[puppetsync] Support simp-iptables 7.x (#90) #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build & Deploy Puppet module & GitHub release when a SemVer tag is pushed | |
# ------------------------------------------------------------------------------ | |
# | |
# NOTICE: **This file is maintained with puppetsync** | |
# | |
# This file is updated automatically as part of a standardized asset baseline. | |
# | |
# The next baseline sync will overwrite any local changes to this file! | |
# | |
# ============================================================================== | |
# | |
# This pipeline uses the following GitHub Action Secrets: | |
# | |
# GitHub Secret variable Notes | |
# ------------------------------- --------------------------------------- | |
# PUPPETFORGE_API_TOKEN | |
# SIMP_CORE_REF_FOR_BUILDING_RPMS simp-core ref (tag) to use to build | |
# RPMs with `rake pkg:single` | |
# SIMP_DEV_GPG_SIGNING_KEY GPG signing key's secret key | |
# SIMP_DEV_GPG_SIGNING_KEY_ID User ID (name) of signing key | |
# SIMP_DEV_GPG_SIGNING_KEY_PASSPHRASE Passphrase to use GPG signing key | |
# | |
# ------------------------------------------------------------------------------ | |
# | |
# NOTES: | |
# | |
# * The CHANGELOG text is altered to remove RPM-style date headers, which don't | |
# render well as markdown on the GitHub release pages | |
# | |
--- | |
name: 'Tag: Release to GitHub w/RPMs + Puppet Forge' | |
on: | |
push: | |
tags: | |
# NOTE: These filter patterns aren't actually regexes: | |
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
- '[0-9]+\.[0-9]+\.[0-9]+' | |
- '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+' | |
env: | |
PUPPET_VERSION: '~> 7' | |
jobs: | |
releng-checks: | |
name: "RELENG checks" | |
if: github.repository_owner == 'simp' | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Assert '${{ github.ref }}' is a tag" | |
run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }' | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
clean: true | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.7 | |
bundler-cache: true | |
- run: bundle exec rake pkg:check_version | |
- run: bundle exec rake pkg:compare_latest_tag | |
- run: bundle exec rake pkg:create_tag_changelog | |
- run: bundle exec rake metadata_lint | |
- name: "Test that Puppet module can build" | |
run: "bundle exec pdk build --force" | |
create-github-release: | |
name: Deploy GitHub Release | |
needs: [ releng-checks ] | |
if: github.repository_owner == 'simp' | |
runs-on: ubuntu-latest | |
outputs: | |
prerelease: ${{ steps.tag-check.outputs.prerelease }} | |
tag: ${{ steps.tag-check.outputs.tag }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
clean: true | |
fetch-depth: 0 | |
- name: Get tag & annotation info (${{github.ref}}) | |
id: tag-check | |
run: | | |
tag="${GITHUB_REF/refs\/tags\//}" | |
annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)" | |
annotation_title="$(echo "$annotation" | head -1)" | |
if [[ "$tag" =~ ^(simp-|v)?[0-9]+\.[0-9]+\.[0-9]+(-(rc|alpha|beta|pre|post)?([0-9]+)?)?$ ]]; then | |
if [ -n "${BASH_REMATCH[2]}" ]; then | |
prerelease=yes | |
annotation_title="Pre-release of ${tag}" | |
fi | |
else | |
printf '::error ::Release Tag format is not SemVer, X.Y.Z-R, X.Y.Z-<prerelease>: "%s"\n' "$RELEASE_TAG" | |
exit 88 | |
fi | |
echo "tag=$tag" | tee -a "$GITHUB_OUTPUT" | |
echo "prerelease=$prerelease" | tee -a "$GITHUB_OUTPUT" | |
echo "TARGET_TAG=$tag" | tee -a "$GITHUB_ENV" | |
# Prepare annotation body as a file for the next step | |
# | |
# * The GitHub Release renders the text in this file as markdown | |
# * The `perl -pe` removes RPM-style date headers from the CHANGELOG, | |
# because they don't render well as markdown on the Release page | |
echo "RELEASE_MESSAGE<<EOF$$" >> "$GITHUB_ENV" | |
printf '%s\n\n' "$annotation_title" >> "$GITHUB_ENV" | |
echo "$annotation" | tail -n +2 | \ | |
perl -pe 'BEGIN{undef $/;} s/\n\* (Mon|Tue|Wed|Thu|Fri|Sat|Sun) .*?\n//smg;' >> "$GITHUB_ENV" | |
echo "EOF$$" >> "$GITHUB_ENV" | |
- name: Create Release | |
id: create_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
IS_PRERELASE: ${{ steps.tag-check.outputs.prerelease }} | |
run: | | |
echo "${RELEASE_MESSAGE}" > /tmp/.commit-msg.txt | |
args=(-F /tmp/.commit-msg.txt) | |
[[ $IS_PRERELASE == yes ]] && args+=(--prerelease) | |
gh release create ${args[@]} "$TARGET_TAG" | |
build-and-attach-rpms: | |
name: Trigger RPM release | |
needs: [ create-github-release ] | |
if: github.repository_owner == 'simp' | |
runs-on: ubuntu-latest | |
env: | |
TARGET_REPO: ${{ github.repository }} | |
strategy: | |
matrix: | |
os: | |
- centos7 | |
- centos8 | |
steps: | |
- name: Trigger RPM release workflow (${{ matrix.os }}) | |
uses: actions/github-script@v6 | |
env: | |
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
TARGET_TAG: ${{ needs.create-github-release.outputs.tag }} | |
with: | |
github-token: ${{ secrets.SIMP_AUTO_GITHUB_TOKEN__REPO_SCOPE }} | |
script: | | |
console.log( `== Building tag: '${ process.env.TARGET_TAG }' for os '${{ matrix.os}}'` ) | |
const [owner, repo] = process.env.TARGET_REPO.split('/') | |
await github.request('POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches', { | |
owner: owner, | |
repo: repo, | |
workflow_id: 'release_rpms.yml', | |
ref: process.env.DEFAULT_BRANCH, | |
inputs: { | |
release_tag: process.env.TARGET_TAG, | |
clean: 'no', | |
clobber: 'yes', | |
build_container_os: '${{ matrix.os }}' | |
} | |
}).then((result) => { | |
console.log( `== Submitted workflow dispatch to build RPMs from ${{ matrix.os }}: status ${result.status}` ) | |
}) | |
deploy-to-puppet-forge: | |
name: 'Deploy PuppetForge Release' | |
needs: [ create-github-release ] | |
if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes') | |
runs-on: ubuntu-latest | |
env: | |
PUPPETFORGE_API_TOKEN: ${{ secrets.PUPPETFORGE_API_TOKEN }} | |
FORGE_USER_AGENT: GitHubActions-ForgeReleng-Workflow/0.4.1 (Purpose/forge-ops-for-${{ github.event.repository.name }}) | |
FORGE_API_URL: https://forgeapi.puppet.com/v3/releases | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.ref }} | |
clean: true | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.7 | |
bundler-cache: true | |
- name: Build Puppet module (PDK) | |
run: bundle exec pdk build --force | |
- name: Deploy to Puppet Forge (skipped when prerelease) | |
run: | | |
curl -X POST --silent --show-error --fail \ | |
--user-agent "$FORGE_USER_AGENT" \ | |
--header "Authorization: Bearer ${PUPPETFORGE_API_TOKEN}" \ | |
--form "file=@$(find $PWD/pkg -name ''*.tar.gz'')" \ | |
"$FORGE_API_URL" |