From 7678957898a76ff412b66517fcbf0bb4d6fb8f34 Mon Sep 17 00:00:00 2001
From: Mike Miller <87874+mikeage@users.noreply.github.com>
Date: Thu, 27 Jun 2024 15:06:01 +0300
Subject: [PATCH] Add workflow jobs to make it easier to manage unity license
 secrets (#4)

---
 .github/workflows/export_secrets.yml         | 33 ++++++++++++++++++++
 .github/workflows/test_unity_credentials.yml | 22 +++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 .github/workflows/export_secrets.yml
 create mode 100644 .github/workflows/test_unity_credentials.yml

diff --git a/.github/workflows/export_secrets.yml b/.github/workflows/export_secrets.yml
new file mode 100644
index 00000000..034f50b6
--- /dev/null
+++ b/.github/workflows/export_secrets.yml
@@ -0,0 +1,33 @@
+---
+# yamllint disable rule:line-length
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Backup secrets (to OpenSSL encrypted file)
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+
+jobs:
+  backup_secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Backup secrets
+        env:
+          SECRETS: ${{ toJSON(secrets) }}
+          VARS: ${{ toJSON(vars) }}
+          OPENSSL_ITER: 1000
+          OPENSSL_PASS: ${{ secrets.SECRET_EXPORT_OPENSSL_PASSWORD }}
+        run: |
+          echo "$SECRETS" | tee secrets.txt
+          echo "$VARS" | tee vars.txt
+          openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.txt -out secrets.enc.txt -pass pass:$OPENSSL_PASS
+          openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.txt -out vars.enc.txt -pass pass:$OPENSSL_PASS
+          echo "To decrypt the secrets, use the following command(s):"
+          echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.enc.txt -out secrets.txt -pass pass:<your_password>"
+          echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.enc.txt -out vars.txt -pass pass:<your_password>"
+
+      - name: Upload encrypted secrets
+        uses: actions/upload-artifact@v4
+        with:
+          name: exports
+          path: |
+            secrets.enc.txt
+            vars.enc.txt
diff --git a/.github/workflows/test_unity_credentials.yml b/.github/workflows/test_unity_credentials.yml
new file mode 100644
index 00000000..3ee00c3f
--- /dev/null
+++ b/.github/workflows/test_unity_credentials.yml
@@ -0,0 +1,22 @@
+---
+# yamllint disable rule:line-length
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Test Unity Credentials
+on:
+  workflow_dispatch:
+
+env:
+  UNITY_VERSION: "2021.3.30f1"
+  UNITY_EMAIL: ${{ vars.UNITY_EMAIL }}
+  UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+  UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+
+jobs:
+  test_license:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Unity - Activate
+        uses: game-ci/unity-activate@v2
+      - name: Unity - Return License
+        uses: game-ci/unity-return-license@v2
+        if: always()