-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (130 loc) · 6.16 KB
/
check-remote.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Check remote repositories and create corresponding tag
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
# If any commit message in your push or the HEAD commit of your PR contains the strings
# [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
# workflows triggered on the push or pull_request events will be skipped.
# https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
schedule:
- cron: '0 21 * * *' # Friday 21:00 UTC, Saturday 06:00 JST
workflow_dispatch:
env:
DOCKER_REGISTRY_URL: ghcr.io
TARGET_TAG: ""
SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa
GIT_SUBMODULE_URL: https://github.com/openpolicyagent/opa.git
GIT_SUBMODULE_PATH: opa
jobs:
build:
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: write
checks: none
contents: write
deployments: none
issues: none
discussions: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
steps:
# A GitHub Action to expose useful environment variables.
# https://github.com/FranzDiebold/github-env-vars-action
-
name: GitHub Environment Variables Action
id: env
# uses: https://github.com/FranzDiebold/github-env-vars-action/tags
uses: FranzDiebold/github-env-vars-action@v2
# A GitHub Action to check remote repositories
-
name: Check remote repositories
id: check
if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
run: |
set -x
# Get latest release tag with:
# curl -sf https://api.github.com/repos/AthenZ/athenz/releases \
# | jq -er .[].tag_name \
# | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
# | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
# | head -n1
if [[ "${{ env.CI_REF }}" == "refs/tags/"* ]] && [[ "$(basename ${{ env.CI_REF }})" =~ ^v?([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z]+)?(\.[0-9]+)?$ ]]; then
PACKAGE_VERSION="$(git tag --points-at HEAD | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g')"
TAG_VERSION="$(git tag --points-at HEAD | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g')"
else
PACKAGE_VERSION="$( \
curl -sf https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \
| jq -er .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
TAG_VERSION="$( \
curl -sf https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \
| jq -er .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
fi
CURRENT_VERSION="$( \
curl -sf https://api.github.com/repos/${{ env.CI_REPOSITORY_OWNER }}/${{ env.CI_REPOSITORY_NAME }}/releases \
| jq -er .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
printf "VERSION=${PACKAGE_VERSION}\n" >> $GITHUB_ENV
printf "TAG_VERSION=${TAG_VERSION}\n" >> $GITHUB_ENV
printf "CURRENT_VERSION=${CURRENT_VERSION}\n" >> $GITHUB_ENV
# This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
# https://github.com/actions/checkout
-
name: Checkout repository
id: checkout
# You may pin to the exact commit or the version.
# uses: https://github.com/actions/checkout/tags
uses: actions/checkout@v4
with:
submodules: recursive
# A GitHub Action to create git tags
#
# Using the GITHUB_TOKEN in a workflow
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
# This prevents you from accidentally creating recursive workflow runs.
# For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
-
name: Create git tag
id: tag
if: ${{ env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
git tag -f ${{ env.TAG_VERSION }}
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}
git push -f origin tag ${{ env.TAG_VERSION }}
# A GitHub Action to dispatch event
# https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event
-
name: Trigger Workflows
if: ${{ env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
curl --fail -X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/trigger-workflows.yaml/dispatches \
-d "{\"ref\":\"${{ env.TAG_VERSION }}\",\"inputs\":{\"target_version\":\"${{ env.VERSION }}\",\"current_version\":\"${{ env.CURRENT_VERSION }}\"}}"