[gnome-build-meta/alatiera/push-master: 13/15] CI: only push from protected branches

[Jordan Petridis <jpetridis src gnome org>]

commit 9d2c03b8bc5c0daeb5407f64008fb843e4b2e0b8
Author: Jordan Petridis <jpetridis gnome org>
Date:   Sat Sep 15 14:06:23 2018 +0300

    CI: only push from protected branches
    
    This assumes that there will be no branch name collisions
    between protected branches.
    
    Close #60

 .gitlab-ci.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 687bb99..3ff07f6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,8 +61,7 @@ before_script:
           push: true
     EOF
 
-  # and ssh key for pushing to the flatpak repo
-  # FIXME: Protect the key
+  # add ssh key for pushing to the flatpak repo
   - |
     if [ -n "$GITLAB_SSH_KEY" ]; then
         mkdir -p ~/.ssh
@@ -105,10 +104,11 @@ before_script:
 
     - BRANCHES=$(find repo/refs/heads/ -type f | grep "${ARCH}/${FLATPAK_BRANCH}" | sed s,repo/refs/heads/,,)
 
-    # push the resulting runtimes to gbm.gnome.org
-    # FIXME: Only push from protected branches
+    # Push the resulting runtimes to gbm.gnome.org
+    # Assume there will be no branch name collisions,
+    # the ssh key is available only on protected branches
     - |
-      if [[ ${CI_COMMIT_REF_NAME} == "staging-3-30" ]]; then
+      if [ -n "$GITLAB_SSH_KEY" ]; then
         rsync -a repo/ gbm-builder.gnome.org:incoming/repo-${CI_JOB_ID}
         ssh gbm-builder.gnome.org flatpak-export/export-flatpak.sh incoming/repo-${CI_JOB_ID} ${BRANCHES}
         ssh gbm-builder.gnome.org rm -rf incoming/runtimes-${CI_JOB_ID}