From 62631d77851350e5c352699e5c62c7d72f57b86f Mon Sep 17 00:00:00 2001 From: Zefek Date: Sun, 3 May 2026 15:21:13 +0200 Subject: [PATCH 1/3] Konfigurace a secret --- .github/workflows/build_environment.yml | 47 +++++++++++++++++++++--- .github/workflows/pull_request_build.yml | 1 + HeatingTemperatureRegulator.ino | 1 + config_default.h | 8 ---- secret_default.h | 5 +++ 5 files changed, 48 insertions(+), 14 deletions(-) create mode 100644 secret_default.h diff --git a/.github/workflows/build_environment.yml b/.github/workflows/build_environment.yml index 413e6ec..b96dc05 100644 --- a/.github/workflows/build_environment.yml +++ b/.github/workflows/build_environment.yml @@ -35,14 +35,49 @@ jobs: & "$Env:RUNNER_TOOL_CACHE\arduino-cli\arduino-cli.exe" --config-file "$Env:RUNNER_TOOL_CACHE\arduino-cli\config.yaml" lib install "TX07K-TXC@1.0.4" & "$Env:RUNNER_TOOL_CACHE\arduino-cli\arduino-cli.exe" --config-file "$Env:RUNNER_TOOL_CACHE\arduino-cli\config.yaml" lib install "MQTTESP8266@5.1.2" - - name: Set configs (Windows) + - name: Generate configs from secrets repo shell: powershell - run: | - $env:CONFIG_H | Out-File -Encoding ascii config.h - $env:SENSORSCONFIG_H | Out-File -Encoding ascii sensorsconfig.h env: - CONFIG_H: ${{ secrets.CONFIG_H }} - SENSORSCONFIG_H: ${{ secrets.SENSORSCONFIG_H }} + SECRETS_SHARE_PATH: ${{ secrets.SECRETS_SHARE_PATH }} + SECRETS_SHARE_USER: ${{ secrets.SECRETS_SHARE_USER }} + SECRETS_SHARE_PASS: ${{ secrets.SECRETS_SHARE_PASS }} + SECRETS_REPO_NAME: ${{ secrets.SECRETS_REPO_NAME }} + DEVICE_NAME: HeaterTemperatureRegulator + run: | + $ErrorActionPreference = 'Stop' + $secretsDir = Join-Path $env:RUNNER_TEMP 'secrets' + $mounted = $false + + try { + # Mount SMB share with read-only credentials + & net.exe use 'Z:' $env:SECRETS_SHARE_PATH /user:$env:SECRETS_SHARE_USER $env:SECRETS_SHARE_PASS | Out-Null + if ($LASTEXITCODE -ne 0) { throw "Failed to mount SMB share (exit $LASTEXITCODE)" } + $mounted = $true + + # Clone Configuration repo from the share + if (Test-Path $secretsDir) { Remove-Item $secretsDir -Recurse -Force } + $repoSource = if ($env:SECRETS_REPO_NAME) { "Z:\$env:SECRETS_REPO_NAME" } else { 'Z:\' } + git clone --depth=1 $repoSource $secretsDir + if ($LASTEXITCODE -ne 0) { throw "git clone failed (exit $LASTEXITCODE)" } + + # Run per-device deploy script + $deployScript = Join-Path $secretsDir "$env:DEVICE_NAME\deploy.ps1" + if (-not (Test-Path $deployScript)) { throw "deploy.ps1 not found at $deployScript" } + + & $deployScript -OutputDir $env:GITHUB_WORKSPACE + if ($LASTEXITCODE -ne 0) { throw "deploy.ps1 failed (exit $LASTEXITCODE)" } + } + finally { + # Always clean up - whether the try block succeeded, threw, or was interrupted + if (Test-Path $secretsDir) { + Remove-Item $secretsDir -Recurse -Force -ErrorAction SilentlyContinue + } + if ($mounted) { + & net.exe use 'Z:' /delete /yes | Out-Null + } + # cleanup is best-effort; do not fail the step on a stale exit code + $global:LASTEXITCODE = 0 + } - name: Compile Arduino project run: | diff --git a/.github/workflows/pull_request_build.yml b/.github/workflows/pull_request_build.yml index 677c677..56f4314 100644 --- a/.github/workflows/pull_request_build.yml +++ b/.github/workflows/pull_request_build.yml @@ -40,6 +40,7 @@ jobs: run: | cp config_default.h config.h cp sensorsconfig_default.h sensorsconfig.h + cp secret_default.h secret.h - name: Static analysis run: | diff --git a/HeatingTemperatureRegulator.ino b/HeatingTemperatureRegulator.ino index 0389e21..14919d8 100644 --- a/HeatingTemperatureRegulator.ino +++ b/HeatingTemperatureRegulator.ino @@ -3,6 +3,7 @@ #include "display.h" #include #include "config.h" +#include "secret.h" #include #include "TemperatureSensors.h" #include "BelWattmeter.h" diff --git a/config_default.h b/config_default.h index 556fd00..b262fbc 100644 --- a/config_default.h +++ b/config_default.h @@ -1,11 +1,3 @@ -#define WifiSSID "WifiSSID" -#define WifiPassword "WifiPassword" -#define MQTTUsername "MQTTUserName" - -#define MQTTPassword "MQTTPassword" - -#define MQTTHost "MQTTHost" - #define TOPIC_THERMOSTAT "TOPIC_THERMOSTAT" #define TOPIC_MODE "TOPIC_MODE" #define TOPIC_HEATERSELECTOR "TOPIC_HEATERSELECTOR" diff --git a/secret_default.h b/secret_default.h new file mode 100644 index 0000000..6b68a3b --- /dev/null +++ b/secret_default.h @@ -0,0 +1,5 @@ +#define WifiSSID "WifiSSID" +#define WifiPassword "WifiPassword" +#define MQTTUsername "MQTTUserName" +#define MQTTPassword "MQTTPassword" +#define MQTTHost "MQTTHost" \ No newline at end of file From eda2fd4388796c80d40782d9d83828238a5294dd Mon Sep 17 00:00:00 2001 From: Zefek Date: Sun, 3 May 2026 15:53:59 +0200 Subject: [PATCH 2/3] =?UTF-8?q?Zat=C3=ADm=20nemazat?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build_environment.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/build_environment.yml b/.github/workflows/build_environment.yml index b96dc05..8ea45ac 100644 --- a/.github/workflows/build_environment.yml +++ b/.github/workflows/build_environment.yml @@ -68,15 +68,7 @@ jobs: if ($LASTEXITCODE -ne 0) { throw "deploy.ps1 failed (exit $LASTEXITCODE)" } } finally { - # Always clean up - whether the try block succeeded, threw, or was interrupted - if (Test-Path $secretsDir) { - Remove-Item $secretsDir -Recurse -Force -ErrorAction SilentlyContinue - } - if ($mounted) { - & net.exe use 'Z:' /delete /yes | Out-Null - } - # cleanup is best-effort; do not fail the step on a stale exit code - $global:LASTEXITCODE = 0 + } - name: Compile Arduino project From d842ac1621d90076c8cb09d4245e2515d2d46229 Mon Sep 17 00:00:00 2001 From: Zefek Date: Sun, 3 May 2026 19:07:35 +0200 Subject: [PATCH 3/3] clean --- .github/workflows/build_environment.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_environment.yml b/.github/workflows/build_environment.yml index 8ea45ac..b96dc05 100644 --- a/.github/workflows/build_environment.yml +++ b/.github/workflows/build_environment.yml @@ -68,7 +68,15 @@ jobs: if ($LASTEXITCODE -ne 0) { throw "deploy.ps1 failed (exit $LASTEXITCODE)" } } finally { - + # Always clean up - whether the try block succeeded, threw, or was interrupted + if (Test-Path $secretsDir) { + Remove-Item $secretsDir -Recurse -Force -ErrorAction SilentlyContinue + } + if ($mounted) { + & net.exe use 'Z:' /delete /yes | Out-Null + } + # cleanup is best-effort; do not fail the step on a stale exit code + $global:LASTEXITCODE = 0 } - name: Compile Arduino project