Check remote repositories and create corresponding tag #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check remote repositories and create corresponding tag | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| on: | |
| # If any commit message in your push or the HEAD commit of your PR contains the strings | |
| # [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] | |
| # workflows triggered on the push or pull_request events will be skipped. | |
| # https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/ | |
| schedule: | |
| - cron: '0 21 * * *' # Friday 21:00 UTC, Saturday 06:00 JST | |
| workflow_dispatch: | |
| env: | |
| DOCKER_REGISTRY_URL: ghcr.io | |
| TARGET_TAG: "" | |
| SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa | |
| GIT_SUBMODULE_URL: https://github.com/openpolicyagent/opa.git | |
| GIT_SUBMODULE_PATH: opa | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| permissions: | |
| actions: write | |
| checks: none | |
| contents: write | |
| deployments: none | |
| issues: none | |
| discussions: none | |
| packages: none | |
| pull-requests: none | |
| repository-projects: none | |
| security-events: none | |
| statuses: none | |
| steps: | |
| # A GitHub Action to expose useful environment variables. | |
| # https://github.com/FranzDiebold/github-env-vars-action | |
| - | |
| name: GitHub Environment Variables Action | |
| id: env | |
| # uses: https://github.com/FranzDiebold/github-env-vars-action/tags | |
| uses: FranzDiebold/github-env-vars-action@v2 | |
| # A GitHub Action to check remote repositories | |
| - | |
| name: Check remote repositories | |
| id: check | |
| if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name == 'push' }} | |
| run: | | |
| set -x | |
| # Get latest release tag with: | |
| # curl -sf https://api.github.com/repos/AthenZ/athenz/releases \ | |
| # | jq -er .[].tag_name \ | |
| # | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ | |
| # | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ | |
| # | head -n1 | |
| if [[ "${{ env.CI_REF }}" == "refs/tags/"* ]] && [[ "$(basename ${{ env.CI_REF }})" =~ ^v?([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z]+)?(\.[0-9]+)?$ ]]; then | |
| PACKAGE_VERSION="$(git tag --points-at HEAD | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g')" | |
| TAG_VERSION="$(git tag --points-at HEAD | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g')" | |
| else | |
| PACKAGE_VERSION="$( \ | |
| curl -sf https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \ | |
| | jq -er .[].tag_name \ | |
| | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ | |
| | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ | |
| | sort -ru \ | |
| | head -n1 \ | |
| )" | |
| TAG_VERSION="$( \ | |
| curl -sf https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \ | |
| | jq -er .[].tag_name \ | |
| | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ | |
| | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ | |
| | sort -ru \ | |
| | head -n1 \ | |
| )" | |
| fi | |
| CURRENT_VERSION="$( \ | |
| curl -sf https://api.github.com/repos/${{ env.CI_REPOSITORY_OWNER }}/${{ env.CI_REPOSITORY_NAME }}/releases \ | |
| | jq -er .[].tag_name \ | |
| | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ | |
| | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ | |
| | sort -ru \ | |
| | head -n1 \ | |
| )" | |
| printf "VERSION=${PACKAGE_VERSION}\n" >> $GITHUB_ENV | |
| printf "TAG_VERSION=${TAG_VERSION}\n" >> $GITHUB_ENV | |
| printf "CURRENT_VERSION=${CURRENT_VERSION}\n" >> $GITHUB_ENV | |
| # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. | |
| # https://github.com/actions/checkout | |
| - | |
| name: Checkout repository | |
| id: checkout | |
| # You may pin to the exact commit or the version. | |
| # uses: https://github.com/actions/checkout/tags | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| # A GitHub Action to create git tags | |
| # | |
| # Using the GITHUB_TOKEN in a workflow | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow | |
| # When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. | |
| # This prevents you from accidentally creating recursive workflow runs. | |
| # For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur. | |
| - | |
| name: Create git tag | |
| id: tag | |
| if: ${{ env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -x | |
| git tag -f ${{ env.TAG_VERSION }} | |
| git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }} | |
| git push -f origin tag ${{ env.TAG_VERSION }} | |
| # A GitHub Action to dispatch event | |
| # https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event | |
| - | |
| name: Trigger Workflows | |
| if: ${{ env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -x | |
| curl --fail -X POST \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Authorization: Bearer $GITHUB_TOKEN" \ | |
| https://api.github.com/repos/${{ github.repository }}/actions/workflows/trigger-workflows.yaml/dispatches \ | |
| -d "{\"ref\":\"${{ env.TAG_VERSION }}\",\"inputs\":{\"target_version\":\"${{ env.VERSION }}\",\"current_version\":\"${{ env.CURRENT_VERSION }}\"}}" |