Load env via gpg (#2231)

commit: e7383afc846c2ba2b58abe64a03c0c6aab373ea8 [log] [tgz]
author: Gabriel Peal <gpeal@users.noreply.github.com> Wed Feb 08 11:46:32 2023 -0800
committer: GitHub <noreply@github.com> Wed Feb 08 11:46:32 2023 -0800
tree: de9534d53cce012bc19471ca118a56c1ceb222ec
parent: e4401727529bfa6afb6c07c7fc581ea81d91bbef [diff]
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 4bcf6b3..f3d7b2b 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml

@@ -1,7 +1,7 @@
 name: Validate
 
 on:
-  pull_request_target:
+  pull_request:
   push:
     branches:
       - master
@@ -67,12 +67,20 @@
           distribution: 'zulu'
           java-version: 11
           cache: 'gradle'
+      - name: Setup env
+        shell: bash
+        run: |
+          echo ${{ vars.ENV_PASSPHRASE }} | gpg --quiet --batch --yes --decrypt --passphrase-fd 0 \
+            --output snapshot-env snapshot-env.gpg
+          while read line; do
+            echo "$line" >> $GITHUB_ENV
+          done < snapshot-env
       - name: Build app
         env:
-          LOTTIE_S3_API_KEY: ${{ secrets.LOTTIE_S3_API_KEY }}
-          LOTTIE_S3_SECRET_KEY: ${{ secrets.LOTTIE_S3_SECRET_KEY }}
-          LOTTIE_HAPPO_API_KEY: ${{ secrets.LOTTIE_HAPPO_API_KEY }}
-          LOTTIE_HAPPO_SECRET_KEY: ${{ secrets.LOTTIE_HAPPO_SECRET_KEY }}
+          LOTTIE_S3_API_KEY: ${{ env.LOTTIE_S3_API_KEY }}
+          LOTTIE_S3_SECRET_KEY: ${{ env.LOTTIE_S3_SECRET_KEY }}
+          LOTTIE_HAPPO_API_KEY: ${{ env.LOTTIE_HAPPO_API_KEY }}
+          LOTTIE_HAPPO_SECRET_KEY: ${{ env.LOTTIE_HAPPO_SECRET_KEY }}
         run: ./gradlew snapshot-tests:assembleDebug snapshot-tests:assembleDebugAndroidTest --no-daemon
       - name: Run tests
         uses: emulator-wtf/run-tests@master
@@ -85,7 +93,7 @@
             model=Pixel2,version=31
           outputs-dir: build/test-results
       - uses: mshick/add-pr-comment@v2
-        if: github.event_name == 'pull_request_target'
+        if: github.event_name == 'pull_request'
         with:
           message-id: ${{ github.sha }}
           message: |
@@ -110,4 +118,3 @@
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
           SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
         run: ./deploy_snapshot.sh
-

diff --git a/.gitignore b/.gitignore
index ff3303c..4b54189 100644
--- a/.gitignore
+++ b/.gitignore

@@ -44,3 +44,4 @@
 *auto-save*
 credentials/*
 secring.gpg
+snapshot-env

diff --git a/credentials.tar.gz b/credentials.tar.gz
deleted file mode 100644
index e69de29..0000000
--- a/credentials.tar.gz
+++ /dev/null


diff --git a/decrypt.sh b/decrypt.sh
deleted file mode 100755
index 2b7610d..0000000
--- a/decrypt.sh
+++ /dev/null

@@ -1,6 +0,0 @@
-if [ "$TRAVIS_REPO_SLUG" != "airbnb/lottie-android" ]; then
-  echo "Skipping decrypt because api keys are not available from forks."
-  exit 0
-fi
-openssl aes-256-cbc -K $encrypted_7f6a0d70974a_key -iv $encrypted_7f6a0d70974a_iv -in secrets.tar.enc -out secrets.tar -d
-tar xvf secrets.tar
\ No newline at end of file

diff --git a/gcloud_run.sh b/gcloud_run.sh
deleted file mode 100755
index 9dc6842..0000000
--- a/gcloud_run.sh
+++ /dev/null

