Conversation
tobiasKaminsky
requested review from
Aiiaiiio,
camilasan,
i2h3,
mgallien and
nilsding
as code owners
mgallien
left a comment
mgallien
left a comment
There was a problem hiding this comment.
@tobiasKaminsky
thanks
can you fix the DCO check ?
see https://github.com/nextcloud/desktop/pull/9622/checks?check_run_id=66942968543
also we want to use conventional commit messages, can you have a look ?
see https://github.com/nextcloud/desktop/actions/runs/23048340558/job/66942971883?pr=9622
tobiasKaminsky
force-pushed
the
drone2garm
branch
2 times, most recently
from
aa835cd to
a4cca2d
Compare
|
Done ✔ I do not have the secrets for debian, thus I could not update them for GitHub Actions. |
|
Hm. Actually it fails: --> working on it |
tobiasKaminsky
force-pushed
the
drone2garm
branch
5 times, most recently
from
e170a11 to
8f2fe2d
Compare
tobiasKaminsky
force-pushed
the
drone2garm
branch
5 times, most recently
from
f0fddba to
f6064f3
Compare
|
@mgallien this works now. |
they are being used there https://github.com/nextcloud/desktop/blob/master/admin/linux/debian/drone-build.sh#L45-L52 @ivaradi I guess from the CI point of view, we do not make use of them ? |
We actually do. They are needed to decode the keys for uploading the source packages to the PPA and the openSUSE build service. I think the current setup is such that the secrets are set for the master branch only, so that only builds performed on that are uploaded. |
@ivaradi I indeed can confirm that our drone Nextcloud run instance has the secrets but not recoverable (the whole point of having secrets) |
|
@ivaradi Full logs are here: For me this looks good? |
this is not that good 🙈 |
|
Here they are used: Both work locally quite fine. |
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
|
Artifact containing the AppImage: nextcloud-appimage-pr-9622.zip Digest: To test this change/fix you can download the above artifact file, unzip it, and run it. Please make sure to quit your existing Nextcloud app and backup your data. |
| on: | ||
| pull_request: | ||
| branches: [ master, stable-* ] |
There was a problem hiding this comment.
Shouldn't this also include the push trigger? if so the run command would need to be updated to make use of e.g. env.GITHUB_SHA (or set DRONE_COMMIT="$GITHUB_SHA" in the script)
(I'm not sure if drone-build.sh should also be run on PRs targeting any stable-* branch, the .drone.yml at least did not include that)
| on: | |
| pull_request: | |
| branches: [ master, stable-* ] | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master, stable-* ] |
There was a problem hiding this comment.
(I'm not sure if
drone-build.shshould also be run on PRs targeting anystable-*branch, the.drone.ymlat least did not include that)
I agree with this.
Also, when running for a pull request, it should not set the secrets, so that those are not uploaded to the PPA. It should set the secrets only when pushing to the master branch.
There was a problem hiding this comment.
@ivaradi so this workflow needs to be changed to only run on.push.branches: [master] then, correct?
There was a problem hiding this comment.
Yes, but it could also run on pull requests.
But for pull requests, the secrets should not be set, so that the source packages are not uploaded to the PPA, if it can be solved. If there is no way to set the secrets selectively, it should not be run for pull requests. (Running on pull requests can be useful to check if I modify something in the Debian scripts.)
That said, I have been thinking for a while of setting up a repository specifically for the Ubuntu/Debian builds, that would periodically check the this repository for new commits and perform the build if one is found. Then this workflow will not be needed at all. So if it is difficult to selectively set the secrets, there should not be too much effort put into it, and we should just settle for building on pushing to the master branch only.
There was a problem hiding this comment.
thanks for the clarification!
I think the easiest way to not pass the secrets to the workflow would be to duplicate the workflow file: one for push events to master which sets those secrets in ENV, and another one for pull_request ones which doesn't.
I also just found another place in the script that needs to be adapted to GitHub Actions: pull_request=${DRONE_PULL_REQUEST:=master}. As DRONE_PULL_REQUEST is not set this variable would always end up as master, which is one condition to update the build on OBS ...
|
| on: | ||
| pull_request: | ||
| branches: [ master, stable-* ] |
There was a problem hiding this comment.
thanks for the clarification!
I think the easiest way to not pass the secrets to the workflow would be to duplicate the workflow file: one for push events to master which sets those secrets in ENV, and another one for pull_request ones which doesn't.
I also just found another place in the script that needs to be adapted to GitHub Actions: pull_request=${DRONE_PULL_REQUEST:=master}. As DRONE_PULL_REQUEST is not set this variable would always end up as master, which is one condition to update the build on OBS ...
4 participants
No description provided.