mirror of
https://github.com/bryangerlach/rdgen.git
synced 2026-02-21 20:00:53 +00:00
.
This commit is contained in:
33
.github/actions/decrypt-secrets/action.yml
vendored
Normal file
33
.github/actions/decrypt-secrets/action.yml
vendored
Normal file
@@ -0,0 +1,33 @@
|
||||
name: 'Decrypt and Mask Secrets'
|
||||
description: 'Decrypts a zip and masks the JSON contents as env vars'
|
||||
inputs:
|
||||
zip_password:
|
||||
description: 'Password for the Zip'
|
||||
required: true
|
||||
zip_path:
|
||||
description: 'Path to the encrypted zip'
|
||||
required: false
|
||||
default: 'secrets.zip'
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Decrypt and Mask
|
||||
shell: python
|
||||
run: |
|
||||
import pyzipper
|
||||
import json
|
||||
import os
|
||||
|
||||
with pyzipper.AESZipFile('${{ inputs.zip_path }}') as zf:
|
||||
zf.setpassword('${{ inputs.zip_password }}'.encode())
|
||||
with zf.open('secrets.json') as f:
|
||||
secrets = json.load(f)
|
||||
|
||||
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
|
||||
for key, value in secrets.items():
|
||||
if value:
|
||||
print(f"::add-mask::{value}")
|
||||
env_file.write(f"{key}={value}\n")
|
||||
|
||||
print(f"Successfully masked {len(secrets)} secrets.")
|
||||
42
.github/workflows/fetch-encrypted-secrets.yml
vendored
Normal file
42
.github/workflows/fetch-encrypted-secrets.yml
vendored
Normal file
@@ -0,0 +1,42 @@
|
||||
name: Fetch Encrypted Secrets
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
zip_url_json:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
download-zip:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Download with Retry
|
||||
shell: python
|
||||
run: |
|
||||
import requests
|
||||
import json
|
||||
import time
|
||||
|
||||
input_data = json.loads('${{ inputs.zip_url_json }}')
|
||||
url = f"{input_data['url']}/get_zip?filename={input_data['file']}"
|
||||
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading (Attempt {attempt + 1})...")
|
||||
r = requests.get(url, timeout=20)
|
||||
r.raise_for_status()
|
||||
with open('secrets.zip', 'wb') as f:
|
||||
f.write(r.content)
|
||||
break
|
||||
except Exception as e:
|
||||
if attempt < 4:
|
||||
time.sleep(5 * (2 ** attempt))
|
||||
else: raise e
|
||||
|
||||
- name: Upload Encrypted Artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: encrypted-secrets-zip
|
||||
path: secrets.zip
|
||||
retention-days: 1
|
||||
2
.github/workflows/generator-android.yml
vendored
2
.github/workflows/generator-android.yml
vendored
@@ -92,7 +92,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
|
||||
8
.github/workflows/generator-linux.yml
vendored
8
.github/workflows/generator-linux.yml
vendored
@@ -88,7 +88,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
@@ -682,7 +682,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
@@ -800,7 +800,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
@@ -917,7 +917,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
|
||||
2
.github/workflows/generator-windows-x86.yml
vendored
2
.github/workflows/generator-windows-x86.yml
vendored
@@ -81,7 +81,7 @@ jobs:
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
|
||||
66
.github/workflows/generator-windows.yml
vendored
66
.github/workflows/generator-windows.yml
vendored
@@ -42,12 +42,18 @@ env:
|
||||
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
uses: ./.github/workflows/fetch-encrypted-secrets.yml
|
||||
with:
|
||||
zip_url_json: ${{ inputs.zip_url }}
|
||||
|
||||
generate-bridge:
|
||||
uses: ./.github/workflows/bridge.yml
|
||||
with:
|
||||
version: ${{ inputs.version }}
|
||||
|
||||
build-RustDeskTempTopMostWindow:
|
||||
needs: setup
|
||||
uses: ./.github/workflows/third-party-RustDeskTempTopMostWindow.yml
|
||||
with:
|
||||
upload-artifact: true
|
||||
@@ -61,7 +67,7 @@ jobs:
|
||||
|
||||
build-for-windows-flutter:
|
||||
name: Build Windows
|
||||
needs: [build-RustDeskTempTopMostWindow, generate-bridge]
|
||||
needs: [build-RustDeskTempTopMostWindow, generate-bridge, setup]
|
||||
runs-on: ${{ matrix.job.os }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
@@ -77,48 +83,14 @@ jobs:
|
||||
}
|
||||
# - { target: aarch64-pc-windows-msvc, os: windows-2022, arch: aarch64 }
|
||||
steps:
|
||||
- name: install python deps
|
||||
run: |
|
||||
pip install requests pyzipper
|
||||
- name: Download, Decrypt, and Mask
|
||||
shell: python
|
||||
run: |
|
||||
import requests
|
||||
import pyzipper
|
||||
import io
|
||||
import os
|
||||
import json
|
||||
import time
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: encrypted-secrets-zip
|
||||
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
if attempt < 4:
|
||||
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
|
||||
time.sleep(30)
|
||||
else:
|
||||
print("Max retries reached. Failing.")
