Use craft master #22
Use craft master #22
Conversation
| sudo curl -sL -o /usr/local/bin/craft "$craft_url" | ||
| sudo chmod +x /usr/local/bin/craft | ||
| - name: Craft Prepare | ||
| - uses: docker://getsentry/craft:latest |
There was a problem hiding this comment.
I took this from the publish yaml.
There was a problem hiding this comment.
The default entrypoint for crafts docker image is craft binary. Without changing it, nothing will most likely(?) work, that's why its modified in the mentioned yaml - https://github.com/getsentry/publish/blob/737df8f68fbd4d237ff365de964a321ba0ef3bf8/.github/workflows/publish.yml#L66-L67
There was a problem hiding this comment.
This will significantly slow down preparations as the Docker image is huge. Also what @kamilogorek said, you cannot just use run: etc with a custom docker image.
There was a problem hiding this comment.
It is a bit tricky to figure out but my recommendation would be to download the latest build artifact from Craft master instead.
There was a problem hiding this comment.
Thanks for the tips! :)
| sudo curl -sL -o /usr/local/bin/craft "$craft_url" | ||
| sudo chmod +x /usr/local/bin/craft | ||
| - name: Craft Prepare | ||
| - uses: docker://getsentry/craft:latest |
There was a problem hiding this comment.
The default entrypoint for crafts docker image is craft binary. Without changing it, nothing will most likely(?) work, that's why its modified in the mentioned yaml - https://github.com/getsentry/publish/blob/737df8f68fbd4d237ff365de964a321ba0ef3bf8/.github/workflows/publish.yml#L66-L67
getsentry/publish#666
What are the security implications here? Anyone with write access to the
craftrepo can already inject code into thepublishrepo (so actually we should limit who can push tomasteroncraftto the same set of people that can managepublish), which has all of the sensitive GH secrets. This action is used in less-sensitive repos. I think we're okay.