shaytan/rdgen
1
0
Fork 1
mirror of https://github.com/bryangerlach/rdgen.git synced 2026-02-21 11:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

secrets

Browse Source
This commit is contained in:
Bryan Gerlach
2026-02-11 16:01:06 -06:00
parent 461a8a56ff
commit 98128704a5
4 changed files with 70 additions and 285 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
.github/workflows/generator-android.yml vendored
View File

@@ -76,48 +76,17 @@ jobs:
suffix: "",
}
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail

204
.github/workflows/generator-linux.yml vendored
View File

@@ -72,48 +72,17 @@ jobs:
vcpkg-triplet: arm64-linux,
}
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Export GitHub Actions cache environment variables
uses: actions/github-script@v6
@@ -666,48 +635,17 @@ jobs:
- { target: x86_64-unknown-linux-gnu, arch: x86_64 }
- { target: aarch64-unknown-linux-gnu, arch: aarch64 }
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Checkout source code
if: ${{ env.VERSION != 'master' }}
@@ -784,48 +722,17 @@ jobs:
suffix: "",
}
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Checkout source code
if: ${{ env.VERSION != 'master' }}
@@ -901,48 +808,17 @@ jobs:
needs: [build-rustdesk-linux,build-flatpak,build-appimage]
runs-on: ubuntu-latest
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail

49
.github/workflows/generator-macos.yml vendored
View File

@@ -72,46 +72,17 @@ jobs:
STATUS_URL: "${{ secrets.GENURL }}/updategh"
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}')
r.raise_for_status()
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
api_server = secrets.get('apiServer', '').strip()
api_server = api_server.rstrip('/')
rdgen_value = str(secrets.get('rdgen', 'false')).lower()
if rdgen_value == "true":
status_url = "${{ secrets.GENURL }}/updategh"
else:
status_url = f"{api_server}/api/updategh"
env_file.write(f"STATUS_URL={status_url}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail

51
.github/workflows/generator-windows-x86.yml vendored
View File

@@ -65,48 +65,17 @@ jobs:
}
# - { target: aarch64-pc-windows-msvc, os: windows-2022 }
steps:
- name: install python deps
run: |
pip install requests pyzipper
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
- name: Checkout Repository
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: encrypted-secrets-zip
for attempt in range(5):
try:
print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Load Secrets
uses: ./.github/actions/decrypt-secrets
with:
zip_password: ${{ secrets.ZIP_PASSWORD }}
- name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail