diff --git a/.github/workflows/generator-android.yml b/.github/workflows/generator-android.yml index a4b81cd..8bdd7cc 100644 --- a/.github/workflows/generator-android.yml +++ b/.github/workflows/generator-android.yml @@ -76,48 +76,17 @@ jobs: suffix: "", } steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Finalize and Cleanup zip/json if: always() # Run even if previous steps fail diff --git a/.github/workflows/generator-linux.yml b/.github/workflows/generator-linux.yml index 8aae7c8..c597f21 100644 --- a/.github/workflows/generator-linux.yml +++ b/.github/workflows/generator-linux.yml @@ -72,48 +72,17 @@ jobs: vcpkg-triplet: arm64-linux, } steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Export GitHub Actions cache environment variables uses: actions/github-script@v6 @@ -666,48 +635,17 @@ jobs: - { target: x86_64-unknown-linux-gnu, arch: x86_64 } - { target: aarch64-unknown-linux-gnu, arch: aarch64 } steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Checkout source code if: ${{ env.VERSION != 'master' }} @@ -784,48 +722,17 @@ jobs: suffix: "", } steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Checkout source code if: ${{ env.VERSION != 'master' }} @@ -901,48 +808,17 @@ jobs: needs: [build-rustdesk-linux,build-flatpak,build-appimage] runs-on: ubuntu-latest steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Finalize and Cleanup zip/json if: always() # Run even if previous steps fail diff --git a/.github/workflows/generator-macos.yml b/.github/workflows/generator-macos.yml index 07a4c2a..a511ffa 100644 --- a/.github/workflows/generator-macos.yml +++ b/.github/workflows/generator-macos.yml @@ -72,46 +72,17 @@ jobs: STATUS_URL: "${{ secrets.GENURL }}/updategh" steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}') - r.raise_for_status() - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - api_server = secrets.get('apiServer', '').strip() - api_server = api_server.rstrip('/') - - rdgen_value = str(secrets.get('rdgen', 'false')).lower() - if rdgen_value == "true": - status_url = "${{ secrets.GENURL }}/updategh" - else: - status_url = f"{api_server}/api/updategh" - env_file.write(f"STATUS_URL={status_url}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Finalize and Cleanup zip/json if: always() # Run even if previous steps fail diff --git a/.github/workflows/generator-windows-x86.yml b/.github/workflows/generator-windows-x86.yml index 6d178f2..abd8d00 100644 --- a/.github/workflows/generator-windows-x86.yml +++ b/.github/workflows/generator-windows-x86.yml @@ -65,48 +65,17 @@ jobs: } # - { target: aarch64-pc-windows-msvc, os: windows-2022 } steps: - - name: install python deps - run: | - pip install requests pyzipper - - name: Download, Decrypt, and Mask - shell: python - run: | - import requests - import pyzipper - import io - import os - import json - import time + - name: Checkout Repository + uses: actions/checkout@v4 + + - uses: actions/download-artifact@v4 + with: + name: encrypted-secrets-zip - for attempt in range(5): - try: - print(f"Downloading secrets (Attempt {attempt + 1})...") - r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30) - r.raise_for_status() - break - except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: - if attempt < 4: - print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...") - time.sleep(30) - else: - print("Max retries reached. Failing.") - raise e - - try: - with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf: - zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode()) - with zf.open('secrets.json') as f: - secrets = json.load(f) - except Exception as e: - print(f"Error: Could not decrypt ZIP. Check if password matches. {e}") - exit(1) - - with open(os.environ['GITHUB_ENV'], 'a') as env_file: - for key, value in secrets.items(): - print(f"::add-mask::{value}") - env_file.write(f"{key}={value}\n") - - print("Secrets loaded into environment.") + - name: Load Secrets + uses: ./.github/actions/decrypt-secrets + with: + zip_password: ${{ secrets.ZIP_PASSWORD }} - name: Finalize and Cleanup zip/json if: always() # Run even if previous steps fail