filip/rdgen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Bryan Gerlach
2026-02-11 15:19:04 -06:00
parent 962c98f682
commit 365af0fceb
7 changed files with 112 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/actions/decrypt-secrets/action.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: 'Decrypt and Mask Secrets'
description: 'Decrypts a zip and masks the JSON contents as env vars'
inputs:
zip_password:
description: 'Password for the Zip'
required: true
zip_path:
description: 'Path to the encrypted zip'
required: false
default: 'secrets.zip'
runs:
using: "composite"
steps:
- name: Decrypt and Mask
shell: python
run: |
import pyzipper
import json
import os
with pyzipper.AESZipFile('${{ inputs.zip_path }}') as zf:
zf.setpassword('${{ inputs.zip_password }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
if value:
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print(f"Successfully masked {len(secrets)} secrets.")

42
.github/workflows/fetch-encrypted-secrets.yml vendored Normal file
View File

@@ -0,0 +1,42 @@
name: Fetch Encrypted Secrets
on:
workflow_call:
inputs:
zip_url_json:
required: true
type: string
jobs:
download-zip:
runs-on: ubuntu-latest
steps:
- name: Download with Retry
shell: python
run: |
import requests
import json
import time
input_data = json.loads('${{ inputs.zip_url_json }}')
url = f"{input_data['url']}/get_zip?filename={input_data['file']}"
for attempt in range(5):
try:
print(f"Downloading (Attempt {attempt + 1})...")
r = requests.get(url, timeout=20)
r.raise_for_status()
with open('secrets.zip', 'wb') as f:
f.write(r.content)
break
except Exception as e:
if attempt < 4:
time.sleep(5 * (2 ** attempt))
else: raise e
- name: Upload Encrypted Artifact
uses: actions/upload-artifact@v4
with:
name: encrypted-secrets-zip
path: secrets.zip
retention-days: 1

2
.github/workflows/generator-android.yml vendored
View File

@@ -92,7 +92,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:

8
.github/workflows/generator-linux.yml vendored
View File

@@ -88,7 +88,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
@@ -682,7 +682,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
@@ -800,7 +800,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
@@ -917,7 +917,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:

2
.github/workflows/generator-windows-x86.yml vendored
View File

@@ -81,7 +81,7 @@ jobs:
for attempt in range(5): for attempt in range(5):
try: try:
print(f"Downloading secrets (Attempt {attempt + 1})...") print(f"Downloading secrets (Attempt {attempt + 1})...")
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=30)
r.raise_for_status() r.raise_for_status()
break break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e: except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:

66
.github/workflows/generator-windows.yml vendored
View File

@@ -42,12 +42,18 @@ env:
jobs: jobs:
setup:
uses: ./.github/workflows/fetch-encrypted-secrets.yml
with:
zip_url_json: ${{ inputs.zip_url }}
generate-bridge: generate-bridge:
uses: ./.github/workflows/bridge.yml uses: ./.github/workflows/bridge.yml
with: with:
version: ${{ inputs.version }} version: ${{ inputs.version }}
build-RustDeskTempTopMostWindow: build-RustDeskTempTopMostWindow:
needs: setup
uses: ./.github/workflows/third-party-RustDeskTempTopMostWindow.yml uses: ./.github/workflows/third-party-RustDeskTempTopMostWindow.yml
with: with:
upload-artifact: true upload-artifact: true
@@ -61,7 +67,7 @@ jobs:
build-for-windows-flutter: build-for-windows-flutter:
name: Build Windows name: Build Windows
needs: [build-RustDeskTempTopMostWindow, generate-bridge] needs: [build-RustDeskTempTopMostWindow, generate-bridge, setup]
runs-on: ${{ matrix.job.os }} runs-on: ${{ matrix.job.os }}
strategy: strategy:
fail-fast: false fail-fast: false
@@ -77,48 +83,14 @@ jobs:
} }
# - { target: aarch64-pc-windows-msvc, os: windows-2022, arch: aarch64 } # - { target: aarch64-pc-windows-msvc, os: windows-2022, arch: aarch64 }
steps: steps:
- name: install python deps - uses: actions/download-artifact@v4
run: | with:
pip install requests pyzipper name: encrypted-secrets-zip
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
for attempt in range(5): - name: Load Secrets
try: uses: ./.github/actions/decrypt-secrets
print(f"Downloading secrets (Attempt {attempt + 1})...") with:
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) zip_password: ${{ secrets.ZIP_PASSWORD }}
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(30)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Finalize and Cleanup zip/json - name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail if: always() # Run even if previous steps fail
@@ -717,3 +689,13 @@ jobs:
method: 'POST' method: 'POST'
customHeaders: '{"Content-Type": "application/json"}' customHeaders: '{"Content-Type": "application/json"}'
data: '{"uuid": "${{ env.uuid }}", "status": "Generation cancelled, try again"}' data: '{"uuid": "${{ env.uuid }}", "status": "Generation cancelled, try again"}'
cleanup:
needs: [build-for-windows-flutter]
runs-on: ubuntu-latest
if: always()
steps:
- name: Delete secrets artifact
uses: geekyeggo/delete-artifact@v1
with:
name: encrypted-secrets-zip

48
.github/workflows/third-party-RustDeskTempTopMostWindow.yml vendored
View File

@@ -45,48 +45,14 @@ jobs:
run: | run: |
git clone https://github.com/rustdesk-org/RustDeskTempTopMostWindow RustDeskTempTopMostWindow git clone https://github.com/rustdesk-org/RustDeskTempTopMostWindow RustDeskTempTopMostWindow
- name: install python deps - uses: actions/download-artifact@v4
run: | with:
pip install requests pyzipper name: encrypted-secrets-zip
- name: Download, Decrypt, and Mask
shell: python
run: |
import requests
import pyzipper
import io
import os
import json
import time
for attempt in range(5): - name: Load Secrets
try: uses: ./.github/actions/decrypt-secrets
print(f"Downloading secrets (Attempt {attempt + 1})...") with:
r = requests.get('${{ fromJson(inputs.zip_url).url }}/get_zip?filename=${{ fromJson(inputs.zip_url).file }}', timeout=300) zip_password: ${{ secrets.ZIP_PASSWORD }}
r.raise_for_status()
break
except (requests.exceptions.RequestException, requests.exceptions.Timeout) as e:
if attempt < 4:
print(f"Timeout/Error occurred: {e}. Retrying in 5 seconds...")
time.sleep(5)
else:
print("Max retries reached. Failing.")
raise e
try:
with pyzipper.AESZipFile(io.BytesIO(r.content)) as zf:
zf.setpassword('${{ secrets.ZIP_PASSWORD }}'.encode())
with zf.open('secrets.json') as f:
secrets = json.load(f)
except Exception as e:
print(f"Error: Could not decrypt ZIP. Check if password matches. {e}")
exit(1)
with open(os.environ['GITHUB_ENV'], 'a') as env_file:
for key, value in secrets.items():
print(f"::add-mask::{value}")
env_file.write(f"{key}={value}\n")
print("Secrets loaded into environment.")
- name: Finalize and Cleanup zip/json - name: Finalize and Cleanup zip/json
if: always() # Run even if previous steps fail if: always() # Run even if previous steps fail