Setup secrets

Question

Setup secrets

XiangRongLin opened this issue 2 years ago · comments

XiangRongLin commented 2 years ago

@Stypox You mentioned that you wanted separate signing keys for the nightly builds.

Do you want to create new ones or should I use my existing ones.

The signing key needs to be saved as secrets, for which we both have the neccessary privileges.

XiangRongLin · Answer 1 · Tue Sep 20 2022 19:41:04 GMT+0800 (China Standard Time)

@opusforlife2
Since you have the rights, isn't it okay to go ahead?

The nightly app will then be under my name since, the signing key is under my name. Additionally only I (and github) will have access to them. If that is not a concern I can do it

Stypox · Answer 2 · Tue Sep 20 2022 19:52:34 GMT+0800 (China Standard Time)

Yes, that's not a concern in my opinion. If we have different needs in the future we can just change the signing key (people will need to uninstall and reinstall, but we don't provide guarantees for nightly builds anyway).

XiangRongLin · Answer 3 · Wed Sep 21 2022 00:17:41 GMT+0800 (China Standard Time)

Secrets are mostly setup, only remaining problem is, that I need an access token, which has the "workflow" access for this repo. Reason that it is needed, is because I push the dev branch from the main repo to here, which modifies the github actions workflow files. I push the dev branch, so that the releases have an associated tag/commit.
https://github.com/TeamNewPipe/NewPipe-nightly/blob/github_actions/.github/workflows/nightly.yml#L16
I solved it myself with an separate account @np-bot, because I could tighten the access to only the required repos.

So either that account gets added to the orga/this repo, a separate account gets created or the dev branch is not pushed.

Stypox · Answer 4 · Wed Sep 21 2022 02:45:17 GMT+0800 (China Standard Time)

I gave @np-bot admin access to this repo

opusforlife2 · Answer 5 · Wed Sep 21 2022 03:10:48 GMT+0800 (China Standard Time)

Awesome! Is the path to official nightly builds clear now?

XiangRongLin · Answer 6 · Wed Sep 21 2022 03:37:15 GMT+0800 (China Standard Time)

should be working now. https://github.com/TeamNewPipe/NewPipe-nightly/releases/tag/nightly-1

opusforlife2 · Answer 7 · Wed Sep 21 2022 03:48:16 GMT+0800 (China Standard Time)

Should we start advertising this everywhere now, or wait for a few days in case any problems crop up?

XiangRongLin · Answer 8 · Wed Sep 21 2022 03:55:01 GMT+0800 (China Standard Time)

I would at least wait for a "normal" release. It checks whether a commit has been made in the last day and only then creates a release. To circumvent that (because the last commit is from 3weeks ago) I manually adjusted it in a branch

TheAssassin · Answer 9 · Wed Sep 21 2022 04:18:43 GMT+0800 (China Standard Time)

I don't see a reason for a separate user. The regular GitHub workflow token can push to branches just fine. Please elaborate on your use of that bot.

XiangRongLin · Answer 10 · Wed Sep 21 2022 14:43:55 GMT+0800 (China Standard Time)

@TheAssassin
Quoting myself from above

only remaining problem is, that I need an access token, which has the "workflow" access for this repo. Reason that it is needed, is because I push the dev branch from the main repo to here, which modifies the github actions workflow files. I push the dev branch, so that the releases have an associated tag/commit

To elaborate:
"workflow" is a separate permission, needed to change the github actions workflow file. It is not included in the default token.