Add workflow jobs to make it easier to manage unity license secrets

icosa-foundation · Jun 27, 2024 · 651fb74 · 651fb74
1 parent 33579c3
commit 651fb74
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 0 deletions.
diff --git a/.github/workflows/export_secrets.yml b/.github/workflows/export_secrets.yml
@@ -0,0 +1,33 @@
+---
+# yamllint disable rule:line-length
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Backup secrets (to OpenSSL encrypted file)
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+
+jobs:
+  backup_secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Backup secrets
+        env:
+          SECRETS: ${{ toJSON(secrets) }}
+          VARS: ${{ toJSON(vars) }}
+          OPENSSL_ITER: 1000
+          OPENSSL_PASS: ${{ secrets.SECRET_EXPORT_OPENSSL_PASSWORD }}
+        run: |
+          echo "$SECRETS" | tee secrets.txt
+          echo "$VARS" | tee vars.txt
+          openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.txt -out secrets.enc.txt -pass pass:$OPENSSL_PASS
+          openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.txt -out vars.enc.txt -pass pass:$OPENSSL_PASS
+          echo "To decrypt the secrets, use the following command(s):"
+          echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.enc.txt -out secrets.txt -pass pass:<your_password>"
+          echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.enc.txt -out vars.txt -pass pass:<your_password>"
+
+      - name: Upload encrypted secrets
+        uses: actions/upload-artifact@v4
+        with:
+          name: exports
+          path: |
+            secrets.enc.txt
+            vars.enc.txt
diff --git a/.github/workflows/test_unity_credentials.yml b/.github/workflows/test_unity_credentials.yml
@@ -0,0 +1,22 @@
+---
+# yamllint disable rule:line-length
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Test Unity Credentials
+on:
+  workflow_dispatch:
+
+env:
+  UNITY_VERSION: "2021.3.30f1"
+  UNITY_EMAIL: ${{ vars.UNITY_EMAIL }}
+  UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+  UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+
+jobs:
+  test_license:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Unity - Activate
+        uses: game-ci/unity-activate@v2
+      - name: Unity - Return License
+        uses: game-ci/unity-return-license@v2
+        if: always()