forked from orange-cloudfoundry/k3s-boshrelease
-
Notifications
You must be signed in to change notification settings - Fork 1
205 lines (179 loc) · 8.97 KB
/
create-final-bosh-release-on-commits.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
name: create-final-bosh-release
on:
push:
branches:
- master
- release-*
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
# *: Matches zero or more characters, but does not match the / character. For example, Octo* matches Octocat.
# **: Matches zero or more of any character.
paths: # only trigger on bosh-relevant changes
- .final_builds/**
- config/**
- jobs/**
- releases/**
- vendir.yml
- .github/workflows/create-final-bosh-release-on-commits.yml
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# TODO: add caching for cli downloads, see https://github.com/marketplace/actions/cache
- name: Install bosh-cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: cloudfoundry/bosh-cli
tag: v7.4.0
extension-matching: disable
chmod: 0755
rename-to: bosh
# searching for bosh-cli-7.4.0-linux-amd64 with (linux|x86_64|x64|amd64).*(linux|x86_64|x64|amd64).*.(tar.gz|zip)
# bosh-cli-7.4.0-linux-amd64
- name: Install vendir cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: carvel-dev/vendir
tag: v0.34.6
extension-matching: disable
chmod: 0755
rename-to: vendir
- name: Install yq cli
#See https://github.com/marketplace/actions/install-a-binary-from-github-releases
uses: jaxxstorm/[email protected]
with:
repo: mikefarah/yq
tag: v4.34.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # reduce potential rate limiting
- name: vendor-add-blob
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }}
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }}
run: |
set -x # enable traces
#pwd
#find .
# configure git
git config --global user.name "workflows/k3s-boshrelease/create-final-bosh-release"
git config --global user.email "<>"
git config --global --add safe.directory /github/workspace
export VENDIR_GITHUB_API_TOKEN="${GITHUB_TOKEN}"
./vendor.sh
echo "State after vendir:"
tree -s src
git add vendir.lock
# FIXME: optimize for idempotency
./addblob.sh
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
git add config/blobs.yml
git status
if git commit -a --dry-run 2>&1 >/dev/null;then
git commit -a -m "updating blobs" && \
git push ${remote_repo} HEAD:${GITHUB_REF_NAME}
else
echo "Nothing to commit"
fi
echo "Resulting State:"
tree -s src
if [ -d blobs ];then # The blobs dir is only present when a blob is modified or has not yet been published.
tree -s blobs
fi
- name: create bosh final release
id: create-bosh-release
env:
INPUT_TARGET_BRANCH: ${{github.ref_name}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_BOSH_ACCES_KEY_ID: ${{ secrets.AWS_BOSH_ACCES_KEY_ID }}
AWS_BOSH_SECRET_ACCES_KEY: ${{ secrets.AWS_BOSH_SECRET_ACCES_KEY }}
run: |
set -x # enable traces
# extract info from vendir
version=$(yq -r '.directories[0].contents[] | select (.path=="k3s-io/k3s") | .githubRelease.tag ' ./vendir.yml)
version=${version#v}
release=true
name=$(yq -r .final_name config/final.yml)
if [ "${name}" = "null" ]; then
name=$(yq -r .name config/final.yml)
fi
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
# configure git
git config --global user.name "workflows/k3s-boshrelease/create-final-bosh-release"
git config --global user.email "<>"
git config --global --add safe.directory /github/workspace
# if [ ! -z "${INPUT_BUNDLE}" ] && [ "${INPUT_BUNDLE}" != "false" ]; then
# echo "installing bundle: ${INPUT_BUNDLE}"
# apk add ruby
# gem install bundler -v "${INPUT_BUNDLE}"
# fi
# remove existing release if any, and prepare a commit that will be amended next
# Having a single amended commit makes it easier to inspect last commit
# See https://superuser.com/a/360986/299481 for details of the bash array syntax
NEXT_GIT_COMMIT_FLAGS=(-m "cutting release ${version}")
if [ -f releases/${name}/${name}-${version}.yml ]; then
echo "removing pre-existing version ${version}"
yq -r "{ \"builds\": (.builds | with_entries(select(.value.version != \"${version}\"))), \"format-version\": .[\"format-version\"]}" < releases/${name}/index.yml > tmp
mv tmp releases/${name}/index.yml
rm -f releases/${name}/${name}-${version}.yml
git add releases/${name}/${name}-${version}.yml releases/${name}/index.yml
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}"
NEXT_GIT_COMMIT_FLAGS=(--amend -m "cutting release ${version} overriding existing one")
fi
echo "Current AWS config"
# This might be required to download the blobs during the final release of the S3 bucket does not grant permission to anonymous users
ls -al config/private.yml
echo "creating bosh release: ${name}-${version}.tgz"
bosh create-release --final --version=${version} --tarball=${name}-${version}.tgz
git add .final_builds
git add releases/${name}/index.yml
RELEASE_FILE_NAME=releases/${name}/${name}-${version}.yml
git add ${RELEASE_FILE_NAME}
# Note: if we had removed the previous release, then we amend the commit.
git commit -a "${NEXT_GIT_COMMIT_FLAGS[@]}"
echo "Inspecting staged files to skip commit and push if there is no blob changes in the release"
git show HEAD ${RELEASE_FILE_NAME}
if ! git show HEAD ${RELEASE_FILE_NAME} | grep sha1 ; then
echo "No sha1 found in diff in ${RELEASE_FILE_NAME}. No blob were modified. Skipping the git push"
ls -al ${RELEASE_FILE_NAME}
cat ${RELEASE_FILE_NAME}
NEED_GITHUB_RELEASE="false"
else
echo "pushing changes to git repository"
# Override any existing tag with same version. This may happen if only part of the renovate PRs were merged
git tag -a -m "cutting release ${version}" ${version} -f
# In case a renovate PR was merged in between, try to rebase prior to pushing
git pull --rebase
git push ${remote_repo} HEAD:${INPUT_TARGET_BRANCH}
# Delete any existing release with same tag. Ignore push failure if no tag exists.
! git push --delete ${remote_repo} ${version}
# Push the tag
git push ${remote_repo} ${version} --force
NEED_GITHUB_RELEASE="true"
fi
# make asset readable outside docker image
chmod 644 ${name}-${version}.tgz
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
echo "file=${name}-${version}.tgz" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
echo "need_gh_release=${NEED_GITHUB_RELEASE}" >> $GITHUB_OUTPUT
# see https://github.com/ncipollo/release-action
- name: create github release
id: create-github-release
if: {{ steps.create-bosh-release.outputs.need_gh_release == 'true' }}
uses: ncipollo/[email protected]
with:
tag: ${{ steps.create-bosh-release.outputs.version }}
draft: false
allowUpdates: true # > indicates if we should update a release if it already exists.
omitDraftDuringUpdate: true # > Indicates if the draft flag should be omitted during updates. The draft flag will still be applied for newly created releases. This will preserve the existing draft state during updates.
generateReleaseNotes: true
artifacts: ./${{ steps.create-bosh-release.outputs.file }}
artifactContentType: application/zip
removeArtifacts: true
artifactErrorsFailBuild: true