Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Dev process] Complete the switch to GitHub Actions #4834

Closed
4 tasks done
ento opened this issue Aug 28, 2020 · 14 comments
Closed
4 tasks done

[Dev process] Complete the switch to GitHub Actions #4834

ento opened this issue Aug 28, 2020 · 14 comments

Comments

@ento
Copy link
Contributor

ento commented Aug 28, 2020
edited
Loading

Follow-up to #4793

  • [Write access needed] Configure the required GitHub token for the build-prerelease and build-tiddlywiki-com jobs and test them
    • Suggested steps
      • Create a test branch and add it to on.push.branches and adjust the if conditions of jobs so that they get run on that branch. (This needs to be done in a branch in this repo, not a fork, so that the workflow can access the secret configured in the next step.)
        • As with Travis's secrets, "secrets are not passed to the runner when a workflow is triggered from a forked repository." (From the doc)
      • [Admin access needed] Create a secret named GITHUB_PUSH_TOKEN that has push access to Jermolene/jermolene.github.io
      • Push to the test branch and ensure the build-* jobs work. i.e. the workflow gets run, the result is green, and jermolene.github.io gets updated
      • If things worked as-is, great! Delete the test branch.
      • If anything needed to be fixed in ci.yml, merge the branch. Don't forget to undo the changes made to on.push.branches and if conditions.

Done by #4836:

  • Delete .travis.yml
  • Rename variables / simplify logic in bin/ci-* scripts and ci.yml that mention Travis
  • Update dev edition to mention GitHub Actions instead of Travis
@ento ento mentioned this issue Aug 28, 2020
Merged
@ento
Copy link
Contributor Author

ento commented Aug 29, 2020

@Jermolene Would you be able to address the remaining task in the issue description? I don't have write/admin access, which is required for the task: Configure the necessary GitHub token in this repo's settings and test the build-prerelease / build-tiddlywiki-com jobs.

I believe jermolene.github.io isn't being updated upon push to master / tiddlywiki-com branches right now, as .travis.yml has been deleted by #4836 and the GitHub token for the Actions workflow doesn't seem to have been configured. (The most recent run has failed at the build-prerelease stage, for example)

I'm not sure of the urgency of keeping jermolene.github.io up-to-date, so this is more of a FYI that there's some more steps to be done before the repo is completely switched over to GitHub Actions.

@Jermolene
Copy link
Member

Hi @ento given that Travis CI is switched off, I didn't bother with creating a test branch. I created an access token with "public_repo" access, and saved it as the secret "GITHUB_PUSH_TOKEN"; it remains to be seen whether that's sufficient.

@Jermolene
Copy link
Member

Now I'm going to push a commit with a minor change for testing.

Jermolene added a commit that referenced this issue Aug 30, 2020
@Jermolene
Minor change for testing GitHub Actions
a78570c 
See #4834 (comment)
@Jermolene
Copy link
Member

Hi @ento the test build failed while executing bin/ci-push.sh without giving a useful error message.

@ento
Copy link
Contributor Author

ento commented Aug 30, 2020

The token doesn't appear to be passed to the bin/ci-push.sh step:

image

I expect there to be a *** string after GH_TOKEN. (Example from a random repo: GITHUB_TOKEN: *** in the log, corresponding yaml source that sets a secret as the value.)

Could you double-check that the secret is configured in the repo? https://github.com/Jermolene/TiddlyWiki5/settings/secrets

Given the log output that we do see, I guess bin/ci-push.sh has been executed at least up to the point it makes a git commit.

[master 3e6b33e] GitHub build: 11 of master (2020-08-30 17:31:31 UTC)
110 files changed, 949 insertions(+), 359 deletions(-)

Subsequent outputs are supressed due to the &>/dev/null directs, which could be temporarily removed to get more verbose output:

https://github.com/Jermolene/TiddlyWiki5/blob/a78570c99aab2d0f34fd1a2a628608e22d19bfdb/bin/ci-push.sh#L16-L18

I just checked locally that git remote add doesn't echo the remote endpoint, so it should be safe even with an endpoint with credentials embedded. (If the token does end up getting leaked, it can be replaced with a new one.)

@Jermolene
Copy link
Member

Hi @ento I didn't notice at first, but it's failing to add the new token with the message "Failed to add secret. Name is invalid". GITHUB_PUSH_TOKEN seems valid, so I'm confused. I did manage to create the secret with the name GITHUBPUSHTOKEN so perhaps we can use that?

image

@rmunn
Copy link
Contributor

rmunn commented Sep 1, 2020

Maybe any name prefixed with GITHUB_ (with underscore) is reserved? I know there's a GITHUB_TOKEN secret that's automatically created for use in your Github Actions scripts (for things like pushing to the repo), so maybe that's what should be used here?

@Jermolene
Copy link
Member

Hi @rmunn the prefix GITHUB_ for secret names is indeed reserved:

https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#about-encrypted-secrets

We can't use GITHUB_TOKEN because "the token's permissions are limited to the repository that contains your workflow" and so can't push to jermolene.github.io:

https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#about-the-github_token-secret

But perhaps it would be good to use GITHUB_TOKEN for everything except the push to jermolene.github.io.

@Jermolene
Copy link
Member

I've updated ci.yml to use GITHUBPUSHTOKEN see 422eb43.

@Jermolene
Copy link
Member

Thank you @ento things seem to be working (I haven't tested pushing to tiddlywiki-com yet, but pushing master works).

Is there any other cleanup needed besides closing down Travis?

@ento
Copy link
Contributor Author

ento commented Sep 2, 2020

Thank you for sorting the secrets situation out!

I think that's all as far as cleanups go: disable this repo on Travis's side and confirm pushing to tiddlywiki-com works.

I'll go ahead and optimistically close this issue, assuming tiddlywiki-com will probably work, but please feel free to re-open to track the Travis part or anything else. If anything goes wrong on the tiddlywiki-com branch, it can be tracked with a new issue (or this issue could be re-opened / whatever works) - and do let me know.

@ento ento closed this as completed Sep 2, 2020
@Jermolene
Copy link
Member

Hi @ento we may have a minor issue with merging to "tiddlywiki-com". I merged #4842 but it didn't trigger a build at https://github.com/Jermolene/TiddlyWiki5/actions. I note that the tests were run when the PR was opened (https://github.com/Jermolene/TiddlyWiki5/actions/runs/243322046).

@Jermolene
Copy link
Member

Hi @ento apologies, I've just realised that the reason that the actions didn't run when I pushed to tiddlywiki-com was because the workflow files weren't defined in that branch. I've copied the required files across and things are working now (see https://github.com/Jermolene/TiddlyWiki5/actions/runs/244505170)

@ento
Copy link
Contributor Author

ento commented Sep 11, 2020

Good to hear you were able to solve the issue :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ento @rmunn @Jermolene