-
Notifications
You must be signed in to change notification settings - Fork 63
97 lines (86 loc) · 3.23 KB
/
release-charts.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Bump webhook in rancher/charts
on:
workflow_dispatch:
inputs:
charts_ref:
description: "Submit PR against the following rancher/charts branch (eg: dev-v2.10)"
required: true
default: "dev-v2.11"
prev_webhook:
description: "Previous Webhook version (eg: v0.5.0-rc.13)"
required: true
default: ""
new_webhook:
description: "New Webhook version (eg: v0.5.0-rc.14)"
required: true
default: ""
env:
CHARTS_REF: ${{ github.event.inputs.charts_ref }}
WEBHOOK_REF: "${{ github.ref_name }}"
PREV_WEBHOOK: ${{ github.event.inputs.prev_webhook }}
NEW_WEBHOOK: ${{ github.event.inputs.new_webhook }}
jobs:
create-charts-pr:
runs-on: ubuntu-latest
permissions:
contents: read
# Required for vault
id-token: write
steps:
- uses: actions/checkout@v4
with:
ref: "${{ env.WEBHOOK_REF }}"
path: webhook
- uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
# Fetch github token just for the charts repository
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ env.APP_ID }}
private-key: ${{ env.PRIVATE_KEY }}
repositories: |
charts
- name: Checkout charts repository
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/charts
ref: "${{ env.CHARTS_REF }}"
token: ${{ steps.app-token.outputs.token }}
path: charts
# Allow making git push request later on
persist-credentials: true
- name: Configure the committer
run: |
cd charts
user_id=$(gh api "/users/$APP_USER" --jq .id)
git config --global user.name "$APP_USER"
git config --global user.email "${user_id}+${APP_USER}@users.noreply.github.com"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
APP_USER: "${{ steps.app-token.outputs.app-slug }}[bot]"
- name: Install dependencies
run: sudo snap install yq --channel=v4/stable
- name: Run release script
run: |
cd charts
BRANCH="bump-webhook-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
git checkout -b "$BRANCH" "$CHARTS_REF"
../webhook/.github/workflows/scripts/release-against-charts.sh . "$PREV_WEBHOOK" "$NEW_WEBHOOK"
- name: Push and create pull request
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
cd charts
git push origin "$BRANCH"
body=$(../webhook/.github/workflows/scripts/release-message.sh "$PREV_WEBHOOK" "$NEW_WEBHOOK")
gh pr create \
--title "[$CHARTS_REF] Bump rancher-webhook to $NEW_WEBHOOK" \
--body "$body" \
--repo ${{ github.repository_owner }}/charts \
--head "${{ github.repository_owner }}:$BRANCH" \
--base "$CHARTS_REF"