@@ -1,43 +0,0 @@
-#! /bin/bash
-set -e
-if [ -z $TRAVIS_PULL_REQUEST_SLUG ] && [ "$TRAVIS_REPO_SLUG" != "airbnb/lottie-android" ]; then
-  echo "Skipping gcloud run for PR because api keys are not available from forks."
-  exit 0
-fi
-
-if [ ! -f ${HOME}/google-cloud-sdk/install.sh ]; then
-  mkdir $HOME/.cache
-  echo "File not found!"
-  curl https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-209.0.0-linux-x86_64.tar.gz -o gcloud.tar.gz
-  tar xzf gcloud.tar.gz -C ${HOME}
-  ${HOME}/google-cloud-sdk/install.sh --quiet --usage-reporting false
-fi
-echo $GCLOUD_SERVICE_KEY | base64 --decode --ignore-garbage > ${HOME}/.cache/gcloud-service-key.json
-gcloud auth activate-service-account --key-file ${HOME}/.cache/gcloud-service-key.json
-gcloud config set project lottie-snapshots
-
-RunTests()
-{
-gcloud firebase test android run --no-auto-google-login --type instrumentation --device model=Nexus5X,version=26 --app LottieSample/build/outputs/apk/debug/LottieSample-debug.apk --test LottieSample/build/outputs/apk/androidTest/debug/LottieSample-debug-androidTest.apk
-result=$?
-}
-
-./gradlew :LottieSample:assembleDebug :LottieSample:assembleAndroidTest
-RunTests
-
-if [ "$result" -ne "0" ]; then
-  # Retry if it fails. Sometimes the tests fail on Firebase with a native error
-  echo "Firebase tests failed. Trying again."
-  RunTests
-fi
-
-if [ "$result" -ne "0" ]; then
-  # Retry if it fails. Sometimes the tests fail on Firebase with a native error
-  echo "Firebase tests failed. Trying again."
-  RunTests
-fi
-
-if [ "$result" -eq "0" ]; then
-  ./post_pr_comment.js
-fi
-exit $result
\ No newline at end of file

diff --git a/gcloud_setup.sh b/gcloud_setup.sh
deleted file mode 100755
index e29b36e..0000000
--- a/gcloud_setup.sh
+++ /dev/null

@@ -1,18 +0,0 @@
-#! /bin/bash
-echo Slug $TRAVIS_PULL_REQUEST_SLUG
-if [ -z $TRAVIS_PULL_REQUEST_SLUG ] && [ "$TRAVIS_PULL_REQUEST_SLUG" != "airbnb/lottie-android" ]; then
-  echo "Skipping gcloud setup for PR because api keys are not available from forks."
-  exit 0
-fi
-echo $GCLOUD_SERVICE_KEY | base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
-curl https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-182.0.0-linux-x86_64.tar.gz -o gcloud.tar.gz
-tar xzf gcloud.tar.gz -C ${HOME}
-${HOME}/google-cloud-sdk/install.sh --quiet --usage-reporting false
-gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json
-  # - gcloud components update
-gcloud config set project lottie-snapshots
-export TRAVIS_GIT_BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
-export GIT_SHA=$(git rev-parse HEAD)
-export GIT_MERGE_BASE=$(git merge-base master)
-echo GIT_SHA $GIT_SHA
-echo GIT_MERGE_BASE $GIT_MERGE_BASE
\ No newline at end of file

diff --git a/secrets.tar.enc b/secrets.tar.enc
deleted file mode 100644
index 93d2297..0000000
--- a/secrets.tar.enc
+++ /dev/null
Binary files differ

diff --git a/snapshot-env.gpg b/snapshot-env.gpg
new file mode 100644
index 0000000..483601b
--- /dev/null
+++ b/snapshot-env.gpg
Binary files differ
commit	e7383afc846c2ba2b58abe64a03c0c6aab373ea8	[log] [tgz]
author	Gabriel Peal <gpeal@users.noreply.github.com>	Wed Feb 08 11:46:32 2023 -0800
committer	GitHub <noreply@github.com>	Wed Feb 08 11:46:32 2023 -0800
tree	de9534d53cce012bc19471ca118a56c1ceb222ec
parent	e4401727529bfa6afb6c07c7fc581ea81d91bbef [diff]