Load env via gpg (#2231)
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 4bcf6b3..f3d7b2b 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,7 +1,7 @@
name: Validate
on:
- pull_request_target:
+ pull_request:
push:
branches:
- master
@@ -67,12 +67,20 @@
distribution: 'zulu'
java-version: 11
cache: 'gradle'
+ - name: Setup env
+ shell: bash
+ run: |
+ echo ${{ vars.ENV_PASSPHRASE }} | gpg --quiet --batch --yes --decrypt --passphrase-fd 0 \
+ --output snapshot-env snapshot-env.gpg
+ while read line; do
+ echo "$line" >> $GITHUB_ENV
+ done < snapshot-env
- name: Build app
env:
- LOTTIE_S3_API_KEY: ${{ secrets.LOTTIE_S3_API_KEY }}
- LOTTIE_S3_SECRET_KEY: ${{ secrets.LOTTIE_S3_SECRET_KEY }}
- LOTTIE_HAPPO_API_KEY: ${{ secrets.LOTTIE_HAPPO_API_KEY }}
- LOTTIE_HAPPO_SECRET_KEY: ${{ secrets.LOTTIE_HAPPO_SECRET_KEY }}
+ LOTTIE_S3_API_KEY: ${{ env.LOTTIE_S3_API_KEY }}
+ LOTTIE_S3_SECRET_KEY: ${{ env.LOTTIE_S3_SECRET_KEY }}
+ LOTTIE_HAPPO_API_KEY: ${{ env.LOTTIE_HAPPO_API_KEY }}
+ LOTTIE_HAPPO_SECRET_KEY: ${{ env.LOTTIE_HAPPO_SECRET_KEY }}
run: ./gradlew snapshot-tests:assembleDebug snapshot-tests:assembleDebugAndroidTest --no-daemon
- name: Run tests
uses: emulator-wtf/run-tests@master
@@ -85,7 +93,7 @@
model=Pixel2,version=31
outputs-dir: build/test-results
- uses: mshick/add-pr-comment@v2
- if: github.event_name == 'pull_request_target'
+ if: github.event_name == 'pull_request'
with:
message-id: ${{ github.sha }}
message: |
@@ -110,4 +118,3 @@
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
run: ./deploy_snapshot.sh
-
diff --git a/.gitignore b/.gitignore
index ff3303c..4b54189 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,3 +44,4 @@
*auto-save*
credentials/*
secring.gpg
+snapshot-env
diff --git a/credentials.tar.gz b/credentials.tar.gz
deleted file mode 100644
index e69de29..0000000
--- a/credentials.tar.gz
+++ /dev/null
diff --git a/decrypt.sh b/decrypt.sh
deleted file mode 100755
index 2b7610d..0000000
--- a/decrypt.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-if [ "$TRAVIS_REPO_SLUG" != "airbnb/lottie-android" ]; then
- echo "Skipping decrypt because api keys are not available from forks."
- exit 0
-fi
-openssl aes-256-cbc -K $encrypted_7f6a0d70974a_key -iv $encrypted_7f6a0d70974a_iv -in secrets.tar.enc -out secrets.tar -d
-tar xvf secrets.tar
\ No newline at end of file
diff --git a/gcloud_run.sh b/gcloud_run.sh
deleted file mode 100755
index 9dc6842..0000000
--- a/gcloud_run.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#! /bin/bash
-set -e
-if [ -z $TRAVIS_PULL_REQUEST_SLUG ] && [ "$TRAVIS_REPO_SLUG" != "airbnb/lottie-android" ]; then
- echo "Skipping gcloud run for PR because api keys are not available from forks."
- exit 0
-fi
-
-if [ ! -f ${HOME}/google-cloud-sdk/install.sh ]; then
- mkdir $HOME/.cache
- echo "File not found!"
- curl https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-209.0.0-linux-x86_64.tar.gz -o gcloud.tar.gz
- tar xzf gcloud.tar.gz -C ${HOME}
- ${HOME}/google-cloud-sdk/install.sh --quiet --usage-reporting false
-fi
-echo $GCLOUD_SERVICE_KEY | base64 --decode --ignore-garbage > ${HOME}/.cache/gcloud-service-key.json
-gcloud auth activate-service-account --key-file ${HOME}/.cache/gcloud-service-key.json
-gcloud config set project lottie-snapshots
-
-RunTests()
-{
-gcloud firebase test android run --no-auto-google-login --type instrumentation --device model=Nexus5X,version=26 --app LottieSample/build/outputs/apk/debug/LottieSample-debug.apk --test LottieSample/build/outputs/apk/androidTest/debug/LottieSample-debug-androidTest.apk
-result=$?
-}
-
-./gradlew :LottieSample:assembleDebug :LottieSample:assembleAndroidTest
-RunTests
-
-if [ "$result" -ne "0" ]; then
- # Retry if it fails. Sometimes the tests fail on Firebase with a native error
- echo "Firebase tests failed. Trying again."
- RunTests
-fi
-
-if [ "$result" -ne "0" ]; then
- # Retry if it fails. Sometimes the tests fail on Firebase with a native error
- echo "Firebase tests failed. Trying again."
- RunTests
-fi
-
-if [ "$result" -eq "0" ]; then
- ./post_pr_comment.js
-fi
-exit $result
\ No newline at end of file
diff --git a/gcloud_setup.sh b/gcloud_setup.sh
deleted file mode 100755
index e29b36e..0000000
--- a/gcloud_setup.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#! /bin/bash
-echo Slug $TRAVIS_PULL_REQUEST_SLUG
-if [ -z $TRAVIS_PULL_REQUEST_SLUG ] && [ "$TRAVIS_PULL_REQUEST_SLUG" != "airbnb/lottie-android" ]; then
- echo "Skipping gcloud setup for PR because api keys are not available from forks."
- exit 0
-fi
-echo $GCLOUD_SERVICE_KEY | base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
-curl https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-182.0.0-linux-x86_64.tar.gz -o gcloud.tar.gz
-tar xzf gcloud.tar.gz -C ${HOME}
-${HOME}/google-cloud-sdk/install.sh --quiet --usage-reporting false
-gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json
- # - gcloud components update
-gcloud config set project lottie-snapshots
-export TRAVIS_GIT_BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
-export GIT_SHA=$(git rev-parse HEAD)
-export GIT_MERGE_BASE=$(git merge-base master)
-echo GIT_SHA $GIT_SHA
-echo GIT_MERGE_BASE $GIT_MERGE_BASE
\ No newline at end of file
diff --git a/secrets.tar.enc b/secrets.tar.enc
deleted file mode 100644
index 93d2297..0000000
--- a/secrets.tar.enc
+++ /dev/null
Binary files differ
diff --git a/snapshot-env.gpg b/snapshot-env.gpg
new file mode 100644
index 0000000..483601b
--- /dev/null
+++ b/snapshot-env.gpg
Binary files differ