GitHub Action正在运行在功能分支上,它应该只在主分支或发布分支上运行。

huangapple go评论53阅读模式
英文:

github action is running on feature branches and it should only run on main branch or release branch

问题

我有以下 GitHub 操作,即使我创建了一个名称不是 mainmasterrelease 的特性分支,它也会运行该操作。

我做错了什么?

# 请参考 https://raw.githubusercontent.com/zellwk/zellwk.com/master/.github/workflows/deploy.yml
name: deploy
on:
  push:
    branches:
      - main
      - master
      - release
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1

      - name: 安装 SSH 密钥
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          known_hosts: unnecessary

      - name: 添加已知主机
        run: ssh-keyscan -p ${{ secrets.SSH_PORT}} -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts

      - name: 为发布设置环境文件和 jwk.json
        if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
        run: |
          echo "${{secrets.PRODUCTION_ENV }}" >> .env.prod
          ln -sf .env.prod .env
          echo "${{secrets.PRODUCTION_JWK}}" | base64 --decode >> jwk.json          

      - name: 为开发设置环境文件和 jwk.json
        if: ${{ !contains(github.ref_name, 'release') || github.ref != 'refs/heads/release' }}
        run: |
          echo "${{secrets.DEVELOPMENT_ENV }}" >> .env.dev
          ln -sf .env.dev .env
          echo "${{secrets.DEVELOPMENT_JWK}}" | base64 --decode >> jwk.json          

      - name: 发布发布版使用 rsync
        if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
        # 来自 ./bin/deploy.sh
        run: rsync -azvP -e "ssh -p ${{ secrets.SSH_PORT }}" --delete --exclude=node_modules --exclude=redis-data --exclude=.idea --exclude=.git --exclude=mongo_data --exclude=data01 --exclude=uploads --exclude=emails.txt --exclude=main --exclude=deno --exclude=app --exclude=database.sqlite --exclude=database.sqlite-journal --exclude=data ./ ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}}:www/${{secrets.HOST_PATH_PROD}}/${{secrets.HOST_PROJECT}}

      - name: 发布开发版使用 rsync
        if: ${{ !contains(github.ref_name, 'release') && github.ref != 'refs/heads/release' }}
        # 来自 ./bin/deploy.sh
        run: rsync -azvP -e "ssh -p ${{ secrets.SSH_PORT }}" --delete --exclude=node_modules --exclude=redis-data --exclude=.idea --exclude=.git --exclude=mongo_data --exclude=data01 --exclude=uploads --exclude=emails.txt --exclude=main --exclude=deno --exclude=app --exclude=database.sqlite --exclude=database.sqlite-journal --exclude=data ./ ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}}:www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}

      - name: 发布后脚本用于发布版
        if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
        # 来自 ./bin/deploy.sh
        run: ssh -t ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}} -p ${{secrets.SSH_PORT}} $HOME/www/${{secrets.HOST_PATH_PROD}}/${{secrets.HOST_PROJECT}}/bin/post-deploy.sh

      - name: 发布后脚本用于开发版
        if: ${{ !contains(github.ref_name, 'release') && github.ref != 'refs/heads/release' }}
        # 来自 ./bin/deploy.sh
        run: ssh -t ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}} -p ${{secrets.SSH_PORT}} $HOME/www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}/bin/post-deploy.sh

它不应该在推送到不同分支(如:feature1)时运行该操作。

英文:

I have the following github action and it runs the action even if I create a feature branch with a name other than main, master, or release

What am I doing wrong?

