets.SECRETS_REPOSITORY_FOLDER }}
+          ref: main
       - name: setup
         env:
           GITHUB_CONTEXT_JSON: ${{ toJson(github) }}
@@ -34,10 +42,9 @@ jobs:
           deployment_environment: ${{ github.event.deployment.environment }}
           deployment_task: ${{ github.event.deployment.task }}
           crash_report_email: ${{ secrets.ANYSOFTKEYBOARD_CRASH_REPORT_EMAIL }}
-          keystore_url: ${{ secrets.ANYSOFTKEYBOARD_KEYSTORE_URL }}
+          secrets_repo_folder: ${{ secrets.SECRETS_REPOSITORY_FOLDER }}
           keystore_password: ${{ secrets.ANYSOFTKEYBOARD_KEYSTORE_PASSWORD }}
           keystore_key_password: ${{ secrets.ANYSOFTKEYBOARD_KEYSTORE_KEY_PASSWORD }}
-          publish_service_account_creds_json_url: ${{ secrets.PUBLISH_CERT_JSON_URL }}
       - name: status-success
         run: ./gradlew --stacktrace :deployment:updateDeploymentSuccess -PRequest.apiUsername="${{ secrets.BOT_MASTER_RW_GITHUB_USERNAME }}" -PRequest.apiUserToken="${{ secrets.BOT_MASTER_RW_GITHUB_TOKEN }}" -PrequestStatus.environment="${{ github.event.deployment.environment }}" -PrequestStatus.deployment_id="${{ github.event.deployment.id }}" -PrequestStatus.environment="${{ github.event.deployment.environment }}" -PrequestStatus.sha="${{ github.event.deployment.sha }}"
       - name: status-failure