From a7b9ed4feb2dfd531b212d15d341b5ac91ce84f3 Mon Sep 17 00:00:00 2001
From: Yaroslav Lobankov <y.lobankov@tarantool.org>
Date: Mon, 30 Jan 2023 14:17:29 +0400
Subject: [PATCH] ci: fix alpine workflows for fork pull requests

Generate a test build key when the ALPINE_BUILD_KEY secret is empty.
It is needed for fork PRs where secrets are unavailable.

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci
---
 .github/workflows/alpine_3_16.yml         | 21 ++++++++++++++++++---
 .github/workflows/alpine_3_16_aarch64.yml | 22 ++++++++++++++++++----
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/alpine_3_16.yml b/.github/workflows/alpine_3_16.yml
index 169079f3c4..9b2530987f 100644
--- a/.github/workflows/alpine_3_16.yml
+++ b/.github/workflows/alpine_3_16.yml
@@ -46,6 +46,10 @@ jobs:
       matrix:
         build-type: [ '', 'gc64' ]
 
+    env:
+      OS: 'alpine'
+      DIST: '3.16'
+
     steps:
       - name: Prepare checkout
         uses: tarantool/actions/prepare-checkout@master
@@ -57,11 +61,22 @@ jobs:
 
       - uses: ./.github/actions/environment
 
+      - name: Get ABUILD_KEY
+        run: |
+          echo "ABUILD_KEY<<EOF" >> $GITHUB_ENV
+          if ${{ secrets.ALPINE_BUILD_KEY == '' }}; then
+            # Generate a test build key when the secret is empty. It is needed
+            # for fork PRs where secrets are unavailable.
+            echo "$(docker run --rm packpack/packpack:${OS}-${DIST} \
+              sh -c 'abuild-keygen -q -n && cat /root/.abuild/*.rsa')" \
+              >> $GITHUB_ENV
+          else
+            echo "${{ secrets.ALPINE_BUILD_KEY }}" >> $GITHUB_ENV
+          fi
+          echo "EOF" >> $GITHUB_ENV
+
       - name: packaging
         env:
-          OS: 'alpine'
-          DIST: '3.16'
-          ABUILD_KEY: ${{ secrets.ALPINE_BUILD_KEY }}
           GC64: ${{ matrix.build-type == 'gc64' }}
         run: make -f .pack.mk package
 
diff --git a/.github/workflows/alpine_3_16_aarch64.yml b/.github/workflows/alpine_3_16_aarch64.yml
index 46fbbde11c..61251ff57f 100644
--- a/.github/workflows/alpine_3_16_aarch64.yml
+++ b/.github/workflows/alpine_3_16_aarch64.yml
@@ -41,6 +41,10 @@ jobs:
 
     runs-on: graviton
 
+    env:
+      OS: 'alpine'
+      DIST: '3.16'
+
     steps:
       - name: Prepare checkout
         uses: tarantool/actions/prepare-checkout@master
@@ -52,11 +56,21 @@ jobs:
 
       - uses: ./.github/actions/environment
 
+      - name: Get ABUILD_KEY
+        run: |
+          echo "ABUILD_KEY<<EOF" >> $GITHUB_ENV
+          if ${{ secrets.ALPINE_BUILD_KEY == '' }}; then
+            # Generate a test build key when the secret is empty. It is needed
+            # for fork PRs where secrets are unavailable.
+            echo "$(docker run --rm packpack/packpack:${OS}-${DIST} \
+              sh -c 'abuild-keygen -q -n && cat /root/.abuild/*.rsa')" \
+              >> $GITHUB_ENV
+          else
+            echo "${{ secrets.ALPINE_BUILD_KEY }}" >> $GITHUB_ENV
+          fi
+          echo "EOF" >> $GITHUB_ENV
+
       - name: packaging
-        env:
-          OS: 'alpine'
-          DIST: '3.16'
-          ABUILD_KEY: ${{ secrets.ALPINE_BUILD_KEY }}
         run: make -f .pack.mk package
 
       - name: Send VK Teams message on failure
-- 
GitLab