update sveltekit csp header #65
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Broadcast Frontend Hash | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| dfx_version: | ||
| description: 'Release version of dfx' | ||
| default: "latest" | ||
| # release: | ||
| # # https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=released#release | ||
| # # "A release was published, or a pre-release was changed to a release." | ||
| # types: [released] | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| env: | ||
| PLAYGROUND_REPO: ${{ github.repository_owner }}/motoko-playground | ||
| FILE: service/wasm-utils/whitelisted_wasms.txt | ||
| # When getting Rust dependencies, retry on network error: | ||
| CARGO_NET_RETRY: 10 | ||
| # Use the local .curlrc | ||
| CURL_HOME: . | ||
| # Disable DFX telemetry | ||
| DFX_TELEMETRY: 'off' | ||
| jobs: | ||
| update-frontend-hash: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Install sponge | ||
| run: sudo apt-get install --yes moreutils | ||
| - name: Checkout dfinity/sdk repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # workaround to fetch all tags: https://github.com/actions/checkout/issues/701 | ||
| path: sdk | ||
| - name: Get new hash | ||
| working-directory: ./sdk | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| git checkout ${{ inputs.dfx_version }} | ||
| echo "NEW_HASH=$(shasum -a 256 src/distributed/assetstorage.wasm.gz | cut -f1 -d" ")" >> $GITHUB_ENV | ||
| - name: Create GitHub App Token | ||
| uses: actions/create-github-app-token@v2 | ||
| id: app-token | ||
| with: | ||
| app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} | ||
| private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} | ||
| - name: Checkout dfinity/motoko-playground repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| token: ${{ steps.app-token.outputs.token }} | ||
| repository: ${{ env.PLAYGROUND_REPO }} | ||
| path: motoko-playground | ||
| - name: Modify Rust file | ||
| working-directory: ./motoko-playground | ||
| run: | | ||
| # Below won't work on MacOS. If you want to debug it on MacOS, run: | ||
| # > sudo docker run -ti --rm ubuntu /bin/bash | ||
| # ubuntu> apt-get update && apt-get install --yes moreutils --fix-missing | ||
| head -n -1 ${{ env.FILE }} | sponge ${{ env.FILE }} | ||
| echo ' "${{ env.NEW_HASH }}", // dfx ${{ inputs.dfx_version }} frontend canister' >> ${{ env.FILE }} | ||
| echo ']' >> ${{ env.FILE }} | ||
| - name: Create GitHub App Token | ||
| uses: actions/create-github-app-token@v2 | ||
| id: app-token | ||
| with: | ||
| app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} | ||
| private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} | ||
| - name: Commit files, push changes, and create PR | ||
| env: | ||
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | ||
| working-directory: ./motoko-playground | ||
| run: | | ||
| git config author.email "${{ github.event.sender.id }}+${{ github.event.sender.login }}@users.noreply.github.com" | ||
| git config author.name "${{ github.event.sender.login }}" | ||
| git config committer.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
| git config committer.name "GitHub Actions Bot" | ||
| git config user.email "${{ github.event.sender.id }}+${{ github.event.sender.login }}@users.noreply.github.com" | ||
| git config user.name "${{ github.event.sender.login }}" | ||
| git checkout -b broadcast-frontend-hash-${{ inputs.dfx_version }} | ||
| git add ${{ env.FILE }} | ||
| git status | ||
| git commit -m "Update hash for dfx version ${{ inputs.dfx_version }}" | ||
| git push origin broadcast-frontend-hash-${{ inputs.dfx_version }} | ||
| echo "- new hash: ${{ env.NEW_HASH }}" >> pr.md | ||
| echo "- release: https://github.com/${{ github.repository_owner }}/sdk/releases/tag/${{ inputs.dfx_version }}" >> pr.md | ||
| gh pr create --title "chore: Whitelist frontend canister hash from dfx version ${{ inputs.dfx_version }}" \ | ||
| --body-file pr.md \ | ||
| --base main \ | ||
| --head broadcast-frontend-hash-${{ inputs.dfx_version }} \ | ||
| --repo ${{ env.PLAYGROUND_REPO }} \ | ||
| --draft | ||
