Skip to content

fix(attest): use attest action in direct #119

fix(attest): use attest action in direct

fix(attest): use attest action in direct #119

Workflow file for this run

on:
push:
branches:
- main
permissions:
contents: write
pull-requests: write
name: "Release new actions"
jobs:
changelist:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 100
- name: Additional checkout
run: |
git fetch --no-tags --depth 100 origin "+refs/heads/main:refs/remotes/origin/main"
- name: Get actions changelist
id: changelist
run: |
CHANGELIST=$(git diff --name-only HEAD^ HEAD | grep -v ".github/workflows" | awk -F'/' 'NF > 2 { print $1"/"$2 }' | awk '{ printf "\"%s\",\n", $0 }' | sort | uniq | tr '\n' ' ' | sed s/..$//g)
if [ -z "$CHANGELIST" ]
then
echo "changed_actions=nulll"
else
echo "changed_actions=${CHANGELIST}"
echo "changed_actions={\"component\": [$(echo ${CHANGELIST})]}" >> $GITHUB_OUTPUT
fi
outputs:
changed_actions: ${{ steps.changelist.outputs.changed_actions }}
release:
if: ${{ needs.changelist.outputs.changed_actions != '[]' && needs.changelist.outputs.changed_actions != '' }}
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
needs:
- changelist
strategy:
fail-fast: false
matrix: ${{fromJson(needs.changelist.outputs.changed_actions)}}
steps:
- name: "[Prepare] Get Github Token based on Github App authentication"
id: ghapp-cybersecurity-ci
uses: getsentry/action-github-app-token@v3
with:
app_id: ${{ secrets.CYBERSECURITY_CI_APP_ID }}
private_key: ${{ secrets.CYBERSECURITY_CI_APP_PRIVATE_KEY }}
- name: "[Release] Run action google-github-actions/release-please-action@v3"
uses: google-github-actions/release-please-action@v3
id: release
with:
token: ${{ steps.ghapp-cybersecurity-ci.outputs.token }}
release-type: terraform-module
package-name: ${{ matrix.component }}
monorepo-tags: true
path: ${{ matrix.component }}
include-v-in-tag: false
- name: "[Prepare] Compute major and minor tags"
if: ${{ steps.release.outputs.releases_created }}
id: prepare-major-minor-tags
env:
RELEASE_OUTPUTS: ${{ toJson(steps.release.outputs) }}
shell: bash
run: |
PATHS_RELEASED=$(echo "$RELEASE_OUTPUTS" | jq -r '.paths_released' | sed 's/[][]//g' | tr -d '"')
TAG_NAME_KEY="${PATHS_RELEASED}--tag_name"
TAG_NAME=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$TAG_NAME_KEY" '.[$key]')
MAJOR_KEY="${PATHS_RELEASED}--major"
MAJOR_VERSION=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$MAJOR_KEY" '.[$key]')
MINOR_KEY="${PATHS_RELEASED}--minor"
MINOR_VERSION=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$MINOR_KEY" '.[$key]')
MAJOR_MINOR_TAG="${PATHS_RELEASED}-${MAJOR_VERSION}.${MINOR_VERSION}"
MAJOR_TAG="${PATHS_RELEASED}-${MAJOR_VERSION}"
echo "tag_major_minor=$MAJOR_MINOR_TAG" >> "$GITHUB_OUTPUT"
echo "tag_major=$MAJOR_TAG" >> "$GITHUB_OUTPUT"
- name: "[Prepare] Checkout code"
if: ${{ steps.release.outputs.releases_created }}
uses: actions/checkout@v4
- name: "[Release] Update Major tags"
uses: actions/github-script@v7
if: ${{ steps.release.outputs.releases_created }}
env:
TAG_MAJOR_MINOR: ${{ steps.prepare-major-minor-tags.outputs.tag_major_minor }}
TAG_MAJOR: ${{ steps.prepare-major-minor-tags.outputs.tag_major }}
with:
github-token: ${{ steps.ghapp-cybersecurity-ci.outputs.token }}
script: |
// tag major
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/tags/${{ env.TAG_MAJOR }}',
sha: context.sha
}).catch(err => {
if (err.status !== 422) throw err;
github.rest.git.updateRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'tags/${{ env.TAG_MAJOR }}',
sha: context.sha
});
})
// tag major + minor
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/tags/${{ env.TAG_MAJOR_MINOR }}',
sha: context.sha
}).catch(err => {
if (err.status !== 422) throw err;
github.rest.git.updateRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'tags/${{ env.TAG_MAJOR_MINOR }}',
sha: context.sha
});
})