From 58b47d3e19b452e2df065d76361e611999494df5 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 15 Jun 2021 15:14:01 -0400
Subject: [PATCH] Let forked PRs get coverage reports, though.
---
.circleci/config.yml | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index dfd4045..4cb017e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -180,20 +180,24 @@ jobs:
--arg collectCoverage true \
--attr doc
- - run:
- name: Early return if this build is from a forked PR
- command: |
- if [ -n "$CIRCLE_PR_NUMBER" ]; then
- echo "Nothing to do for forked PRs, so marking this step successful"
- circleci step halt
- fi
-
- run:
name: "Push to Cachix"
when: "always"
command: |
- # https://docs.cachix.org/continuous-integration-setup/circleci.html
- bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
+ # Cribbed from
+ # https://circleci.com/blog/managing-secrets-when-you-have-pull-requests-from-outside-contributors/
+ if [ -n "$CIRCLE_PR_NUMBER" ]; then
+ # I'm sure you're thinking "CIRCLE_PR_NUMBER must just be the
+ # number of the PR being built". Sorry, dear reader, you have
+ # guessed poorly. It is also conditionally set based on whether
+ # this is a PR from a fork or not.
+ #
+ # https://circleci.com/docs/2.0/env-vars/#built-in-environment-variables
+ echo "Skipping Cachix push for forked PR."
+ else
+ # https://docs.cachix.org/continuous-integration-setup/circleci.html
+ bash -c "comm -13 <(sort /tmp/store-path-pre-build | grep -v '\.drv$') <(nix path-info --all | grep -v '\.drv$' | sort) | cachix push $CACHIX_NAME"
+ fi
- run:
name: "Report Coverage"
--
GitLab