fix(cli): hide secrets #280

Summary
Jobs
- release
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CI
	on:
	push:
	branches:
	- main
	env:
	NODE_VERSION: 20
	PNPM_VERSION: 9
	jobs:
	release:
	runs-on: ubuntu-latest
	services:
	mariadb:
	image: mariadb:10.4
	env:
	MYSQL_ROOT_PASSWORD: root
	volumes:
	- /var/lib/mysql-files:/var/lib/mysql-files
	ports:
	- 127.0.0.1:3307:3306
	steps:
	- name: Configure MariaDB
	run: \|
	CONTAINER_ID=${{ job.services.mariadb.id }}
	docker exec $CONTAINER_ID sh -c 'echo [mysqld] > /etc/mysql/mariadb.conf.d/settings.cnf'
	docker exec $CONTAINER_ID sh -c 'echo "secure_file_priv=/var/lib/mysql-files" >> /etc/mysql/mariadb.conf.d/settings.cnf'
	docker kill --signal=SIGHUP $CONTAINER_ID
	- uses: actions/checkout@v4
	- uses: pnpm/action-setup@v4
	with:
	version: ${{ env.PNPM_VERSION }}
	- uses: actions/setup-node@v4
	with:
	node-version: ${{ env.NODE_VERSION }}
	cache: pnpm
	- run: pnpm install
	- run: pnpm build
	- name: Install system dependencies
	run: sudo apt-get install restic git tar pigz -y
	- name: Update restic
	run: sudo restic self-update
	- name: Test
	run: sudo npm test
	env:
	CI: true
	- uses: actions/cache@v4
	with:
	path: ~/.pkg-cache/
	key: ${{ runner.os }}-pkg
	- run: pnpm build:dist
	- run: pnpm build:bin
	- name: Create release pull request or publish to npm
	id: changesets
	uses: changesets/action@v1
	with:
	commit: "chore: update versions"
	title: Update versions
	publish: pnpm exec changeset publish
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	- name: Upload release artifacts
	uses: actions/upload-artifact@v4
	with:
	name: release-artifacts
	path: bin/*
	if-no-files-found: error
	- id: release-name
	uses: actions/github-script@v7
	env:
	PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }}
	with:
	script: \|
	const published = JSON.parse(process.env.PUBLISHED_PACKAGES);
	for (const { name, version } of published)
	core.setOutput(name, version);
	- name: Upload release assets
	if: steps.release-name.outputs['datatruck']
	uses: softprops/action-gh-release@v1
	with:
	files: bin/*
	name: datatruck@${{ steps.release-name.outputs['datatruck'] }}
	tag_name: datatruck@${{ steps.release-name.outputs['datatruck'] }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Delete nightly release
	uses: sgpublic/[email protected]
	with:
	pre-release-drop: true
	pre-release-keep-count: -1
	pre-release-drop-tag: true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Create nightly release
	if: steps.release-name.outputs['datatruck'] == ''
	uses: softprops/action-gh-release@v1
	with:
	tag_name: datatruck@nightly
	name: datatruck@nightly
	files: bin/*
	prerelease: true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- id: changesets_meta
	name: Build changesets meta
	uses: actions/github-script@v7
	env:
	PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }}
	with:
	script: \|-
	const output = {};
	const published = JSON.parse(process.env.PUBLISHED_PACKAGES);
	output['@datatruck/cli:published'] = false;
	published.forEach(({ name, version }) => {
	const vars = { version, published: true };
	Object.keys(vars).forEach(n => output[`${name}:${n}`] = vars[n]);
	});
	console.info(output);
	Object.keys(output).forEach(k => core.setOutput(k, output[k]));
	- id: image_meta
	name: Build image metadata
	uses: docker/metadata-action@v5
	if: steps.changesets_meta.outputs['@datatruck/cli:version'] != ''
	with:
	images: ghcr.io/${{ github.repository }}
	tags: \|-
	type=schedule
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}},value=v${{ steps.changesets_meta.outputs['@datatruck/cli:version'] }}
	type=semver,pattern={{major}}.{{minor}},value=v${{ steps.changesets_meta.outputs['@datatruck/cli:version'] }}
	type=semver,pattern={{major}},value=v${{ steps.changesets_meta.outputs['@datatruck/cli:version'] }}
	type=sha
	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Login Docker
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build and publish image
	uses: docker/build-push-action@v5
	with:
	tags: ${{ steps.image_meta.outputs.tags }}
	labels: ${{ steps.image_meta.outputs.labels }}
	push: ${{ steps.changesets_meta.outputs['@datatruck/cli:published'] }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(cli): hide secrets #280

Workflow file

fix(cli): hide secrets #280

Jobs

Run details

Workflow file for this run