When submitting a build manifest to builds.sr.ht for a public repository, if
sourcescontains an SSH URL for the project's git.sr.ht upstream, it gets replaced by an HTTPS URL before cloning.
This has the knock-on impact of causing failure of any step that pushes to the upstream.
- Create public or unlisted repository
- Create build manifest including SSH clone URL as the source
- Provide a private SSH key secret
- Execute the build
- The SSH URL is used to clone the project, authenticating with the SSH key
- The project is cloned using the public HTTPS URL
- Seen in: https://builds.sr.ht/~brhiggins/job/556716
- Source manifest: https://git.sr.ht/~brhiggins/site/tree/1defb03197673b8de532c38e22e86c287f7e2b51/item/.build.yml
- Transformed manifest: https://builds.sr.ht/api/jobs/556716/manifest
When trying to upload a secret via the 'Manage secrets' page of build.sr.ht, it's easy to complete the journey without ticking a radio button. No error message is displayed, and the page just reloads.
- Open https://builds.sr.ht/secrets
- Paste a secret string in the 'Secret' box
- Click 'Add secret'
An error message appears telling me I need to tick the 'File' radio button.
The page reloads with no error message.
Clicking the 'File' radio button causes the file upload elements to appear, which I interpreted mean I intended to upload my secret as a file. Via IRC chat I learned that I need to paste and click the 'File' radio, but then ignore the file upload. I think this journey could be improved a little.