GitHub actions ci - Githubissues

deepstreamIO / deepstream.io

deepstream.io server

https://deepstreamio.github.io

MIT License

7.13k stars 382 forks source link

GitHub actions ci #1096

Closed jaime-ez closed 3 years ago

jaime-ez commented 3 years ago

Solves #1087

One job for test and lint on every push or pull.
One release job for every tag matching v* that will publish to npm, build linux, windows and mac binaries and release them in github and run the docker release script.

IMPORTANT: On the repository secrets the NPM_TOKEN, DOCKERHUB_USERNAME and DOCKERHUB_TOKEN must be set. @yasserf please take a look at this since I don't have access to repo settings.

yasserf commented 3 years ago

Secrets are environment variables that are encrypted. Anyone with collaborator access to the repositories with access to each secret can use it for Actions.

Secrets are not passed to workflows that are triggered by a pull request from a fork. Learn more.

Organization secrets cannot be used by private repositories with your plan.

Please consider upgrading your plan if you require this functionality.

I haven't use github actions before, but you should have access to secrets.

jaime-ez commented 3 years ago

this is my view of this repo: Screenshot from 2021-02-04 07-07-43

this is the view of my fork: Screenshot from 2021-02-04 07-09-06

In the settings menu is where secrets are managed. I don't have access to settings on this repo, nor on the clinet repo

yasserf commented 3 years ago

Okay, I added you specifically as an admin to those two repos.

TBH I'm definitely not a fan of how GitHub structures their permissions. I'm perfectly fine giving you admin rights, but it seems secrets are bundled into the same priority as the ability to delete projects! 😅 Just a security itch.

But you should now have full access to the deepstream.io and client.

Unfortunately, we would also need to pay for an organization account to share secrets between repos, but since we don't really rotate npm keys we'll just put them post repo and avoid rotating keys.

Sorry about the long responses to this as well. I currently have a job + working on a side project in my spare time so very limited availability.

Feel free to make wider changes in the codebase / more ownership if you want. I'm happy to review and give you the final verdict if it helps the project progress faster.

Thanks again!

jaime-ez commented 3 years ago

Ok, I'll do my best not to delete the repo :)

However...either you set the docker token and username on secrets, or give me access also to the deepstream.io docker account :/

Let me know what you'll do, afterwards I'll merge this pull.

And I hope you'll find time for giving your input when some issues arise, in fact I'll leave a comment on the closed issue about heartbeats where I'm still having some doubts.

But rest assure, I don't plan on doing anything that goes beyond maintenance and documentation without your review :+1: