-
Notifications
You must be signed in to change notification settings - Fork 133
162 lines (156 loc) · 6.09 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Create a new release
env:
cinc_workstation_version: 23
cookbook_name: os-hardening
on:
workflow_dispatch:
inputs:
version:
description: 'Version number (e.g. 1.2.3)'
required: true
version_confirm:
description: 'Version confirmation (just repeat the version)'
required: true
jobs:
version-info:
runs-on: ubuntu-latest
outputs:
last_tag: ${{ steps.last_tag.outputs.tag }}
new_tag: ${{ steps.new_tag.outputs.tag }}
steps:
- name: check the new tag data
run: |
if [ "${{ github.event.inputs.version }}" != "${{ github.event.inputs.version_confirm }}" ]; then
echo "Version and it's confirmation don't match (${{ github.event.inputs.version }} vs ${{ github.event.inputs.version_confirm }})";
exit 1;
fi
if [[ ! "${{ github.event.inputs.version }}" =~ ^[0-9]*\.[0-9]*\.[0-9]*$ ]]; then
echo "Given version ${{ github.event.inputs.version }} doesn't match the versioning scheme 1.2.3";
exit 1;
fi
- name: get the new tag
id: new_tag
run: echo "tag=v${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: get last tag information
id: last_tag
run: echo "tag=$(git describe --tags $(git rev-list --tags --max-count=1 ))" >> $GITHUB_OUTPUT
generate-changelog:
runs-on: ubuntu-latest
needs: version-info
outputs:
release_changelog: ${{ steps.release_changelog.outputs.content }}
permissions:
issues: read
pull-requests: read
contents: read
steps:
- name: Generate full changelog for repository
uses: charmixer/auto-changelog-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
future_release: ${{ needs.version-info.outputs.new_tag }}
exclude_labels: duplicate,question,invalid,wontfix,release
- uses: actions/upload-artifact@v4
with:
name: CHANGELOG.md
path: CHANGELOG.md
- name: Generate changelog with release information only
uses: charmixer/auto-changelog-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
future_release: ${{ needs.version-info.outputs.new_tag }}
exclude_labels: duplicate,question,invalid,wontfix,release
since_tag: ${{ needs.version-info.outputs.last_tag }}
output: 'CHANGELOGRELEASE.md'
- name: Read the release changelog
id: release_changelog
run: |
OUTPUT="$(cat CHANGELOGRELEASE.md)"
# https://github.com/orgs/community/discussions/26288#discussioncomment-3876281
delimiter="$(openssl rand -hex 8)"
echo "content<<${delimiter}" >> "$GITHUB_OUTPUT"
echo "$OUTPUT" >> $GITHUB_OUTPUT
echo "${delimiter}" >> "$GITHUB_OUTPUT"
release-pull-request:
runs-on: ubuntu-latest
needs:
- generate-changelog
- version-info
permissions:
contents: write
env:
GITHUB_TOKEN: ${{ secrets.BOT_PAT }}
steps:
- name: Check out code
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: CHANGELOG.md
- name: Update metadata with new version
run: |
sed -i "s/^version '.*'$/version '${{ github.event.inputs.version }}'/" metadata.rb
- name: Commit changelog and metadata and push it
id: commit-and-push
run: |
git checkout -b release/${{ needs.version-info.outputs.new_tag }}
git config user.name "GitHub Actions"
git config user.email [email protected]
git add CHANGELOG.md metadata.rb
git commit -m 'Version update ${{ needs.version-info.outputs.new_tag }}' -s
echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
git push origin release/${{ needs.version-info.outputs.new_tag }}
git tag ${{ needs.version-info.outputs.new_tag }}
git push origin ${{ needs.version-info.outputs.new_tag }}
- name: create pull request and auto merge it
env:
GH_TOKEN: ${{ secrets.BOT_PAT }}
run: |
url=$(gh pr create -b "${{ needs.generate-changelog.outputs.release_changelog }}" -t "Release ${{ needs.version-info.outputs.new_tag }}" -l release | grep -F 'https://github.com' )
gh pr merge $url --auto -m
- name: create a new release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.version-info.outputs.new_tag }}
body: ${{ needs.generate-changelog.outputs.release_changelog }}
target_commitish: ${{ steps.commit-and-push.outputs.commit }}
supermarket-upload:
runs-on: ubuntu-latest
needs:
- version-info
- release-pull-request
steps:
- uses: actions/cache@v3
with:
path: |
.cache
key: ${{ runner.os }}-${{ env.cinc_workstation_version }}
- name: setup environment
run: |
mkdir -p .cache
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }}
- name: setup knife environment
run: |
mkdir -p .cinc cookbooks
cat > .cinc/config.rb <<EOF
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "${{ secrets.SUPERMARKET_LOGIN }}"
client_key "#{current_dir}/key.pem"
chef_server_url "https://api.chef.io/organizations/${{ secrets.SUPERMARKET_LOGIN }}"
cookbook_path ["#{current_dir}/../cookbooks"]
EOF
cat > .cinc/key.pem <<EOF
${{ secrets.SUPERMARKET_KEY }}
EOF
- name: checkout cookbook
uses: actions/checkout@v4
with:
path: cookbooks/${{ env.cookbook_name }}
ref: ${{ needs.version-info.outputs.new_tag }}
- name: upload to the supermarket
run: |
knife supermarket share ${{ env.cookbook_name }}