From 2a589b79047a2431dd443d50c434e7f4767eab51 Mon Sep 17 00:00:00 2001 From: Dario Nieuwenhuis Date: Thu, 25 May 2023 03:43:44 +0200 Subject: [PATCH] ci: replace openid connect with static secret. The oidc token is only valid for 5min, builds are starting to fail because HIL tests take more than 5 min and we only obtain it once at start. Instead of fixing it, let's remove it. My hope for OIDC was to allow running HIL tests on PRs from forks if the author is in a list of trusted users. However GHA simply doesn't give the ID token to PRs from forks. :shrug: Same limitation as with static tokens. So it's useless complexity, let's kill it. --- .github/workflows/rust.yml | 2 ++ ci.sh | 8 ++------ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 47dc8fd7a..0cbca31b8 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -36,6 +36,8 @@ jobs: target_ci key: rust3-${{ runner.os }}-${{ hashFiles('rust-toolchain.toml') }} - name: build + env: + TELEPROBE_TOKEN: ${{ secrets.TELEPROBE_TOKEN }} run: | curl -L -o /usr/local/bin/cargo-batch https://github.com/embassy-rs/cargo-batch/releases/download/batch-0.3.0/cargo-batch chmod +x /usr/local/bin/cargo-batch diff --git a/ci.sh b/ci.sh index 2c46dcc6b..6d906f5f9 100755 --- a/ci.sh +++ b/ci.sh @@ -160,12 +160,8 @@ function run_elf { } if [[ -z "${TELEPROBE_TOKEN-}" ]]; then - if [[ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN-}" ]]; then - echo No teleprobe token found, skipping running HIL tests - exit - fi - - export TELEPROBE_TOKEN=$(curl -sS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | jq -r '.value') + echo No teleprobe token found, skipping running HIL tests + exit fi for board in $(ls out/tests); do