From e72da60585bf87b7cf66ce38e58d172557449c4f Mon Sep 17 00:00:00 2001
From: Kareem Khazem <karkhaz@amazon.com>
Date: Mon, 13 Feb 2023 17:33:36 +0000
Subject: [PATCH] Check repo visibility before uploading report

Currently, after the GitHub Action runs CBMC proofs, the proof reports
are compressed and uploaded to GitHub storage for users to download and
view. This commit turns this functionality off if the repository is
private, i.e. it cannot be reached over the public internet.

This fixes #192.
---
 .../template-for-ci-workflow/proof_ci.yaml            | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml b/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml
index 7324a58..edbcad6 100644
--- a/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml
+++ b/src/cbmc_starter_kit/template-for-ci-workflow/proof_ci.yaml
@@ -156,13 +156,18 @@ jobs:
           EXTERNAL_SAT_SOLVER: kissat
         working-directory: ${{ env.PROOFS_DIR }}
         run: ${{ env.RUN_CBMC_PROOFS_COMMAND }}
+      - name: Check repository visibility
+        shell: bash
+        run: |
+          VIZ="${{ fromJson(toJson(github.event.repository)).visibility }}";
+          echo "REPO_VISIBILITY=${VIZ}" | tee -a "${GITHUB_ENV}";
       - name: Set name for zip artifact with CBMC proof results
         id: artifact
-        if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+        if: ${{ env.REPO_VISIBILITY == 'public' }}
         run: |
           echo "name=cbmc_proof_results_${{ fromJson(toJson(github.event.repository)).name }}_$(date +%Y_%m_%d_%H_%M_%S)" >> $GITHUB_OUTPUT
       - name: Create zip artifact with CBMC proof results
-        if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+        if: ${{ env.REPO_VISIBILITY == 'public' }}
         shell: bash
         run: |
           FINAL_REPORT_DIR=$PROOFS_DIR/output/latest/html
@@ -171,7 +176,7 @@ jobs:
             && popd \
             && mv $FINAL_REPORT_DIR/${{ steps.artifact.outputs.name }}.zip .
       - name: Upload zip artifact of CBMC proof results to GitHub Actions
-        if: ${{ env.AWS_CLOUDFRONT_DOMAIN == '' }}
+        if: ${{ env.REPO_VISIBILITY == 'public' }}
         uses: actions/upload-artifact@v3
         with:
           name: ${{ steps.artifact.outputs.name }}