-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (126 loc) · 5.85 KB
/
github-releases.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Create Github Releases with Packages
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
# If any commit message in your push or the HEAD commit of your PR contains the strings
# [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
# workflows triggered on the push or pull_request events will be skipped.
# https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
workflow_call:
pull_request:
branches:
- main
env:
SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa
jobs:
build:
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: none
checks: none
contents: write
deployments: none
issues: none
discussions: none
packages: read
pull-requests: none
repository-projects: none
security-events: none
statuses: none
steps:
# A GitHub Action to expose useful environment variables.
# https://github.com/FranzDiebold/github-env-vars-action
-
name: GitHub Environment Variables Action
id: env
# uses: https://github.com/FranzDiebold/github-env-vars-action/tags
uses: FranzDiebold/github-env-vars-action@v2
# This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
# https://github.com/actions/checkout
-
name: Checkout repository
id: checkout
# You may pin to the exact commit or the version.
# uses: https://github.com/actions/checkout/tags
uses: actions/checkout@v4
with:
submodules: recursive
# GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow.
# Open Policy Agent (OPA) is an open source, general-purpose policy engine.
# https://github.com/open-policy-agent/setup-opa
-
name: Setup OPA with latest version
id: setup-opa-latest
if: ${{ github.event.inputs.target_version == '' }}
# uses: https://github.com/open-policy-agent/setup-opa/tags
uses: open-policy-agent/setup-opa@v2
with:
version: latest
# GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow.
# Open Policy Agent (OPA) is an open source, general-purpose policy engine.
# https://github.com/open-policy-agent/setup-opa
-
name: Setup OPA with specific version
id: setup-opa-version
if: ${{ github.event.inputs.target_version != '' }}
# uses: https://github.com/open-policy-agent/setup-opa/tags
uses: open-policy-agent/setup-opa@v2
with:
version: ${{ github.event.inputs.target_version }}
# A GitHub Action to Create Open Policy Agent Bundle
# https://nfpm.goreleaser.com/install/#go-install
-
name: Build Open Policy Agent Bundle
id: opa-build
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
run: |
set -x
OPA_BUILD_MESSAGE=$(opa build -b policy/ -o bundle.tar.gz --debug 2>&1)
printf "OPA_BUILD_MESSAGE=${OPA_BUILD_MESSAGE}\n" >> $GITHUB_ENV
test -f ./bundle.tar.gz
# A GitHub Action to create GitHub Release
# https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
-
name: Create GitHub Release
id: create_release
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
tag=v${{ github.event.inputs.target_version }}-rego.${{ env.CI_SHA_SHORT }}
body=$(curl -sf https://api.github.com/repos/${SOURCE_GITHUB_REPOSITORY}/releases | jq -er ".[] | select(.tag_name == \"v${{ github.event.inputs.target_version }}\") | \"# [\"+.name+\"](\"+.html_url+\")<br>${{ env.OPA_BUILD_MESSAGE }}\"")
curl \
-sf \
-XPOST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
"https://api.github.com/repos/${CI_REPOSITORY}/releases" \
-d "{\"tag_name\":\"$tag\",\"name\":\"$tag Release\",\"body\":\"$body\",\"draft\":false,\"prerelease\":false}"
# A GitHub Action to upload release assets
# https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset
-
name: Upload GitHub Release Assets
id: upload_release_assets
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
tag=v${{ github.event.inputs.target_version }}-rego.${{ env.CI_SHA_SHORT }}
release_id=$(curl \
-XGET \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
"https://api.github.com/repos/${CI_REPOSITORY}/releases/tags/$tag" \
| jq '.id')
curl \
-XPOST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Content-Type: $(file --mime-type -b ./bundle.tar.gz)" \
--data-binary @./bundle.tar.gz \
"https://uploads.github.com/repos/${CI_REPOSITORY}/releases/$release_id/assets?name=$(basename ./bundle.tar.gz)"