From 484327e11ea8c79d1bd759175f1e5bbcec134da5 Mon Sep 17 00:00:00 2001 From: Peter C Date: Fri, 22 Oct 2021 19:31:42 -0400 Subject: [PATCH] Delete deploy.yml Do not use this Github Action as it leaks the `clasp` secrets in the publicly accessible Github Action workflow logs. See ericanastas/deploy-google-app-script-action#1 and hmanzur/actions-set-secret#13 for more details. --- .github/workflows/deploy.yml | 98 ------------------------------------ 1 file changed, 98 deletions(-) delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 88d965b..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,98 +0,0 @@ -name: Deploy Script - -on: - workflow_dispatch: - push: - branches: [main] - release: - types: [published] - schedule: - - cron: "0 0 * * SUN" - -jobs: - deploy: - runs-on: ubuntu-latest - - steps: - - name: Install clasp - id: install-clasp - run: sudo npm install @google/clasp@2.3.2 -g - - - name: Write CLASPRC_JSON secret to .clasprc.json file - id: write-clasprc - run: echo "$CLASPRC_JSON_SECRET" >> ~/.clasprc.json - env: - CLASPRC_JSON_SECRET: ${{ secrets.CLASPRC_JSON }} - - - name: Check clasp login status - id: clasp_login - run: clasp login --status - - - name: Save current .clasprc.json contents to CLASPRC_JSON environment variable - id: save-clasprc - run: | - echo "CLASPRC_JSON_FILE=$(cat ~/.clasprc.json)" >> $GITHUB_ENV - echo "CLASPRC_JSON_SECRET=$CLASPRC_JSON_SECRET" >> $GITHUB_ENV - env: - CLASPRC_JSON_SECRET: ${{ secrets.CLASPRC_JSON }} - - - name: Save updated CLASPRC_JSON environment variable to CLASPRC_JSON repo secret - id: set-clasprc-secret - if: ${{ env.CLASPRC_JSON_FILE != env.CLASPRC_JSON_SECRET }} - uses: hmanzur/actions-set-secret@v2.0.0 - with: - name: "CLASPRC_JSON" - value: ${{ env.CLASPRC_JSON_FILE }} - repository: ${{ github.repository }} - token: ${{ secrets.REPO_ACCESS_TOKEN }} - - - name: Checkout repo - id: checkout-repo - if: ${{github.event_name != 'schedule' }} - uses: actions/checkout@v2 - - - name: Set scriptId in .clasp.json file - id: set-script-id - if: ${{ github.event_name != 'schedule' && env.SCRIPT_ID}} - run: jq '.scriptId = "${{env.SCRIPT_ID}}"' .clasp.json > /tmp/.clasp.json && mv /tmp/.clasp.json .clasp.json - env: - SCRIPT_ID: ${{secrets.SCRIPT_ID}} - - - name: Push script to scripts.google.com - id: clasp-push - if: ${{ github.event_name != 'schedule'}} - run: clasp push -f - - - name: Deploy Script - id: clasp-deploy - if: ${{env.DEPLOYMENT_ID && (github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main'))}} - run: clasp deploy -i "$DEPLOYMENT_ID" -d "$GITHUB_REF" - env: - DEPLOYMENT_ID: ${{ secrets.DEPLOYMENT_ID }} - # dump-context: - # runs-on: ubuntu-latest - # steps: - # - name: Dump GitHub context - # env: - # GITHUB_CONTEXT: ${{ toJSON(github) }} - # run: echo "$GITHUB_CONTEXT" - # - name: Dump job context - # env: - # JOB_CONTEXT: ${{ toJSON(job) }} - # run: echo "$JOB_CONTEXT" - # - name: Dump steps context - # env: - # STEPS_CONTEXT: ${{ toJSON(steps) }} - # run: echo "$STEPS_CONTEXT" - # - name: Dump runner context - # env: - # RUNNER_CONTEXT: ${{ toJSON(runner) }} - # run: echo "$RUNNER_CONTEXT" - # - name: Dump strategy context - # env: - # STRATEGY_CONTEXT: ${{ toJSON(strategy) }} - # run: echo "$STRATEGY_CONTEXT" - # - name: Dump matrix context - # env: - # MATRIX_CONTEXT: ${{ toJSON(matrix) }} - # run: echo "$MATRIX_CONTEXT"