ci: replace openid connect with static secret.

The oidc token is only valid for 5min, builds are starting to fail because HIL tests
take more than 5 min and we only obtain it once at start.

Instead of fixing it, let's remove it. My hope for OIDC was to allow running
HIL tests on PRs from forks if the author is in a list of trusted users.
However GHA simply doesn't give the ID token to PRs from forks. 🤷
Same limitation as with static tokens. So it's useless complexity, let's kill it.
This commit is contained in:
Dario Nieuwenhuis 2023-05-25 03:43:44 +02:00
parent 5f10eadb8d
commit 2a589b7904
2 changed files with 4 additions and 6 deletions

View File

@ -36,6 +36,8 @@ jobs:
target_ci target_ci
key: rust3-${{ runner.os }}-${{ hashFiles('rust-toolchain.toml') }} key: rust3-${{ runner.os }}-${{ hashFiles('rust-toolchain.toml') }}
- name: build - name: build
env:
TELEPROBE_TOKEN: ${{ secrets.TELEPROBE_TOKEN }}
run: | run: |
curl -L -o /usr/local/bin/cargo-batch https://github.com/embassy-rs/cargo-batch/releases/download/batch-0.3.0/cargo-batch curl -L -o /usr/local/bin/cargo-batch https://github.com/embassy-rs/cargo-batch/releases/download/batch-0.3.0/cargo-batch
chmod +x /usr/local/bin/cargo-batch chmod +x /usr/local/bin/cargo-batch

4
ci.sh
View File

@ -160,14 +160,10 @@ function run_elf {
} }
if [[ -z "${TELEPROBE_TOKEN-}" ]]; then if [[ -z "${TELEPROBE_TOKEN-}" ]]; then
if [[ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN-}" ]]; then
echo No teleprobe token found, skipping running HIL tests echo No teleprobe token found, skipping running HIL tests
exit exit
fi fi
export TELEPROBE_TOKEN=$(curl -sS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | jq -r '.value')
fi
for board in $(ls out/tests); do for board in $(ls out/tests); do
echo Running tests for board: $board echo Running tests for board: $board
for elf in $(ls out/tests/$board); do for elf in $(ls out/tests/$board); do