diff options
author | Aldo Cortesi <aldo@corte.si> | 2018-03-08 07:55:52 +1300 |
---|---|---|
committer | Aldo Cortesi <aldo@corte.si> | 2018-03-08 08:06:03 +1300 |
commit | 380e4bc14d2d37df5af3be53abf2e9b8be79efcb (patch) | |
tree | 7da28877e1ab97a85479d65dc3ce16238e1beb0f | |
parent | be089e53cfef04656807e8e1a95c5ae5cd9fd58c (diff) | |
download | mitmproxy-380e4bc14d2d37df5af3be53abf2e9b8be79efcb.tar.gz mitmproxy-380e4bc14d2d37df5af3be53abf2e9b8be79efcb.tar.bz2 mitmproxy-380e4bc14d2d37df5af3be53abf2e9b8be79efcb.zip |
release: don't upload assets for PRs from the main repo
-rwxr-xr-x | release/ci.py | 15 | ||||
-rw-r--r-- | tox.ini | 2 |
2 files changed, 16 insertions, 1 deletions
diff --git a/release/ci.py b/release/ci.py index a7ecfae5..53a2632f 100755 --- a/release/ci.py +++ b/release/ci.py @@ -215,11 +215,26 @@ def build(): print("Packed {}.".format(archive_name(bdist))) +def is_pr(): + if os.environ.get("TRAVIS_PULL_REQUEST") != "false": + return True + elif os.environ.get("APPVEYOR_PULL_REQUEST_NUMBER"): + return True + return False + + @cli.command("upload") def upload(): """ Upload snapshot to snapshot server """ + # This requires some explanation. The AWS access keys are only exposed to + # privileged builds - that is, they are not available to PRs from forks. + # However, they ARE exposed to PRs from a branch within the main repo. This + # check catches that corner case, and prevents an inadvertent upload. + if is_pr(): + print("Refusing to upload a pull request") + return if "AWS_ACCESS_KEY_ID" in os.environ: subprocess.check_call( [ @@ -33,7 +33,7 @@ commands = python test/individual_coverage.py [testenv:cibuild] -passenv = TRAVIS_TAG TRAVIS_BRANCH AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY APPVEYOR_REPO_TAG_NAME APPVEYOR_REPO_TAG APPVEYOR_REPO_BRANCH RTOOL_KEY WHEEL +passenv = TRAVIS_* AWS_* APPVEYOR_* RTOOL_KEY WHEEL deps = -rrequirements.txt pyinstaller==3.3.1 |