From 6ebf8a0de442b3b51b9aeeb63c9ea433b3012d77 Mon Sep 17 00:00:00 2001 From: Gerwin Klein Date: Tue, 14 May 2024 15:31:33 +1000 Subject: [PATCH] github: authenticate earlier for Mac deployment Authenticate earlier and unlock MacOS keychain so that the rest of the job can access dockerhub. Also unlock MacOS keychain on normal builds. It looks like if credentials are present, docker wants to access them. Signed-off-by: Gerwin Klein --- .github/workflows/docker-build.yml | 2 ++ .github/workflows/docker-deploy.yml | 10 ++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index bc7149c..ad4d721 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -22,6 +22,8 @@ jobs: name: Docker images (ARM64) runs-on: [self-hosted, macos, ARM64] steps: + - name: "Unlock MacOS Keychain" + run: security unlock-keychain -p ${{secrets.M2_MINI_PWD}} - uses: actions/checkout@v4 # don't use cached images on the self-hosted runner to make sure we are # picking up current Debian repo state. The GitHub runners start from diff --git a/.github/workflows/docker-deploy.yml b/.github/workflows/docker-deploy.yml index f525fcc..db20418 100644 --- a/.github/workflows/docker-deploy.yml +++ b/.github/workflows/docker-deploy.yml @@ -87,6 +87,12 @@ jobs: TAG: ${{ needs.tag.outputs.tag }} SNAPSHOT_DATE: ${{ needs.tag.outputs.snapshot_date }} steps: + - name: Authenticate + if: ${{ github.repository_owner == 'seL4' }} + run: | + security unlock-keychain -p ${{secrets.M2_MINI_PWD}} + echo ${{secrets.DOCKER_TOKEN}} | docker login -u ${{secrets.DOCKER_USER}} --password-stdin + - uses: actions/checkout@v4 - name: "Build trustworthysystems/sel4" run: | @@ -100,10 +106,6 @@ jobs: docker tag trustworthysystems/camkes-cakeml-rust:latest \ trustworthysystems/camkes-cakeml-rust:${TAG}-arm64 - - name: Authenticate - if: ${{ github.repository_owner == 'seL4' }} - run: docker login -u ${{secrets.DOCKER_USER}} -p ${{secrets.DOCKER_TOKEN}} - - name: "Push trustworthysystems/sel4" if: ${{ github.repository_owner == 'seL4' }} run: |