#see https://raw.githubusercontent.com/zellwk/zellwk.com/master/.github/workflows/deploy.yml
name: deploy
on:
push:
branches:
- main
- master
- release
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- name: Install SSH Key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_PRIVATE_KEY }}
known_hosts: unnecessary
- name: Adding Known Hosts
run: ssh-keyscan -p ${{ secrets.SSH_PORT}} -H ${{ secrets.SSH_HOST }}  >> ~/.ssh/known_hosts
- name: Set env file and jwk.json for release
if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
run: |
echo "${{secrets.PRODUCTION_ENV }}" > .env.prod
ln -sf .env.prod .env
echo "${{secrets.PRODUCTION_JWK}}" | base64 --decode > jwk.json
- name: Set env file and jwk.json for development
if: ${{ !contains(github.ref_name, 'release') || github.ref != 'refs/heads/release' }}
run: |
echo "${{secrets.DEVELOPMENT_ENV }}" > .env.dev
ln -sf .env.dev .env
echo "${{secrets.DEVELOPMENT_JWK}}" | base64 --decode > jwk.json
- name: Deploy with rsync for release
if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
# from ./bin/deploy.sh
run: rsync -azvP -e "ssh -p ${{ secrets.SSH_PORT }}" --delete --exclude=node_modules --exclude=redis-data --exclude=.idea --exclude=.git --exclude=mongo_data --exclude=data01 --exclude=uploads --exclude=emails.txt --exclude=main --exclude=deno --exclude=app --exclude=database.sqlite --exclude=database.sqlite-journal --exclude=data ./ ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}}:www/${{secrets.HOST_PATH_PROD}}/${{secrets.HOST_PROJECT}}
#        run: rsync -avz -e "ssh -p ${{ secrets.SSH_PORT }}" ./dist/ ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/zellwk.com/
- name: Deploy with rsync for development
if: ${{ !contains(github.ref_name, 'release') && github.ref != 'refs/heads/release' }}
# from ./bin/deploy.sh
run: rsync -azvP -e "ssh -p ${{ secrets.SSH_PORT }}" --delete --exclude=node_modules --exclude=redis-data --exclude=.idea --exclude=.git --exclude=mongo_data --exclude=data01 --exclude=uploads --exclude=emails.txt --exclude=main --exclude=deno --exclude=app --exclude=database.sqlite --exclude=database.sqlite-journal --exclude=data ./ ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}}:www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}
- name: Post-Deploy script for release
if: ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }}
# from ./bin/deploy.sh
run: ssh -t ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}} -p ${{secrets.SSH_PORT}} \$HOME/www/${{secrets.HOST_PATH_PROD}}/${{secrets.HOST_PROJECT}}/bin/post-deploy.sh
- name: Post-Deploy script for development
if: ${{ !contains(github.ref_name, 'release') && github.ref != 'refs/heads/release' }}
# from ./bin/deploy.sh
run: ssh -t ${{secrets.SSH_USER}}@${{secrets.SSH_HOST}} -p ${{secrets.SSH_PORT}} \$HOME/www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}/bin/post-deploy.sh
# - name: Restart App Server
#   uses: appleboy/ssh-action@master
#   with:
#     host: ${{ secrets.SSH_HOST }}
#     username: ${{ secrets.SSH_USER }}
#     key: ${{ secrets.SSH_PRIVATE_KEY }}
#     port: ${{ secrets.SSH_PORT }}
#     debug: true
#     # from ./bin/post-deploy.sh
#     #            if [ ${{ contains(github.ref_name, 'release') || github.ref == 'refs/heads/release' }} ]; then
#     #           else
#     #             cd $HOME/www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}
#     #             deno upgrade
#     #             sudo /etc/init.d/nginx reload
#     #             sudo systemctl daemon-reload
#     #             sudo systemctl restart ${{secrets.META_SERVICE_DEV}}
#     #           fi
#     script: |
#       cd $HOME/www/${{secrets.HOST_PATH_DEV}}/${{secrets.HOST_PROJECT}}
#       deno upgrade
#       sudo /etc/init.d/nginx reload
#       sudo systemctl daemon-reload
#       sudo systemctl restart ${{secrets.META_SERVICE_DEV}}

it shouldn't run the action on push to a different branch ie: feature1

答案1

得分: 1

以下是已翻译的内容:

有两个事情正在发生。尽管你已经在主/主分支中更新了YAML文件,但现有的分支可能有一个没有过滤器的YAML文件的副本。你可以通过将新的YAML文件cherry-pick到现有的分支中来修复这个问题。

另一件事是你可以定义一个环境,并在YAML文件中添加一个environment: xxxxx,以及一个环境上的分支过滤器。这将阻止人们针对该环境运行部署作业。

在你的存储库设置中,导航到environments,添加一个环境(任何名称都可以),然后将Deployment branches设置为Selected branches,然后使用➕ Add Deployment Branch将你想要允许的分支添加到列表中。

通过将所有的生产密钥放在Environment Secrets列表中,而不是Repository Secrets中,你还可以防止其他人从任何不特定目标这个环境的工作流中访问这些密钥。

英文:

There are 2 things going on. Even though you've updated the YAML file in the main/master branch, it's likely that existing branches have a copy of the YAML file without the filter. You can fix that by cherry-picking the new YAML file into the existing branches.

The other thing you can do is define an Environment and add an environment: xxxxx to the YAML file and a branch filter on the environment. That will prevent people from running the deploy job against the environment.

In your repository settings, navigate to environments add an environment (any name will do) and then set the Deployment branches to Selected branches and then add the list of branches you want to allow to the list using the ➕ Add Deployment Branch.

By putting all the production secrets in the list of Environment Secrets instead of the Repository Secrets you also prevent others from accessing these from any workflow that doesn't specifically target this environment.

GitHub Action正在运行在功能分支上,它应该只在主分支或发布分支上运行。

huangapple
  • 本文由 发表于 2023年2月8日 21:30:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/75386516.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定