updating blobs #188
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: create-final-bosh-release | |
permissions: | |
contents: write # allow git push to repo and the GitHub release and its artefact | |
on: | |
workflow_dispatch: # to allow manual triggering to be able to create a release even on change on other paths | |
push: | |
branches: | |
- master | |
- release-* | |
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
# *: Matches zero or more characters, but does not match the / character. For example, Octo* matches Octocat. | |
# **: Matches zero or more of any character. | |
paths: # only trigger on bosh-relevant changes | |
- .final_builds/** | |
- config/** | |
- jobs/** | |
- releases/** | |
- vendir.yml | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
with: | |
fetch-depth: 0 | |
# TODO: add caching for cli downloads, see https://github.com/marketplace/actions/cache | |
- name: Install bosh-cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 | |
with: | |
repo: cloudfoundry/bosh-cli | |
tag: v7.5.6 | |
extension-matching: disable | |
chmod: 0755 | |
rename-to: bosh | |
# searching for bosh-cli-7.4.0-linux-amd64 with (linux|x86_64|x64|amd64).*(linux|x86_64|x64|amd64).*.(tar.gz|zip) | |
# bosh-cli-7.4.0-linux-amd64 | |
- name: Install vendir cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 | |
with: | |
repo: carvel-dev/vendir | |
tag: v0.40.1 | |
extension-matching: disable | |
chmod: 0755 | |
rename-to: vendir | |
- name: Install yq cli | |
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases | |
uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 | |
with: | |
repo: mikefarah/yq | |
tag: v4.43.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # reduce potential rate limiting | |
- name: vendor-add-blob | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }} | |
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }} | |
run: | | |
set -x # enable traces | |
#pwd | |
#find . | |
# configure git | |
git config --global user.name "workflows/k3s-boshrelease/create-final-bosh-release" | |
git config --global user.email "<>" | |
git config --global --add safe.directory /github/workspace | |
export VENDIR_GITHUB_API_TOKEN="${GITHUB_TOKEN}" | |
./vendor.sh | |
echo "State after vendir:" | |
tree -s src | |
git add vendir.lock | |
# FIXME: optimize for idempotency | |
./addblob.sh | |
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" | |
git add config/blobs.yml | |
git status | |
if git commit -a --dry-run 2>&1 >/dev/null;then | |
git commit -a -m "updating blobs" && \ | |
git push ${remote_repo} HEAD:${GITHUB_REF_NAME} | |
else | |
echo "Nothing to commit" | |
fi | |
echo "Resulting State:" | |
tree -s src | |
if [ -d blobs ];then # The blobs dir is only present when a blob is modified or has not yet been published. | |
tree -s blobs | |
fi | |
- name: Extract k9s version | |
id: extract_version | |
uses: orange-cloudfoundry/extract-vendir-version-action@4e0e9300b0a7fe81a02536f631073c2accab9680 # v0.2.0 | |
with: | |
library: "k3s-io/k3s" | |
- name: create bosh final release | |
id: create-bosh-release | |
uses: orange-cloudfoundry/create-bosh-release-action@916ad18a668fe168c7cd643a0f56e8e48623b3f6 # v1.0.3 | |
with: | |
target_branch: ${{github.ref_name}} | |
tag_name: ${{ steps.extract_version.outputs.version }} | |
override_existing: true # allow deletion of existing tags | |
force_version_consistency: true # to force tag_name without 'v' prefix | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }} | |
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }} | |
# see https://github.com/ncipollo/release-action | |
- name: create github release | |
id: create-github-release | |
if: ${{ steps.create-bosh-release.outputs.need_gh_release == 'true' }} | |
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
with: | |
tag: ${{ steps.create-bosh-release.outputs.version }} | |
draft: false | |
allowUpdates: true # > indicates if we should update a release if it already exists. | |
omitDraftDuringUpdate: true # > Indicates if the draft flag should be omitted during updates. The draft flag will still be applied for newly created releases. This will preserve the existing draft state during updates. | |
generateReleaseNotes: true | |
artifacts: ./${{ steps.create-bosh-release.outputs.file }} | |
artifactContentType: application/zip | |
removeArtifacts: true | |
artifactErrorsFailBuild: true | |