Check repo visibility before uploading report

Currently, after the GitHub Action runs CBMC proofs, the proof reports are compressed and uploaded to GitHub storage for users to download and view. This commit turns this functionality off if the repository is private, i.e. it cannot be reached over the public internet. This fixes #192.
model-checking · Feb 14, 2023 · e72da60 · e72da60
1 parent c3e266b
commit e72da60
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml b/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml
@@ -156,13 +156,18 @@ jobs:
  EXTERNAL_SAT_SOLVER: kissat
  working-directory: ${{ env.PROOFS_DIR }}
  run: ${{ env.RUN_CBMC_PROOFS_COMMAND }}
+ - name: Check repository visibility
+ shell: bash
+ run: |
+ VIZ="${{ fromJson(toJson(github.event.repository)).visibility }}";
+ echo "REPO_VISIBILITY=${VIZ}" | tee -a "${GITHUB_ENV}";
  - name: Set name for zip artifact with CBMC proof results
  id: artifact
- if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+ if: ${{ env.REPO_VISIBILITY == 'public' }}
  run: |
  echo "name=cbmc_proof_results_${{ fromJson(toJson(github.event.repository)).name }}_$(date +%Y_%m_%d_%H_%M_%S)" >> $GITHUB_OUTPUT
  - name: Create zip artifact with CBMC proof results
- if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+ if: ${{ env.REPO_VISIBILITY == 'public' }}
  shell: bash
  run: |
  FINAL_REPORT_DIR=$PROOFS_DIR/output/latest/html
@@ -171,7 +176,7 @@ jobs:
  && popd \
  && mv $FINAL_REPORT_DIR/${{ steps.artifact.outputs.name }}.zip .
  - name: Upload zip artifact of CBMC proof results to GitHub Actions
- if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+ if: ${{ env.REPO_VISIBILITY == 'public' }}
  uses: actions/upload-artifact@v3
  with:
  name: ${{ steps.artifact.outputs.name }}