feat: Backstage enrollment (#45) #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: write | |
pull-requests: write | |
name: "Release new actions" | |
jobs: | |
changelist: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 100 | |
- name: Additional checkout | |
run: | | |
git fetch --no-tags --depth 100 origin "+refs/heads/main:refs/remotes/origin/main" | |
- name: Get actions changelist | |
id: changelist | |
run: | | |
CHANGELIST=$(git diff --name-only HEAD^ HEAD | grep -v ".github/workflows" | awk -F'/' 'NF > 2 { print $1"/"$2 }' | awk '{ printf "\"%s\",\n", $0 }' | sort | uniq | tr '\n' ' ' | sed s/..$//g) | |
if [ -z "$CHANGELIST" ] | |
then | |
echo "changed_actions=nulll" | |
else | |
echo "changed_actions=${CHANGELIST}" | |
echo "changed_actions={\"component\": [$(echo ${CHANGELIST})]}" >> $GITHUB_OUTPUT | |
fi | |
outputs: | |
changed_actions: ${{ steps.changelist.outputs.changed_actions }} | |
release: | |
if: ${{ needs.changelist.outputs.changed_actions != '[]' && needs.changelist.outputs.changed_actions != '' }} | |
permissions: | |
contents: write | |
pull-requests: write | |
runs-on: ubuntu-latest | |
needs: | |
- changelist | |
strategy: | |
fail-fast: false | |
matrix: ${{fromJson(needs.changelist.outputs.changed_actions)}} | |
steps: | |
- name: "[Prepare] Get Github Token based on Github App authentication" | |
id: ghapp-cybersecurity-ci | |
uses: getsentry/action-github-app-token@v3 | |
with: | |
app_id: ${{ secrets.CYBERSECURITY_CI_APP_ID }} | |
private_key: ${{ secrets.CYBERSECURITY_CI_APP_PRIVATE_KEY }} | |
- name: "[Release] Run action google-github-actions/release-please-action@v3" | |
uses: google-github-actions/release-please-action@v3 | |
id: release | |
with: | |
token: ${{ steps.ghapp-cybersecurity-ci.outputs.token }} | |
release-type: terraform-module | |
package-name: ${{ matrix.component }} | |
monorepo-tags: true | |
path: ${{ matrix.component }} | |
include-v-in-tag: false | |
- name: "[Prepare] Compute major and minor tags" | |
if: ${{ steps.release.outputs.releases_created }} | |
id: prepare-major-minor-tags | |
env: | |
RELEASE_OUTPUTS: ${{ toJson(steps.release.outputs) }} | |
shell: bash | |
run: | | |
PATHS_RELEASED=$(echo "$RELEASE_OUTPUTS" | jq -r '.paths_released' | sed 's/[][]//g' | tr -d '"') | |
TAG_NAME_KEY="${PATHS_RELEASED}--tag_name" | |
TAG_NAME=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$TAG_NAME_KEY" '.[$key]') | |
MAJOR_KEY="${PATHS_RELEASED}--major" | |
MAJOR_VERSION=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$MAJOR_KEY" '.[$key]') | |
MINOR_KEY="${PATHS_RELEASED}--minor" | |
MINOR_VERSION=$(echo "$RELEASE_OUTPUTS" | jq -r --arg key "$MINOR_KEY" '.[$key]') | |
MAJOR_MINOR_TAG="${PATHS_RELEASED}-${MAJOR_VERSION}.${MINOR_VERSION}" | |
MAJOR_TAG="${PATHS_RELEASED}-${MAJOR_VERSION}" | |
echo "tag_major_minor=$MAJOR_MINOR_TAG" >> "$GITHUB_OUTPUT" | |
echo "tag_major=$MAJOR_TAG" >> "$GITHUB_OUTPUT" | |
- name: "[Prepare] Checkout code" | |
if: ${{ steps.release.outputs.releases_created }} | |
uses: actions/checkout@v4 | |
- name: "[Release] Update Major tags" | |
uses: actions/github-script@v7 | |
if: ${{ steps.release.outputs.releases_created }} | |
env: | |
TAG_MAJOR_MINOR: ${{ steps.prepare-major-minor-tags.outputs.tag_major_minor }} | |
TAG_MAJOR: ${{ steps.prepare-major-minor-tags.outputs.tag_major }} | |
with: | |
github-token: ${{ steps.ghapp-cybersecurity-ci.outputs.token }} | |
script: | | |
// tag major | |
github.rest.git.createRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: 'refs/tags/${{ env.TAG_MAJOR }}', | |
sha: context.sha | |
}).catch(err => { | |
if (err.status !== 422) throw err; | |
github.rest.git.updateRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: 'tags/${{ env.TAG_MAJOR }}', | |
sha: context.sha | |
}); | |
}) | |
// tag major + minor | |
github.rest.git.createRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: 'refs/tags/${{ env.TAG_MAJOR_MINOR }}', | |
sha: context.sha | |
}).catch(err => { | |
if (err.status !== 422) throw err; | |
github.rest.git.updateRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: 'tags/${{ env.TAG_MAJOR_MINOR }}', | |
sha: context.sha | |
}); | |
}) | |