From 258e1de18119be552ce06e774ec34bb27212db31 Mon Sep 17 00:00:00 2001
From: Dale Glass <dale@daleglass.net>
Date: Wed, 7 Jun 2023 23:48:46 +0200
Subject: [PATCH] Use non-secret environment variable for PR build crash
 reporting

---
 .github/workflows/linux_server_build.yml | 2 +-
 .github/workflows/pr_build.yml           | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/linux_server_build.yml b/.github/workflows/linux_server_build.yml
index 4aa5ce9d4c..7cac41f14b 100644
--- a/.github/workflows/linux_server_build.yml
+++ b/.github/workflows/linux_server_build.yml
@@ -19,7 +19,7 @@ env:
   UPLOAD_BUCKET: overte-public
   UPLOAD_REGION: fra1
   UPLOAD_ENDPOINT: "https://fra1.digitaloceanspaces.com"
-  CMAKE_BACKTRACE_URL: ${{ secrets.SENTRY_MINIDUMP_ENDPOINT }}
+  CMAKE_BACKTRACE_URL: ${{ secrets.SENTRY_MINIDUMP_ENDPOINT || vars.SENTRY_PR_MINIDUMP_ENDPOINT }}
   CMAKE_BACKTRACE_TOKEN: server_${{ github.event.number }}_${{ github.sha }}
 
 jobs:
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index 22c26754af..0229d475cb 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -21,7 +21,9 @@ env:
   RELEASE_NUMBER: ${{ github.event.number }}
   VERSION_CODE: ${{ github.event.number }}
   # Sentry Crash Reporting
-  CMAKE_BACKTRACE_URL: ${{ secrets.SENTRY_MINIDUMP_ENDPOINT }}
+  # We use a variable rather than a secret here -- this makes the URL more exposed, so there's some risk of somebody
+  # using it for no good. But then the secret can also be extracted from a binary.
+  CMAKE_BACKTRACE_URL: ${{ vars.SENTRY_PR_MINIDUMP_ENDPOINT }}
   CMAKE_BACKTRACE_TOKEN: PR_${{ github.event.number }}_${{ github.sha }}
 
   UPLOAD_BUCKET: overte-public