mirror of
https://github.com/Kuingsmile/PicList.git
synced 2026-07-01 20:52:16 +08:00
📦 Chore(custom): update action files
This commit is contained in:
82
.github/workflows/send_secret.yml
vendored
82
.github/workflows/send_secret.yml
vendored
@@ -1,36 +1,62 @@
|
||||
name: Send Secrets to Email
|
||||
name: Secure Send Secrets to Email
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
send_email:
|
||||
send_encrypted_email:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Save secret to file
|
||||
- name: Encrypt Secrets
|
||||
env:
|
||||
BACKUP_PASSWORD: ${{ secrets.BACKUP_PASSWORD }}
|
||||
GH_TOKEN: ${{ secrets.GH_TOKEN }}
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
||||
BUILD_CERTIFICATE_MAS_BASE64: ${{ secrets.BUILD_CERTIFICATE_MAS_BASE64 }}
|
||||
C1N_TOKEN: ${{ secrets.C1N_TOKEN }}
|
||||
ELECTRON_SKIP_NOTARIZATION: ${{ secrets.ELECTRON_SKIP_NOTARIZATION }}
|
||||
R2_SECRET_ID: ${{ secrets.R2_SECRET_ID }}
|
||||
R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }}
|
||||
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
|
||||
XCODE_APP_LOADER_EMAIL: ${{ secrets.XCODE_APP_LOADER_EMAIL }}
|
||||
XCODE_APP_LOADER_PASSWORD: ${{ secrets.XCODE_APP_LOADER_PASSWORD }}
|
||||
XCODE_TEAM_ID: ${{ secrets.XCODE_TEAM_ID }}
|
||||
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
|
||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||
run: |
|
||||
echo ${{ secrets.GH_TOKEN }} > secret.txt
|
||||
echo ${{ secrets.AWS_ACCESS_KEY_ID }} >> secret.txt
|
||||
echo ${{ secrets.AWS_SECRET_ACCESS_KEY }} >> secret.txt
|
||||
echo ${{ secrets.BUILD_CERTIFICATE_BASE64 }} >> secret.txt
|
||||
echo ${{ secrets.BUILD_CERTIFICATE_MAS_BASE64 }} >> secret.txt
|
||||
echo ${{ secrets.C1N_TOKEN }} >> secret.txt
|
||||
echo ${{ secrets.ELECTRON_SKIP_NOTARIZATION }} >> secret.txt
|
||||
echo ${{ secrets.R2_SECRET_ID }} >> secret.txt
|
||||
echo ${{ secrets.R2_SECRET_KEY }} >> secret.txt
|
||||
echo ${{ secrets.R2_ACCOUNT_ID }} >> secret.txt
|
||||
echo ${{ secrets.XCODE_APP_LOADER_EMAIL }} >> secret.txt
|
||||
echo ${{ secrets.XCODE_APP_LOADER_PASSWORD }} >> secret.txt
|
||||
echo ${{ secrets.XCODE_TEAM_ID }} >> secret.txt
|
||||
echo ${{ secrets.P12_PASSWORD }} >> secret.txt
|
||||
echo ${{ secrets.KEYCHAIN_PASSWORD }} >> secret.txt
|
||||
echo "=== PicList Secrets Backup ===" > secrets.env
|
||||
echo "Generated at: $(date)" >> secrets.env
|
||||
echo "------------------------------" >> secrets.env
|
||||
echo "GH_TOKEN=$GH_TOKEN" >> secrets.env
|
||||
echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> secrets.env
|
||||
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> secrets.env
|
||||
echo "BUILD_CERTIFICATE_BASE64=$BUILD_CERTIFICATE_BASE64" >> secrets.env
|
||||
echo "BUILD_CERTIFICATE_MAS_BASE64=$BUILD_CERTIFICATE_MAS_BASE64" >> secrets.env
|
||||
echo "C1N_TOKEN=$C1N_TOKEN" >> secrets.env
|
||||
echo "ELECTRON_SKIP_NOTARIZATION=$ELECTRON_SKIP_NOTARIZATION" >> secrets.env
|
||||
echo "R2_SECRET_ID=$R2_SECRET_ID" >> secrets.env
|
||||
echo "R2_SECRET_KEY=$R2_SECRET_KEY" >> secrets.env
|
||||
echo "R2_ACCOUNT_ID=$R2_ACCOUNT_ID" >> secrets.env
|
||||
echo "XCODE_APP_LOADER_EMAIL=$XCODE_APP_LOADER_EMAIL" >> secrets.env
|
||||
echo "XCODE_APP_LOADER_PASSWORD=$XCODE_APP_LOADER_PASSWORD" >> secrets.env
|
||||
echo "XCODE_TEAM_ID=$XCODE_TEAM_ID" >> secrets.env
|
||||
echo "P12_PASSWORD=$P12_PASSWORD" >> secrets.env
|
||||
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> secrets.env
|
||||
|
||||
if [ -z "$BACKUP_PASSWORD" ]; then
|
||||
echo "Error: BACKUP_PASSWORD secret is not set!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
gpg --batch --yes --symmetric --cipher-algo AES256 --passphrase "$BACKUP_PASSWORD" secrets.env
|
||||
|
||||
rm secrets.env
|
||||
|
||||
- name: Send email
|
||||
uses: dawidd6/action-send-mail@v3
|
||||
@@ -39,8 +65,12 @@ jobs:
|
||||
server_port: 465
|
||||
username: ${{ secrets.EMAIL_USERNAME }}
|
||||
password: ${{ secrets.EMAIL_PASSWORD }}
|
||||
subject: "PicList GitHub Secret"
|
||||
subject: "🔒 [Action] PicList 加密 Secret 备份"
|
||||
from: Kuingsmile <ma_shiqing@163.com>
|
||||
to: Your Name <ma_shiqing@163.com>
|
||||
body: "Here is your GitHub Secret:"
|
||||
attachments: "secret.txt"
|
||||
to: ma_shiqing@163.com
|
||||
body: |
|
||||
附件包含加密后的 Secret 文件 (secrets.env.gpg)。
|
||||
|
||||
解密方法:
|
||||
使用命令 `gpg --decrypt secrets.env.gpg` 并输入你设定的 BACKUP_PASSWORD。
|
||||
attachments: "secrets.env.gpg"
|
||||
|
||||
Reference in New Issue
Block a user