[GHA] Fail early when required secret not set.

diff --git a/.github/docker/debian/bookworm/amd64/Dockerfile b/.github/docker/debian/bookworm/amd64/Dockerfile
index 844d9494a4bc10e88f511679a6d60be7e5eba245..7b1dc8bf38bc97f90279690aefa2808b4c103f1e 100644 (file)
--- a/.github/docker/debian/bookworm/amd64/Dockerfile
+++ b/.github/docker/debian/bookworm/amd64/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bookworm/arm32v7/Dockerfile b/.github/docker/debian/bookworm/arm32v7/Dockerfile
index 164e60235628811896349ea7ca36f631996315f5..08608032a4d0aea5fea874d961d2f4abf2637a55 100644 (file)
--- a/.github/docker/debian/bookworm/arm32v7/Dockerfile
+++ b/.github/docker/debian/bookworm/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bookworm/arm64v8/Dockerfile b/.github/docker/debian/bookworm/arm64v8/Dockerfile
index 0e30f8504e6b9549ab416c08b93fb1d1273f9e0d..e509a587e6de5b33db028fc1d3ec2e496e58c9c7 100644 (file)
--- a/.github/docker/debian/bookworm/arm64v8/Dockerfile
+++ b/.github/docker/debian/bookworm/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/amd64/Dockerfile b/.github/docker/debian/bullseye/amd64/Dockerfile
index e4557f1ed66cbf41f1b0d9e19f81702fe82e02a7..0d11c84dec144b3fcb20eb377b0750adea12abde 100644 (file)
--- a/.github/docker/debian/bullseye/amd64/Dockerfile
+++ b/.github/docker/debian/bullseye/amd64/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/arm32v7/Dockerfile b/.github/docker/debian/bullseye/arm32v7/Dockerfile
index 03eb59b40f8e5385d5bff271ab845aed549e5038..7ea36d1bcc922b112098959eddc02ce29d4df71d 100644 (file)
--- a/.github/docker/debian/bullseye/arm32v7/Dockerfile
+++ b/.github/docker/debian/bullseye/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/bullseye/arm64v8/Dockerfile b/.github/docker/debian/bullseye/arm64v8/Dockerfile
index ca216a82d7e4c9c03401188daa4e3ec01650ed52..ae3429cff72bc32d3c280adf937e14b06945ec5d 100644 (file)
--- a/.github/docker/debian/bullseye/arm64v8/Dockerfile
+++ b/.github/docker/debian/bullseye/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/amd64/Dockerfile b/.github/docker/debian/buster/amd64/Dockerfile
index a0da4dbe7cc4306c097368e4314f9d38143402ba..9f3d03f14c8ef5da93e3a03ab9049d19235543a5 100644 (file)
--- a/.github/docker/debian/buster/amd64/Dockerfile
+++ b/.github/docker/debian/buster/amd64/Dockerfile
@@ -64,7 +64,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -73,7 +73,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/arm32v7/Dockerfile b/.github/docker/debian/buster/arm32v7/Dockerfile
index c283d9c6ce238c8381397e525a1aed915a5c123c..362c2a6602790beb38043666b9bfd6616c8a6737 100644 (file)
--- a/.github/docker/debian/buster/arm32v7/Dockerfile
+++ b/.github/docker/debian/buster/arm32v7/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/docker/debian/buster/arm64v8/Dockerfile b/.github/docker/debian/buster/arm64v8/Dockerfile
index ac1f77959fdc83a3eb3098503f253b3613e645a1..ed678405a923e607223ec7240fbca18f3bcb15c0 100644 (file)
--- a/.github/docker/debian/buster/arm64v8/Dockerfile
+++ b/.github/docker/debian/buster/arm64v8/Dockerfile
@@ -63,7 +63,7 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
 RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
 RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
 
-RUN --mount=type=secret,id=REPO_PASSWORD \
+RUN --mount=type=secret,id=REPO_PASSWORD,required=true \
     printf "machine ${REPO_DOMAIN} "  > /etc/apt/auth.conf && \
     printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
     printf "password "               >> /etc/apt/auth.conf && \
@@ -72,7 +72,6 @@ RUN --mount=type=secret,id=REPO_PASSWORD \
         --fail \
         --netrc-file /etc/apt/auth.conf \
         --output ${GPG_KEY} \
-        --silent \
         https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
     file ${GPG_KEY} && \
     apt-get --quiet update && \

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e16da9a36480102dd87efd31ba839a84cd6782f6..ec183137b4365d59ab0f3c769fa15fb9743c32a1 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,12 @@
 name: Build and Distribute
 
 on:
+  pull_request_target:
+    types:
+      - ready_for_review
+    paths:
+      - '**'
+      - '!.github/'
   pull_request:
   push:
     branches:
@@ -23,7 +29,7 @@ jobs:
         run: |
           JSON="[]"
 
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+          if [[ "${{ github.event_name }}" == "pull_request" || "${{ github.event_name }}" == "pull_request_target" ]]; then
             JSON=$(jq -n '[
               {
                 "version": "bookworm",