ci - do not encrypt build logs if password unavailable (forks CI friendly)

2026-02-27 15:37:40 +01:00 · 2026-02-25 01:45:23 +05:30
parent b8354d3d0e
commit d748a89b47
5 changed files with 28 additions and 26 deletions
--- a/.github/workflows/alpha.yml
+++ b/.github/workflows/alpha.yml
@@ -143,24 +143,24 @@ jobs:
      # --------------------------------------------------
      - uses: actions/upload-artifact@v4
        with:
-          name: encrypted-build-logs-${{ env.MARKETING_VERSION }}.zip
-          path: encrypted-build-logs.zip
+          name: build-logs-${{ env.MARKETING_VERSION }}.zip
+          path: build-logs.zip

      - uses: actions/upload-artifact@v4
        if: >
          vars.ENABLE_TESTS == '1' &&
          vars.ENABLE_TESTS_BUILD == '1'
        with:
-          name: encrypted-tests-build-logs-${{ env.SHORT_COMMIT }}.zip
-          path: encrypted-tests-build-logs.zip
+          name: tests-build-logs-${{ env.SHORT_COMMIT }}.zip
+          path: tests-build-logs.zip

      - uses: actions/upload-artifact@v4
        if: >
          vars.ENABLE_TESTS == '1' &&
          vars.ENABLE_TESTS_RUN == '1'
        with:
-          name: encrypted-tests-run-logs-${{ env.SHORT_COMMIT }}.zip
-          path: encrypted-tests-run-logs.zip
+          name: tests-run-logs-${{ env.SHORT_COMMIT }}.zip
+          path: tests-run-logs.zip

      - uses: actions/upload-artifact@v4
        with:
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -177,8 +177,8 @@ jobs:
      - uses: actions/upload-artifact@v4
        if: steps.build_gate.outputs.should_skip != 'true'
        with:
-          name: encrypted-build-logs-${{ env.MARKETING_VERSION }}.zip
-          path: encrypted-build-logs.zip
+          name: build-logs-${{ env.MARKETING_VERSION }}.zip
+          path: build-logs.zip

      - uses: actions/upload-artifact@v4
        if: >
@@ -186,8 +186,8 @@ jobs:
          vars.ENABLE_TESTS == '1' &&
          vars.ENABLE_TESTS_BUILD == '1'
        with:
-          name: encrypted-tests-build-logs-${{ env.SHORT_COMMIT }}.zip
-          path: encrypted-tests-build-logs.zip
+          name: tests-build-logs-${{ env.SHORT_COMMIT }}.zip
+          path: tests-build-logs.zip

      - uses: actions/upload-artifact@v4
        if: >
@@ -195,8 +195,8 @@ jobs:
          vars.ENABLE_TESTS == '1' &&
          vars.ENABLE_TESTS_RUN == '1'
        with:
-          name: encrypted-tests-run-logs-${{ env.SHORT_COMMIT }}.zip
-          path: encrypted-tests-run-logs.zip
+          name: tests-run-logs-${{ env.SHORT_COMMIT }}.zip
+          path: tests-run-logs.zip

      - uses: actions/upload-artifact@v4
        if: steps.build_gate.outputs.should_skip != 'true'
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -76,8 +76,8 @@ jobs:

      - uses: actions/upload-artifact@v4
        with:
-          name: encrypted-build-logs-${{ env.MARKETING_VERSION }}.zip
-          path: encrypted-build-logs.zip
+          name: build-logs-${{ env.MARKETING_VERSION }}.zip
+          path: build-logs.zip

      - uses: actions/upload-artifact@v4
        with:
--- a/.github/workflows/stable.yml
+++ b/.github/workflows/stable.yml
@@ -90,8 +90,8 @@ jobs:

      - uses: actions/upload-artifact@v4
        with:
-          name: encrypted-build-logs-${{ env.MARKETING_VERSION }}.zip
-          path: encrypted-build-logs.zip
+          name: build-logs-${{ env.MARKETING_VERSION }}.zip
+          path: build-logs.zip

      - uses: actions/upload-artifact@v4
        with:
--- a/scripts/ci/workflow.py
+++ b/scripts/ci/workflow.py
@@ -7,6 +7,7 @@ from pathlib import Path
 import time
 import json
 import re
+from posix import getcwd

 # REPO ROOT relative to script dir
 ROOT = Path(__file__).resolve().parents[2]
@@ -214,13 +215,14 @@ def tests_run(model):
 # ----------------------------------------------------------

 def encrypt_logs(name):
-    default_pwd = "12345"
-    pwd = getenv("BUILD_LOG_ZIP_PASSWORD", default_pwd)
+    pwd = getenv("BUILD_LOG_ZIP_PASSWORD")

-    if pwd == default_pwd:
-        print("Warning: BUILD_LOG_ZIP_PASSWORD not set, using fallback password", file=sys.stderr)
-
-    run(f'cd build/logs && zip -e -P "{pwd}" ../../{name}.zip *')
+    # skip encryption entirely if no password provided
+    if not pwd or not pwd.strip():
+        print("BUILD_LOG_ZIP_PASSWORD not set — skipping encryption", file=sys.stderr)
+        return
+    cwd = getcwd()
+    run(f'cd {cwd}/build/logs && zip -e -P "{pwd}" {cwd}/{name}.zip *')

 # ----------------------------------------------------------
 # RELEASE NOTES
@@ -409,7 +411,7 @@ def upload_release(release_name, release_tag, commit_sha, repo, upstream_tag_rec

    run(
        f'gh release upload "{release_tag}" '
-        f'SideStore.ipa SideStore.dSYMs.zip encrypted-build-logs.zip '
+        f'SideStore.ipa SideStore.dSYMs.zip build-logs.zip '
        f'--clobber'
    )

@@ -483,9 +485,9 @@ COMMANDS = {
    # ----------------------------------------------------------
    # LOG ENCRYPTION
    # ----------------------------------------------------------
-    "encrypt-build"           : (lambda: encrypt_logs("encrypted-build-logs"),        0, ""),
-    "encrypt-tests-build"     : (lambda: encrypt_logs("encrypted-tests-build-logs"),  0, ""),
-    "encrypt-tests-run"       : (lambda: encrypt_logs("encrypted-tests-run-logs"),    0, ""),
+    "encrypt-build"           : (lambda: encrypt_logs("build-logs"),        0, ""),
+    "encrypt-tests-build"     : (lambda: encrypt_logs("tests-build-logs"),  0, ""),
+    "encrypt-tests-run"       : (lambda: encrypt_logs("tests-run-logs"),    0, ""),

    # ----------------------------------------------------------
    # RELEASE / DEPLOY