Rewrite asset deploy.
This switches to `gh` which is the more modern CLI, and also available by default which removes the old installer script. This also tightens the scope where GITHUB_TOKEN is exposed to just the step where `gh` is executed. Finally, it tightens the permissions on the GITHUB_TOKEN (though `contents: write` is extremely permissive, since that allows writing to almost anything in the repo).
This commit is contained in:
parent
baa936439d
commit
9497354cfd
11
.github/workflows/deploy.yml
vendored
11
.github/workflows/deploy.yml
vendored
@ -7,6 +7,9 @@ defaults:
|
||||
run:
|
||||
shell: bash
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Deploy Release
|
||||
@ -32,14 +35,14 @@ jobs:
|
||||
os: windows-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Install hub
|
||||
run: ci/install-hub.sh ${{ matrix.os }}
|
||||
- name: Install Rust
|
||||
run: ci/install-rust.sh stable ${{ matrix.target }}
|
||||
- name: Build and deploy artifacts
|
||||
- name: Build asset
|
||||
run: ci/make-release-asset.sh ${{ matrix.os }} ${{ matrix.target }}
|
||||
- name: Update release with new asset
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: ci/make-release-asset.sh ${{ matrix.os }} ${{ matrix.target }}
|
||||
run: gh release upload $MDBOOK_TAG $MDBOOK_ASSET
|
||||
pages:
|
||||
name: GitHub Pages
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -1,24 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
# Installs the `hub` executable into hub/bin
|
||||
set -ex
|
||||
case $1 in
|
||||
ubuntu*)
|
||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-linux-amd64-2.12.8.tgz -o hub.tgz
|
||||
mkdir hub
|
||||
tar -xzvf hub.tgz --strip=1 -C hub
|
||||
;;
|
||||
macos*)
|
||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-darwin-amd64-2.12.8.tgz -o hub.tgz
|
||||
mkdir hub
|
||||
tar -xzvf hub.tgz --strip=1 -C hub
|
||||
;;
|
||||
windows*)
|
||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-windows-amd64-2.12.8.zip -o hub.zip
|
||||
7z x hub.zip -ohub
|
||||
;;
|
||||
*)
|
||||
echo "OS should be first parameter, was: $1"
|
||||
;;
|
||||
esac
|
||||
|
||||
echo "$PWD/hub/bin" >> $GITHUB_PATH
|
@ -44,9 +44,10 @@ case $1 in
|
||||
esac
|
||||
cd ../..
|
||||
|
||||
if [[ -z "$GITHUB_TOKEN" ]]
|
||||
if [[ -z "$GITHUB_ENV" ]]
|
||||
then
|
||||
echo "$GITHUB_TOKEN not set, skipping deploy."
|
||||
echo "GITHUB_ENV not set, run: gh release upload $TAG target/$asset"
|
||||
else
|
||||
hub release edit -m "" --attach $asset $TAG
|
||||
echo "MDBOOK_TAG=$TAG" >> $GITHUB_ENV
|
||||
echo "MDBOOK_ASSET=target/$asset" >> $GITHUB_ENV
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user