From 7e35165c01fa259113a1b641c3c5681b86579cfe Mon Sep 17 00:00:00 2001
From: Andreas Dangel <andreas.dangel@pmd-code.org>
Date: Fri, 13 Nov 2020 14:27:26 +0100
Subject: [PATCH] Externalize tokens for Danger, use correct base branch ref

---
 .ci/build.sh                           |   2 +-
 .ci/files/maven-settings.xml           |   2 +-
 .ci/files/{env.gpg => private-env.gpg} | Bin
 .ci/files/public-env.gpg               | Bin 0 -> 365 bytes
 .ci/inc/regression-tester.inc          |  20 ++++++++------------
 .ci/inc/setup-secrets.inc              |   4 ++--
 .github/workflows/pull-requests.yml    |   2 +-
 7 files changed, 13 insertions(+), 17 deletions(-)
 rename .ci/files/{env.gpg => private-env.gpg} (100%)
 create mode 100644 .ci/files/public-env.gpg

diff --git a/.ci/build.sh b/.ci/build.sh
index f7ced21cec..e4b8169a07 100755
--- a/.ci/build.sh
+++ b/.ci/build.sh
@@ -12,7 +12,7 @@ set -e
 #set -x
 
 function pmd_ci_build_main() {
-    pmd_ci_setup_env
+    pmd_ci_setup_private_env
     pmd_ci_setup_gpg_key
     pmd_ci_setup_ssh
 
diff --git a/.ci/files/maven-settings.xml b/.ci/files/maven-settings.xml
index 7e5fc8f539..a8d61b8f1a 100644
--- a/.ci/files/maven-settings.xml
+++ b/.ci/files/maven-settings.xml
@@ -12,7 +12,7 @@
   <servers>
     <server>
       <id>ossrh</id>
-      <username>${env.CI_DEPLY_USER}</username>
+      <username>${env.CI_DEPLOY_USER}</username>
       <password>${env.CI_DEPLOY_PASSWORD}</password>
     </server>
   </servers>
diff --git a/.ci/files/env.gpg b/.ci/files/private-env.gpg
similarity index 100%
rename from .ci/files/env.gpg
rename to .ci/files/private-env.gpg
diff --git a/.ci/files/public-env.gpg b/.ci/files/public-env.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..8cae0c6b6aeddac3ac14268b7bbecd73d3d891fa
GIT binary patch
literal 365
zcmV-z0h0cV4Fm}T0$RwwO_uU9D*w{Jn*sl}ZilHm;mEMu&J;4aJr)3JVp8_#Y*TcB
zI*hN)V3G7&xoKeR_&#mlga5+P_n{Q+Ykxp)QfLFRS!|3X({H|y2mu!FqK^mXVI3xJ
zZ3ORd4%kTq2Jz6fV{|yX&a>l!v;>IO=s>X-2D{Cy1|)95YFGO^(Q)pd-hzILUm;)?
zVK|~P0wC+?$wctbmD6bN_2Vu;w(7pk5g3oU&x58DIM>;ufwS*#7~ILRZS>;2+$hQ}
z{F+Odn%^!@_T5;3z_M{g!MV}^Sgl~&bR~38*)7C7oEu>Ml-VSQ{xJW=>_iw8{D%sm
zhTnBDWK7W9_^HVcFEWAe+|X6SM-ym5h<8?9RLu+bDxC0w`H?3Mn1m(ybrjjrw?eW8
zIOAB7ISoIGH!B`aNHD+tsW0BNq)%Dp9+^C8aD5#g0Gk72g6Nf5&LnYIe<<hV<OtQL
Ls|g+Of@dz}n4Y;*

literal 0
HcmV?d00001

diff --git a/.ci/inc/regression-tester.inc b/.ci/inc/regression-tester.inc
index 1cd532716a..cb854ab421 100644
--- a/.ci/inc/regression-tester.inc
+++ b/.ci/inc/regression-tester.inc
@@ -5,11 +5,19 @@
 # The functions here require the following environment variables:
 # PMD_SF_USER
 # PMD_CI_BRANCH
+#
+# DANGER_GITHUB_API_TOKEN
+# PMD_CI_CHUNK_TOKEN
 
 function regression_tester_setup_ci() {
     # install openjdk8 for pmd-regression-tests
     .ci/install-openjdk.sh 8
 
