Skip to content

[puppetsync] Support simp-iptables 7.x (#99) #7

[puppetsync] Support simp-iptables 7.x (#99)

[puppetsync] Support simp-iptables 7.x (#99) #7

Workflow file for this run

# Build & Deploy Puppet module & GitHub release when a SemVer tag is pushed
# ------------------------------------------------------------------------------
#
# NOTICE: **This file is maintained with puppetsync**
#
# This file is updated automatically as part of a standardized asset baseline.
#
# The next baseline sync will overwrite any local changes to this file!
#
# ==============================================================================
#
# This pipeline uses the following GitHub Action Secrets:
#
# GitHub Secret variable Notes
# ------------------------------- ---------------------------------------
# PUPPETFORGE_API_TOKEN
# SIMP_CORE_REF_FOR_BUILDING_RPMS simp-core ref (tag) to use to build
# RPMs with `rake pkg:single`
# SIMP_DEV_GPG_SIGNING_KEY GPG signing key's secret key
# SIMP_DEV_GPG_SIGNING_KEY_ID User ID (name) of signing key
# SIMP_DEV_GPG_SIGNING_KEY_PASSPHRASE Passphrase to use GPG signing key
#
# ------------------------------------------------------------------------------
#
# NOTES:
#
# * The CHANGELOG text is altered to remove RPM-style date headers, which don't
# render well as markdown on the GitHub release pages
#
---
name: 'Tag: Release to GitHub w/RPMs + Puppet Forge'
on:
push:
tags:
# NOTE: These filter patterns aren't actually regexes:
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
- '[0-9]+\.[0-9]+\.[0-9]+'
- '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+'
env:
PUPPET_VERSION: '~> 7'
jobs:
releng-checks:
name: "RELENG checks"
if: github.repository_owner == 'simp'
runs-on: ubuntu-latest
steps:
- name: "Assert '${{ github.ref }}' is a tag"
run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }'
- uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
clean: true
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7
bundler-cache: true
- run: bundle exec rake pkg:check_version
- run: bundle exec rake pkg:compare_latest_tag
- run: bundle exec rake pkg:create_tag_changelog
- run: bundle exec rake metadata_lint
- name: "Test that Puppet module can build"
run: "bundle exec pdk build --force"
create-github-release:
name: Deploy GitHub Release
needs: [ releng-checks ]
if: github.repository_owner == 'simp'
runs-on: ubuntu-latest
outputs:
prerelease: ${{ steps.tag-check.outputs.prerelease }}
tag: ${{ steps.tag-check.outputs.tag }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
clean: true
fetch-depth: 0
- name: Get tag & annotation info (${{github.ref}})
id: tag-check
run: |
tag="${GITHUB_REF/refs\/tags\//}"
annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)"
annotation_title="$(echo "$annotation" | head -1)"
if [[ "$tag" =~ ^(simp-|v)?[0-9]+\.[0-9]+\.[0-9]+(-(rc|alpha|beta|pre|post)?([0-9]+)?)?$ ]]; then
if [ -n "${BASH_REMATCH[2]}" ]; then
prerelease=yes
annotation_title="Pre-release of ${tag}"
fi
else
printf '::error ::Release Tag format is not SemVer, X.Y.Z-R, X.Y.Z-<prerelease>: "%s"\n' "$RELEASE_TAG"
exit 88
fi
echo "tag=$tag" | tee -a "$GITHUB_OUTPUT"
echo "prerelease=$prerelease" | tee -a "$GITHUB_OUTPUT"
echo "TARGET_TAG=$tag" | tee -a "$GITHUB_ENV"
# Prepare annotation body as a file for the next step
#
# * The GitHub Release renders the text in this file as markdown
# * The `perl -pe` removes RPM-style date headers from the CHANGELOG,
# because they don't render well as markdown on the Release page
echo "RELEASE_MESSAGE<<EOF$$" >> "$GITHUB_ENV"
printf '%s\n\n' "$annotation_title" >> "$GITHUB_ENV"
echo "$annotation" | tail -n +2 | \
perl -pe 'BEGIN{undef $/;} s/\n\* (Mon|Tue|Wed|Thu|Fri|Sat|Sun) .*?\n//smg;' >> "$GITHUB_ENV"
echo "EOF$$" >> "$GITHUB_ENV"
- name: Create Release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IS_PRERELASE: ${{ steps.tag-check.outputs.prerelease }}
run: |
echo "${RELEASE_MESSAGE}" > /tmp/.commit-msg.txt
args=(-F /tmp/.commit-msg.txt)
[[ $IS_PRERELASE == yes ]] && args+=(--prerelease)
gh release create ${args[@]} "$TARGET_TAG"
build-and-attach-rpms:
name: Trigger RPM release
needs: [ create-github-release ]
if: github.repository_owner == 'simp'
runs-on: ubuntu-latest
env:
TARGET_REPO: ${{ github.repository }}
strategy:
matrix:
os:
- centos7
- centos8
steps:
- name: Trigger RPM release workflow (${{ matrix.os }})
uses: actions/github-script@v6
env:
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
TARGET_TAG: ${{ needs.create-github-release.outputs.tag }}
with:
github-token: ${{ secrets.SIMP_AUTO_GITHUB_TOKEN__REPO_SCOPE }}
script: |
console.log( `== Building tag: '${ process.env.TARGET_TAG }' for os '${{ matrix.os}}'` )
const [owner, repo] = process.env.TARGET_REPO.split('/')
await github.request('POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches', {
owner: owner,
repo: repo,
workflow_id: 'release_rpms.yml',
ref: process.env.DEFAULT_BRANCH,
inputs: {
release_tag: process.env.TARGET_TAG,
clean: 'no',
clobber: 'yes',
build_container_os: '${{ matrix.os }}'
}
}).then((result) => {
console.log( `== Submitted workflow dispatch to build RPMs from ${{ matrix.os }}: status ${result.status}` )
})
deploy-to-puppet-forge:
name: 'Deploy PuppetForge Release'
needs: [ create-github-release ]
if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes')
runs-on: ubuntu-latest
env:
PUPPETFORGE_API_TOKEN: ${{ secrets.PUPPETFORGE_API_TOKEN }}
FORGE_USER_AGENT: GitHubActions-ForgeReleng-Workflow/0.4.1 (Purpose/forge-ops-for-${{ github.event.repository.name }})
FORGE_API_URL: https://forgeapi.puppet.com/v3/releases
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
clean: true
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7
bundler-cache: true
- name: Build Puppet module (PDK)
run: bundle exec pdk build --force
- name: Deploy to Puppet Forge (skipped when prerelease)
run: |
curl -X POST --silent --show-error --fail \
--user-agent "$FORGE_USER_AGENT" \
--header "Authorization: Bearer ${PUPPETFORGE_API_TOKEN}" \
--form "file=@$(find $PWD/pkg -name ''*.tar.gz'')" \
"$FORGE_API_URL"