From 4b641b466d7e9b51b1eeabe4d8be50ae11db946d Mon Sep 17 00:00:00 2001
From: Mikolaj Gasior <mikolaj@gasior.dev>
Date: Thu, 8 Dec 2022 16:51:47 +0100
Subject: [PATCH 1/2] Add a condition for S3 steps to run only when AWS secrets
 are present

---
 .github/workflows/build-node-and-runtime.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build-node-and-runtime.yml b/.github/workflows/build-node-and-runtime.yml
index 3cfe155af0..5e7b49dab1 100644
--- a/.github/workflows/build-node-and-runtime.yml
+++ b/.github/workflows/build-node-and-runtime.yml
@@ -65,6 +65,7 @@ jobs:
           retention-days: 7
 
       - name: S3 CI | Configure AWS credentials
+        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
         uses: aws-actions/configure-aws-credentials@v1
         env:
           AWS_REGION: us-east-1
@@ -74,6 +75,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
 
       - name: S3 CI | Copy release binary to S3 bucket
+        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/production
@@ -85,6 +87,7 @@ jobs:
           aws s3 cp ${{ env.S3BUCKET_FILE }} ${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}
 
       - name: S3 CI | Copy release runtime to S3 bucket
+        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/production/wbuild/aleph-runtime
@@ -115,6 +118,7 @@ jobs:
           retention-days: 7
 
       - name: S3 CI | Copy test binary to S3 bucket
+        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/release
@@ -126,6 +130,7 @@ jobs:
           aws s3 cp ${{ env.S3BUCKET_FILE }} ${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}
 
       - name: S3 CI | Copy test runtime to S3 bucket
+        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/release/wbuild/aleph-runtime

From fa5215958ddcf68be9a910fc3001c9c603b1a989 Mon Sep 17 00:00:00 2001
From: Mikolaj Gasior <mikolaj@gasior.dev>
Date: Thu, 8 Dec 2022 17:03:38 +0100
Subject: [PATCH 2/2] Change calls to secrets var with env vars

---
 .github/workflows/build-node-and-runtime.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-node-and-runtime.yml b/.github/workflows/build-node-and-runtime.yml
index 5e7b49dab1..4c9d4597b1 100644
--- a/.github/workflows/build-node-and-runtime.yml
+++ b/.github/workflows/build-node-and-runtime.yml
@@ -18,6 +18,8 @@ jobs:
     runs-on: ubuntu-20.04
     env:
       RUST_BACKTRACE: full
+      SECRETS_AWS_MAINNET_ACCESS_KEY_ID: ${{ secrets.AWS_MAINNET_ACCESS_KEY_ID }}
+      SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY: ${{ secrets.AWS_MAINNET_SECRET_ACCESS_KEY }}
     steps:
       - name: Checkout source code
         uses: actions/checkout@v2
@@ -65,7 +67,7 @@ jobs:
           retention-days: 7
 
       - name: S3 CI | Configure AWS credentials
-        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
+        if: env.SECRETS_AWS_MAINNET_ACCESS_KEY_ID != '' && env.SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY != ''
         uses: aws-actions/configure-aws-credentials@v1
         env:
           AWS_REGION: us-east-1
@@ -75,7 +77,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
 
       - name: S3 CI | Copy release binary to S3 bucket
-        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
+        if: env.SECRETS_AWS_MAINNET_ACCESS_KEY_ID != '' && env.SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/production
@@ -87,7 +89,7 @@ jobs:
           aws s3 cp ${{ env.S3BUCKET_FILE }} ${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}
 
       - name: S3 CI | Copy release runtime to S3 bucket
-        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
+        if: env.SECRETS_AWS_MAINNET_ACCESS_KEY_ID != '' && env.SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/production/wbuild/aleph-runtime
@@ -118,7 +120,7 @@ jobs:
           retention-days: 7
 
       - name: S3 CI | Copy test binary to S3 bucket
-        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
+        if: env.SECRETS_AWS_MAINNET_ACCESS_KEY_ID != '' && env.SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/release
@@ -130,7 +132,7 @@ jobs:
           aws s3 cp ${{ env.S3BUCKET_FILE }} ${{ env.S3BUCKET_URL }}/${{ env.S3BUCKET_FILE }}
 
       - name: S3 CI | Copy test runtime to S3 bucket
-        if: secrets.AWS_MAINNET_ACCESS_KEY_ID != '' && secrets.AWS_MAINNET_SECRET_ACCESS_KEY != ''
+        if: env.SECRETS_AWS_MAINNET_ACCESS_KEY_ID != '' && env.SECRETS_AWS_MAINNET_SECRET_ACCESS_KEY != ''
         shell: bash
         env:
           BINARY_DIR: target/release/wbuild/aleph-runtime