Update dependency k3s-io/k3s to v1.28.5+k3s1 #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: create-final-bosh-release | |
on: | |
push: | |
branches: | |
- master | |
- release-* | |
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
# *: Matches zero or more characters, but does not match the / character. For example, Octo* matches Octocat. | |
# **: Matches zero or more of any character. | |
paths: # only trigger on bosh-relevant changes | |
- .final_builds/** | |
- config/** | |
- jobs/** | |
- releases/** | |
- vendir.yml | |
- .github/workflows/create-final-bosh-release-on-commits.yml | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# TODO: add caching for cli downloads, see https://github.com/marketplace/actions/cache | |
- name: Install bosh-cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: cloudfoundry/bosh-cli | |
tag: v7.4.0 | |
extension-matching: disable | |
chmod: 0755 | |
rename-to: bosh | |
# searching for bosh-cli-7.4.0-linux-amd64 with (linux|x86_64|x64|amd64).*(linux|x86_64|x64|amd64).*.(tar.gz|zip) | |
# bosh-cli-7.4.0-linux-amd64 | |
- name: Install vendir cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: carvel-dev/vendir | |
tag: v0.34.6 | |
extension-matching: disable | |
chmod: 0755 | |
rename-to: vendir | |
- name: Install yq cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/[email protected] | |
with: | |
repo: mikefarah/yq | |
tag: v4.34.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # reduce potential rate limiting | |
- name: vendor-add-blob | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }} | |
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }} | |
run: | | |
set -x # enable traces | |
#pwd | |
#find . | |
# configure git | |
git config --global user.name "actions/k3s-boshrelease" | |
git config --global user.email "<>" | |
git config --global --add safe.directory /github/workspace | |
export VENDIR_GITHUB_API_TOKEN="${GITHUB_TOKEN}" | |
./vendor.sh | |
echo "State after vendir:" | |
tree -s src | |
git add vendir.lock | |
# FIXME: optimize for idempotency | |
./addblob.sh | |
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" | |
git add config/blobs.yml | |
git status | |
if git commit -a --dry-run 2>&1 >/dev/null;then | |
git commit -a -m "updating blobs" && \ | |
git push ${remote_repo} HEAD:${GITHUB_REF_NAME} | |
else | |
echo "Nothing to commit" | |
fi | |
echo "Resulting State:" | |
tree -s src | |
if [ -d blobs ];then # The blobs dir is only present when a blob is modified or has not yet been published. | |
tree -s blobs | |
fi | |
- name: create bosh final release | |
id: create-bosh-release | |
env: | |
INPUT_TARGET_BRANCH: ${{github.ref_name}} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }} | |
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }} | |
run: | | |
set -x # enable traces | |
# extract info from vendir | |
version=$(yq -r '.directories[0].contents[] | select (.path=="k3s-io/k3s") | .githubRelease.tag ' ./vendir.yml) | |
version=${version#v} | |
release=true | |
name=$(yq -r .final_name config/final.yml) | |
if [ "${name}" = "null" ]; then | |
name=$(yq -r .name config/final.yml) | |
fi | |
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" | |
# configure git | |
git config --global user.name "actions/bosh-releaser@v2" | |
git config --global user.email "<>" | |
git config --global --add safe.directory /github/workspace | |
# if [ ! -z "${INPUT_BUNDLE}" ] && [ "${INPUT_BUNDLE}" != "false" ]; then | |
# echo "installing bundle: ${INPUT_BUNDLE}" | |
# apk add ruby | |
# gem install bundler -v "${INPUT_BUNDLE}" | |
# fi | |
# remove existing release if any, and prepare a commit that will be amended next | |
# Having a single amended commit makes it easier to inspect last commit | |
# See https://superuser.com/a/360986/299481 for details of the bash array syntax | |
NEXT_GIT_COMMIT_FLAGS=(-m "cutting release ${version}") | |
if [ -f releases/${name}/${name}-${version}.yml ]; then | |
echo "removing pre-existing version ${version}" | |
yq -r "{ \"builds\": (.builds | with_entries(select(.value.version != \"${version}\"))), \"format-version\": .[\"format-version\"]}" < releases/${name}/index.yml > tmp | |
mv tmp releases/${name}/index.yml | |
rm -f releases/${name}/${name}-${version}.yml | |
git add releases/${name}/${name}-${version}.yml releases/${name}/index.yml | |
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}" | |
NEXT_GIT_COMMIT_FLAGS=(--amend -m "cutting release ${version} overriding existing one") | |
fi | |
echo "Current AWS config" | |
# This might be required to download the blobs during the final release of the S3 bucket does not grant permission to anonymous users | |
ls -al config/private.yml | |
echo "creating bosh release: ${name}-${version}.tgz" | |
bosh create-release --final --version=${version} --tarball=${name}-${version}.tgz | |
git add .final_builds | |
git add releases/${name}/index.yml | |
RELEASE_FILE_NAME=releases/${name}/${name}-${version}.yml | |
git add ${RELEASE_FILE_NAME} | |
# Note: if we had removed the previous release, then we amend the commit. | |
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}" | |
echo "Inspecting staged files to skip commit and push if there is no blob changes in the release" | |
git show HEAD ${RELEASE_FILE_NAME} | |
if ! git show HEAD ${RELEASE_FILE_NAME} | grep sha1 ; then | |
echo "No sha1 found in diff in ${RELEASE_FILE_NAME}. No blob were modified. Skipping the git push" | |
ls -al ${RELEASE_FILE_NAME} | |
cat ${RELEASE_FILE_NAME} | |
else | |
echo "pushing changes to git repository" | |
# Override any existing tag with same version. This may happen if only part of the renovate PRs were merged | |
git tag -a -m "cutting release ${version}" ${version} -f | |
# In case a renovate PR was merged in between, try to rebase prior to pushing | |
git pull --rebase | |
git push ${remote_repo} HEAD:${INPUT_TARGET_BRANCH} | |
# Delete any existing release with same tag. Ignore push failure if no tag exists. | |
! git push --delete ${remote_repo} ${version} | |
# Push the tag | |
git push ${remote_repo} ${version} --force | |
fi | |
# make asset readable outside docker image | |
chmod 644 ${name}-${version}.tgz | |
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files | |
echo "file=${name}-${version}.tgz" >> $GITHUB_OUTPUT | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
# see https://github.com/ncipollo/release-action | |
- name: create github release | |
id: create-github-release | |
uses: ncipollo/[email protected] | |
with: | |
tag: ${{ steps.create-bosh-release.outputs.version }} | |
draft: false | |
allowUpdates: true # > indicates if we should update a release if it already exists. | |
omitDraftDuringUpdate: true # > Indicates if the draft flag should be omitted during updates. The draft flag will still be applied for newly created releases. This will preserve the existing draft state during updates. | |
generateReleaseNotes: true | |
artifacts: ./${{ steps.create-bosh-release.outputs.file }} | |
artifactContentType: application/zip | |
removeArtifacts: true | |
artifactErrorsFailBuild: true | |