mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-12 01:14:28 -05:00
6e4c0bd8aa
* Pin upload and download actions by hash * Dont expect encrypted artifacts in release pipeline --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
40 lines
1.0 KiB
YAML
40 lines
1.0 KiB
YAML
name: Download artifact
|
|
description: Download and decrypt an artifact.
|
|
|
|
inputs:
|
|
name:
|
|
description: 'The name of the artifact.'
|
|
required: true
|
|
path:
|
|
description: 'Download to a specified path.'
|
|
required: false
|
|
default: ./
|
|
encryption-secret:
|
|
description: 'The secret to use for decrypting the artifact.'
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Install unzip
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
with:
|
|
nixTools: |
|
|
unzip
|
|
|
|
- name: Create temporary directory
|
|
id: tempdir
|
|
shell: bash
|
|
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Download the artifact
|
|
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
|
with:
|
|
name: ${{ inputs.name }}
|
|
path: ${{ steps.tempdir.outputs.directory }}
|
|
|
|
- name: Decrypt and unzip archive
|
|
shell: bash
|
|
run: |
|
|
unzip -P '${{ inputs.encryption-secret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
|