Created
January 13, 2021 17:19
-
-
Save mattvanstone/27e52c738dc595e318fafbbd5d56fcd2 to your computer and use it in GitHub Desktop.
CircleCI hack for scheduled workflows that fail with unauthorized status
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example hack for scheduled CircleCI workflows that fail with the status "unauthorized" when | |
# using a context is configured with any security group other than "all members" | |
# How to use: | |
# - Create a CircleCI token and add it to the project environment variables with the name CIRCLE_TOKEN | |
# - Create a context called "hello" and restrict the security to a specific group. Remove "all members" | |
# The trigger_job workflow will run daily as the CircleCI system to use your CIRCLE_TOKEN with the API | |
# to trigger the actual job you want to run. That job will then have access to the context because it | |
# was executed with your token. | |
version: 2.1 | |
executors: | |
default: | |
docker: | |
- image: cimg/base:2020.01 | |
parameters: | |
run_workflow_trigger: | |
description: An internal flag to conditionally run the triggered workflow | |
type: boolean | |
default: false | |
run_workflow_base: | |
description: An internal flag to conditionally run the base workflow | |
type: boolean | |
default: true | |
jobs: | |
hello-world: | |
executor: default | |
steps: | |
- run: | |
command: echo "Hello World" | |
scheduled-hello-world: | |
executor: default | |
steps: | |
- run: | |
command: echo "A Scheduled Hello World" | |
trigger-job: | |
description: Trigger a workflow using the CircleCI API to get around secured context issues | |
executor: default | |
steps: | |
- run: | |
name: Trigger Tests | |
command: | | |
curl --request POST \ | |
--url https://circleci.com/api/v2/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/pipeline \ | |
--header "Circle-Token: $CIRCLE_TOKEN" \ | |
--header 'content-type: application/json' \ | |
--data '{"branch":"'$CIRCLE_BRANCH'","parameters":{"run_workflow_trigger":true, "run_workflow_base":false}}' | |
workflows: | |
hello: | |
when: << pipeline.parameters.run_workflow_base >> | |
jobs: | |
- hello-world: | |
context: hello | |
scheduled: | |
when: << pipeline.parameters.run_workflow_trigger >> | |
jobs: | |
- scheduled-hello-world: | |
context: hello | |
trigger_job: | |
description: A scheduled workflow to run daily | |
triggers: | |
- schedule: | |
cron: "0 14 * * *" | |
filters: | |
branches: | |
only: | |
- master | |
jobs: | |
- trigger-job |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment