Added .github files #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Github Releases with Packages | ||
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
| on: | ||
| # If any commit message in your push or the HEAD commit of your PR contains the strings | ||
| # [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] | ||
| # workflows triggered on the push or pull_request events will be skipped. | ||
| # https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/ | ||
| workflow_call: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| env: | ||
| SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | ||
| permissions: | ||
| actions: none | ||
| checks: none | ||
| contents: write | ||
| deployments: none | ||
| issues: none | ||
| discussions: none | ||
| packages: read | ||
| pull-requests: none | ||
| repository-projects: none | ||
| security-events: none | ||
| statuses: none | ||
| steps: | ||
| # A GitHub Action to expose useful environment variables. | ||
| # https://github.com/FranzDiebold/github-env-vars-action | ||
| - | ||
| name: GitHub Environment Variables Action | ||
| id: env | ||
| # uses: https://github.com/FranzDiebold/github-env-vars-action/tags | ||
| uses: FranzDiebold/github-env-vars-action@v2 | ||
| # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. | ||
| # https://github.com/actions/checkout | ||
| - | ||
| name: Checkout repository | ||
| id: checkout | ||
| # You may pin to the exact commit or the version. | ||
| # uses: https://github.com/actions/checkout/tags | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
| # GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow. | ||
| # Open Policy Agent (OPA) is an open source, general-purpose policy engine. | ||
| # https://github.com/open-policy-agent/setup-opa | ||
| - | ||
| name: Setup OPA with latest version | ||
| id: setup-opa-latest | ||
| if: ${{ github.event.inputs.target_version == '' }} | ||
| # uses: https://github.com/open-policy-agent/setup-opa/tags | ||
| uses: open-policy-agent/setup-opa@v2 | ||
| with: | ||
| version: latest | ||
| # GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow. | ||
| # Open Policy Agent (OPA) is an open source, general-purpose policy engine. | ||
| # https://github.com/open-policy-agent/setup-opa | ||
| - | ||
| name: Setup OPA with specific version | ||
| id: setup-opa-version | ||
| if: ${{ github.event.inputs.target_version != '' }} | ||
| # uses: https://github.com/open-policy-agent/setup-opa/tags | ||
| uses: open-policy-agent/setup-opa@v2 | ||
| with: | ||
| version: ${{ github.event.inputs.target_version }} | ||
| # A GitHub Action to Create Open Policy Agent Bundle | ||
| # https://nfpm.goreleaser.com/install/#go-install | ||
| - | ||
| name: Build Open Policy Agent Bundle | ||
| id: opa-build | ||
| if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }} | ||
| run: | | ||
| set -x | ||
| OPA_BUILD_MESSAGE=$(opa build -b policy/ -o bundle.tar.gz --debug 2>&1) | ||
| printf "OPA_BUILD_MESSAGE=${OPA_BUILD_MESSAGE}\n" >> $GITHUB_ENV | ||
| test -f ./bundle.tar.gz | ||
| # A GitHub Action to create GitHub Release | ||
| # https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release | ||
| - | ||
| name: Create GitHub Release | ||
| id: create_release | ||
| if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| set -x | ||
| tag=v${{ github.event.inputs.target_version }} | ||
| body=$(curl -s https://api.github.com/repos/${SOURCE_GITHUB_REPOSITORY}/releases | jq -r ".[] | select(.tag_name == \"$tag\") | \"# [\"+.name+\"](\"+.html_url+\") ${{ env.OPA_BUILD_MESSAGE }}\"") | ||
| curl \ | ||
| -XPOST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | ||
| "https://api.github.com/repos/${CI_REPOSITORY}/releases" \ | ||
| -d "{\"tag_name\":\"$tag\",\"name\":\"Release $tag\",\"body\":\"$body\",\"draft\":false,\"prerelease\":false}" | ||
| # A GitHub Action to upload release assets | ||
| # https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset | ||
| - | ||
| name: Upload GitHub Release Assets | ||
| id: upload_release_assets | ||
| if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| set -x | ||
| tag=v${{ github.event.inputs.target_version }} | ||
| release_id=$(curl \ | ||
| -XGET \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | ||
| "https://api.github.com/repos/${CI_REPOSITORY}/releases/tags/$tag" \ | ||
| | jq '.id') | ||
| curl \ | ||
| -XPOST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | ||
| -H "Content-Type: $(file --mime-type -b ./bundle.tar.gz)" \ | ||
| --data-binary @./bundle.tar.gz \ | ||
| "https://uploads.github.com/repos/${CI_REPOSITORY}/releases/$release_id/assets?name=$(basename ./bundle.tar.gz)" | ||