+    gpg --batch --yes --decrypt --passphrase="GnxdjywUEPveyCD1RLiTd7t8CImnefYr" \
+        --output .ci/files/public-env .ci/files/public-env.gpg
+    source .ci/files/public-env >/dev/null 2>&1
+    rm .ci/files/public-env
+
     if hash "bundler" 2>/dev/null; then
         log_debug "Bundler is already installed"
     else
@@ -17,11 +25,6 @@ function regression_tester_setup_ci() {
         gem install bundler
     fi
 
-    # Token for danger to add comments to PRs
-    export DANGER_GITHUB_API_TOKEN=f2f658fd5e72410e465104b65805dd7245479666
-    # Token for uploading reports to chunk.io
-    export PMD_CI_CHUNK_TOKEN="pmd:dMvJ1TH3oOl76QHf04EJ"
-
     rm -f .bundle/config
     bundle config set --local path vendor/bundle
     bundle config set --local with release_notes_preprocessing
@@ -38,9 +41,6 @@ function regression_tester_uploadBaseline() {
     log_debug "$FUNCNAME branch=${PMD_CI_BRANCH}"
     local targetUrl="https://sourceforge.net/projects/pmd/files/pmd-regression-tester/"
 
-    PMD_CI_BRANCH=${PMD_CI_BRANCH##refs/heads/}
-    log_debug "Using modified branch name: ${PMD_CI_BRANCH}"
-
     local errexitstate="$(shopt -po errexit)"
     set +e # disable errexit
     (
@@ -94,10 +94,6 @@ function regression_tester_executeDanger() {
         set -e
         trap danger_failed ERR
 
-        PMD_CI_BRANCH=${PMD_CI_BRANCH##refs/heads/}
-        export PMD_CI_BRANCH
-        log_debug "Using modified branch name: ${PMD_CI_BRANCH}"
-
         # Create a corresponding remote branch locally
         if ! git show-ref --verify --quiet refs/heads/${PMD_CI_BRANCH}; then
             git fetch --no-tags origin +refs/heads/${PMD_CI_BRANCH}:refs/remotes/origin/${PMD_CI_BRANCH}
diff --git a/.ci/inc/setup-secrets.inc b/.ci/inc/setup-secrets.inc
index 849e0f9acd..6cd3ba953b 100644
--- a/.ci/inc/setup-secrets.inc
+++ b/.ci/inc/setup-secrets.inc
@@ -1,6 +1,6 @@
-function pmd_ci_setup_env() {
+function pmd_ci_setup_private_env() {
     log_info "Setting up secrets as environment variables..."
-    local -r ENV_FILE=.ci/files/env
+    local -r ENV_FILE=.ci/files/private-env
 
     printenv PMD_CI_SECRET_PASSPHRASE | gpg --batch --yes --decrypt \
         --passphrase-fd 0 \
diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/pull-requests.yml
index 80fbad8ea6..2b73e3e647 100644
--- a/.github/workflows/pull-requests.yml
+++ b/.github/workflows/pull-requests.yml
@@ -34,5 +34,5 @@ jobs:
         shell: bash
         env:
           MAVEN_OPTS: -Dmaven.wagon.httpconnectionManager.ttlSeconds=180 -Dmaven.wagon.http.retryHandler.count=3
-          PMD_CI_BRANCH: ${{ github.ref }}
+          PMD_CI_BRANCH: ${{ github.event.base.ref }}
           PMD_CI_PULL_REQUEST_NUMBER: ${{ github.event.number }}