Merge pull request #1428 from zabbix/dependabot/github_actions/step-s… #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Red Hat Catalog Description | |
| on: | |
| push: | |
| branches: | |
| - '[0-9]+.[0-9]+' | |
| paths: | |
| - 'Dockerfiles/*/rhel/README.html' | |
| - 'Dockerfiles/*/README.md' | |
| - 'Dockerfiles/*/rhel/README.md' | |
| - '.github/workflows/rhel_registry_description.yml' | |
| workflow_dispatch: | |
| env: | |
| DOCKERFILES_DIRECTORY: "./Dockerfiles" | |
| API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" | |
| MATRIX_FILE: "build.json" | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| init: | |
| name: Initialize workflow | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| components: ${{ steps.components.outputs.list }} | |
| zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }} | |
| steps: | |
| - name: Block egress traffic | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 1 | |
| sparse-checkout: ${{ env.MATRIX_FILE }} | |
| - name: Check ${{ env.MATRIX_FILE }} file | |
| id: build_exists | |
| env: | |
| MATRIX_FILE: ${{ env.MATRIX_FILE }} | |
| run: | | |
| if [[ ! -f "$MATRIX_FILE" ]]; then | |
| echo "::error::File $MATRIX_FILE is missing" | |
| exit 1 | |
| fi | |
| - name: Get branch info | |
| id: branch_info | |
| shell: bash | |
| env: | |
| github_ref: ${{ github.ref }} | |
| run: | | |
| result=false | |
| github_ref=${github_ref##*/} | |
| echo "::group::Branch metadata" | |
| echo "zabbix_release=${github_ref//.}" | |
| echo "::endgroup::" | |
| echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT | |
| - name: Prepare Zabbix component list | |
| id: components | |
| env: | |
| MATRIX_FILE: ${{ env.MATRIX_FILE }} | |
| run: | | |
| component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") | |
| echo "::group::Zabbix Component List" | |
| echo "$component_list" | |
| echo "::endgroup::" | |
| echo "list=$component_list" >> $GITHUB_OUTPUT | |
| publish: | |
| name: Initialize build | |
| runs-on: ubuntu-latest | |
| needs: init | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| component: ${{ fromJson(needs.init.outputs.components) }} | |
| steps: | |
| - name: Block egress traffic | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| catalog.redhat.com:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| pypi.org:443 | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 1 | |
| - name: Variables formating | |
| id: var_format | |
| env: | |
| MATRIX_BUILD: ${{ matrix.component }} | |
| run: | | |
| MATRIX_BUILD=${MATRIX_BUILD^^} | |
| MATRIX_BUILD=${MATRIX_BUILD//-/_} | |
| echo "::group::Result" | |
| echo "matrix_build=${MATRIX_BUILD}" | |
| echo "::endgroup::" | |
| echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT | |
| - name: Setup Python 3.x | |
| uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
| with: | |
| python-version: '3.x' | |
| - name: Install Python packages | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install markdown requests | |
| - name: Update Red Hat project description | |
| env: | |
| DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} | |
| PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }} | |
| PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} | |
| API_URL: ${{ env.API_URL }} | |
| run: | | |
| python ./.github/scripts/rhel_description.py | |
| - name: Red Hat Gatalog URL | |
| env: | |
| COMPONENT: ${{ matrix.component }} | |
| MATRIX_FILE: ${{ env.MATRIX_FILE }} | |
| run: | | |
| PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE") | |
| echo "::group::URL" | |
| echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}" | |
| echo "::endgroup::" |