From ce3d6ac233e8d204b4bcdeaabe59089eeb73af7a Mon Sep 17 00:00:00 2001 From: YANG QIA <2013xile@gmail.com> Date: Tue, 27 Aug 2024 19:50:01 +0800 Subject: [PATCH] fix(release): decrypt token error occasionally (#5143) * fix(release): decrypt token error occasionally * chore: update --- .github/workflows/build-pro-image.yml | 3 +-- .github/workflows/get-nocobase-app-token.yml | 3 +-- .github/workflows/manual-build-pro-image.yml | 3 +-- .github/workflows/manual-release.yml | 6 ++---- .github/workflows/release-next.yml | 3 +-- .github/workflows/release.yml | 3 +-- 6 files changed, 7 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-pro-image.yml b/.github/workflows/build-pro-image.yml index a1deadc821..72edb5ea69 100644 --- a/.github/workflows/build-pro-image.yml +++ b/.github/workflows/build-pro-image.yml @@ -33,8 +33,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/get-nocobase-app-token.yml b/.github/workflows/get-nocobase-app-token.yml index abfc2b1b2c..1c3b51dc97 100644 --- a/.github/workflows/get-nocobase-app-token.yml +++ b/.github/workflows/get-nocobase-app-token.yml @@ -30,8 +30,7 @@ jobs: shell: bash run: | APP_TOKEN=${{ steps.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$APP_TOKEN" | openssl enc -aes-256-cbc -pbkdf2 -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - ENCRYPTED_SECRET=$(echo -n "$BINARY_ENCRYPTED_SECRET" | base64 -w 0); + ENCRYPTED_SECRET=$(echo -n "$APP_TOKEN" | openssl enc -aes-256-cbc -pbkdf2 -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}" | base64 -w 0); echo "token=$ENCRYPTED_SECRET" >> $GITHUB_OUTPUT - name: Get GitHub App User ID id: get-user-id diff --git a/.github/workflows/manual-build-pro-image.yml b/.github/workflows/manual-build-pro-image.yml index b23c8be2f2..78c7fb98db 100644 --- a/.github/workflows/manual-build-pro-image.yml +++ b/.github/workflows/manual-build-pro-image.yml @@ -34,8 +34,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/manual-release.yml b/.github/workflows/manual-release.yml index f0ed8a67c4..2dee6668b1 100644 --- a/.github/workflows/manual-release.yml +++ b/.github/workflows/manual-release.yml @@ -30,8 +30,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v4 @@ -60,8 +59,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/release-next.yml b/.github/workflows/release-next.yml index 004f01065f..5ba6d7b8af 100644 --- a/.github/workflows/release-next.yml +++ b/.github/workflows/release-next.yml @@ -21,8 +21,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9eba8a0b25..75d6b0b746 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,8 +23,7 @@ jobs: shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode); - APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); + APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v3