Skip to content

Commit

Permalink
NEW Create action
Browse files Browse the repository at this point in the history
  • Loading branch information
@emteknetnz
emteknetnz committed May 31, 2022
1 parent da6ec18 commit 6ee060f
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 62 deletions.
2 changes: 0 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
# GitHub Actions - Tag release

Create a tag and an optional release

Note: this ctions seems to have issues creating tags and releases on forked repos, though it's fine on non-forked repos
88 changes: 28 additions & 60 deletions action.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
name: Tag and release
description: GitHub Action to create a tag and an optional release
inputs:
sha:
type: string
required: true
# Note: there is an explicit reason why there is no sha input paramter - see the readme
tag:
type: string
required: true
Expand All @@ -19,33 +17,26 @@ inputs:
type: string
required: false
default: ''
github_token:
description: "GitHub secret token"
required: true
runs:
using: composite
steps:

- name: Validate inputs
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
BODY: ${{ inputs.body }}
run: |
if ! [[ "$SHA" =~ ^[0-9a-f]{40}$ ]]; then
echo "Invalid sha"
exit 1
fi
if [[ "$TAG" =~ [^a-z0-9\.\-] ]]; then
echo "Invalid tag"
exit 1
fi
- name: Delete existing release if one exists
if: ${{ inputs.release == 'true' && inputs.delete_existing == 'true' }}
shell: bash
env:
# Add string inputs to memory instead of using string substitution in shell script
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAG: ${{ inputs.tag }}
run: |
echo "Deleting old release for $TAG if it exists"
Expand All @@ -61,85 +52,63 @@ runs:
-H "Authorization: token ${{ github.token }}"
echo "Deleted existing release $RELEASE_ID for tag $TAG"
else
echo "Could not find an existing release for tag $TAG"
echo "Did not find an existing release for tag $TAG"
fi
# This fails "Resource not accessible by integration" - even with token passed in
# Note the use of ${{ inputs.github_token }} instead of ${{ github.token }}
- name: Delete existing tag if one exists
if: ${{ inputs.delete_existing == 'true' }}
shell: bash
# Add string inputs to memory instead of using string substitution in shell script
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
env:
TAG: ${{ inputs.tag }}
run: |
echo "Deleting old $TAG tag if it exists"
# Delete tag via GitHub API
# https://docs.github.com/en/rest/reference/git#delete-a-reference
curl -s \
-X DELETE https://api.github.com/repos/${{ github.repository }}/git/refs/tags/$TAG \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ inputs.github_token }}"
# - name: Checkout code
# if: ${{ inputs.release == 'false' }}
# uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # @v2
# with:
# fetch-depth: 50

# This fails
# ! [remote rejected] mytag -> mytag (refusing to allow a GitHub App to create or update workflow `.github/workflows/test.yml` without `workflows` permission)
# - name: Create tag
# if: ${{ inputs.release == 'false' }}
# shell: bash
# env:
# SHA: ${{ inputs.sha }}
# TAG: ${{ inputs.tag }}
# run: |
# # debug
# git log
# # Use raw git commands, otherwise we get "Resource not accessible by integration"
# # and the tag is not created, even if parent job is run with permission: write-all
# # This is despite the fact we can create a release via the API which generates a tag
# git checkout "$SHA"
# git tag "$TAG"
# git push origin "$TAG"
# echo "New tag $TAG created for sha $SHA"
-X GET https://api.github.com/repos/${{ github.repository }}/git/refs/tags \
-H "Accept: application/vnd.github.v3+json" > __.json
FOUND=0
# Check there are any tags so we can use jq array selector later
if [[ $(jq 'map(type)' __.json) =~ object ]]; then
if [ $(jq '.[].ref == "refs/tags/${{ inputs.tag }}"' __.json) == "true" ]; then
FOUND=1
fi
fi
if [ $FOUND == 1 ]; then
# Delete tag via GitHub API
# https://docs.github.com/en/rest/reference/git#delete-a-reference
curl -s \
-X DELETE https://api.github.com/repos/${{ github.repository }}/git/refs/tags/$TAG \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ github.token }}"
echo "Deleted existing tag $TAG"
else
echo "Did not find an existing tag for $TAG"
fi
# Note the use of ${{ inputs.github_token }} instead of ${{ github.token }}
- name: Create tag
# Creating a release will also create a tag, so only create explicitly create tag if not creating release
if: ${{ inputs.release == 'false' }}
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
run: |
# TODO: remove
# SHA=${{ github.sha }}
echo "SHA is $SHA"
echo "TAG is $TAG"
echo "url is https://api.github.com/repos/${{ github.repository }}/git/refs"
# Create new tag via GitHub API
# https://docs.github.com/en/rest/reference/git#create-a-reference
curl -s \
-X POST https://api.github.com/repos/${{ github.repository }}/git/refs \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ inputs.github_token }}" \
-H "Authorization: token ${{ github.token }}" \
-d @- << EOF
{
"sha": "$SHA",
"sha": "${{ github.sha }}",
"ref": "refs/tags/$TAG"
}
EOF
echo "New tag $TAG created for sha $SHA"
# Creating a release will also create a tag
- name: Create release
if: ${{ inputs.release == 'true' }}
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
BODY: ${{ inputs.body }}
run: |
Expand All @@ -154,12 +123,11 @@ runs:
-d @- << EOF
{
"tag_name": "$TAG",
"target_commitish": "$SHA",
"target_commitish": "${{ github.sha }}",
"name": "$TAG",
"body": "$BODY",
"draft": false,
"prerelease": false
}
EOF
echo "New release $TAG created"
# ^ todo: test inputs.body with a single double quote in it

0 comments on commit 6ee060f

Please sign in to comment.