|
||||
raise e
|
||||
|
||||
try:
|
||||
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
|
||||
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
|
||||
with zf.open('secrets.json') as f:
|
||||
secrets = json.load(f)
|
||||
except Exception as e:
|
||||
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
|
||||
exit(1)
|
||||
|
||||
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
|
||||
for key, value in secrets.items():
|
||||
print(f"::add-mask::{value}")
|
||||
env_file.write(f"{key}={value}\n")
|
||||
|
||||
print("Secrets loaded into environment.")
|
||||
- name: Load Secrets
|
||||
uses: ./.github/actions/decrypt-secrets
|
||||
with:
|
||||
zip_password: ${{ secrets.ZIP_PASSWORD }}
|
||||
|
||||
- name: Finalize and Cleanup zip/json
|
||||
if: always() # Run even if previous steps fail
|
||||
@@ -717,3 +689,13 @@ jobs:
|
||||
method: 'POST'
|
||||
customHeaders: '{"Content-Type": "application/json"}'
|
||||
data: '{"uuid": "${{ env.uuid }}", "status": "Generation cancelled, try again"}'
|
||||
|
||||
cleanup:
|
||||
needs: [build-for-windows-flutter]
|
||||
runs-on: ubuntu-latest
|
||||
if: always()
|
||||
steps:
|
||||
- name: Delete secrets artifact
|
||||
uses: geekyeggo/delete-artifact@v1
|
||||
with:
|
||||
name: encrypted-secrets-zip
|
||||
|
||||
@@ -45,48 +45,14 @@ jobs:
|
||||
run: |
|
||||
git clone https://github.com/rustdesk-org/RustDeskTempTopMostWindow RustDeskTempTopMostWindow
|
||||
|
||||
- name: install python deps
|
||||
run: |
|
||||
pip install requests pyzipper
|
||||
- name: Download, Decrypt, and Mask
|
||||
shell: python
|
||||
run: |
|
||||
import requests
|
||||
import pyzipper
|
||||
import io
|
||||
import os
|
||||
import json
|
||||
import time
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: encrypted-secrets-zip
|
||||
|
||||
for attempt in range(5):
|
||||
try:
|
||||
print(f"Downloading secrets (Attempt {attempt + 1})...")
|
||||
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300)
|
||||
r.raise_for_status()
|
||||
break
|
||||
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
|
||||
if attempt < 4:
|
||||
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
|
||||
time.sleep(5)
|
||||
else:
|
||||
print("Max retries reached. Failing.")
|
||||
raise e
|
||||
|
||||
try:
|
||||
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
|
||||
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
|
||||
with zf.open('secrets.json') as f:
|
||||
secrets = json.load(f)
|
||||
except Exception as e:
|
||||
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
|
||||
exit(1)
|
||||
|
||||
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
|
||||
for key, value in secrets.items():
|
||||
print(f"::add-mask::{value}")
|
||||
env_file.write(f"{key}={value}\n")
|
||||
|
||||
print("Secrets loaded into environment.")
|
||||
- name: Load Secrets
|
||||
uses: ./.github/actions/decrypt-secrets
|
||||
with:
|
||||
zip_password: ${{ secrets.ZIP_PASSWORD }}
|
||||
|
||||
- name: Finalize and Cleanup zip/json
|
||||
if: always() # Run even if previous steps fail
|
||||
|
||||
Reference in New Issue
Block a user