Skip to content

[Backport] Add global.podSecurityStandards.enforced value for PSS mig… #128

[Backport] Add global.podSecurityStandards.enforced value for PSS mig…

[Backport] Add global.podSecurityStandards.enforced value for PSS mig… #128

# DO NOT EDIT. Generated with:
#
# [email protected]
#
name: Create Release PR
on:
push:
branches:
- 'legacy#release#v*.*.*'
- 'main#release#v*.*.*'
- 'main#release#major'
- 'main#release#minor'
- 'main#release#patch'
- 'master#release#v*.*.*'
- 'master#release#major'
- 'master#release#minor'
- 'master#release#patch'
- 'release#v*.*.*'
- 'release#major'
- 'release#minor'
- 'release#patch'
- 'release-v*.*.x#release#v*.*.*'
# "!" negates previous positive patterns so it has to be at the end.
- '!release-v*.x.x#release#v*.*.*'
workflow_call:
inputs:
branch:
required: true
type: string
jobs:
debug_info:
name: Debug info
runs-on: ubuntu-22.04
steps:
- name: Print github context JSON
run: |
cat <<EOF
${{ toJson(github) }}
EOF
gather_facts:
name: Gather facts
runs-on: ubuntu-22.04
outputs:
repo_name: ${{ steps.gather_facts.outputs.repo_name }}
branch: ${{ steps.gather_facts.outputs.branch }}
base: ${{ steps.gather_facts.outputs.base }}
needs_major_bump: ${{ steps.gather_facts.outputs.needs_major_bump }}
skip: ${{ steps.pr_exists.outputs.skip }}
version: ${{ steps.gather_facts.outputs.version }}
steps:
- name: Gather facts
id: gather_facts
run: |
head="${{ inputs.branch || github.event.ref }}"
echo "branch=${head}" >> $GITHUB_OUTPUT
head="${head#refs/heads/}" # Strip "refs/heads/" prefix.
if [[ $(echo "$head" | grep -o '#' | wc -l) -gt 1 ]]; then
base="$(echo $head | cut -d '#' -f 1)"
else
base="${{ github.event.base_ref }}"
fi
base="${base#refs/heads/}" # Strip "refs/heads/" prefix.
version="$(echo $head | awk -F# '{print $NF}')"
if [[ $version =~ ^major|minor|patch$ ]]; then
gh auth login --with-token <<<$(echo -n ${{ secrets.TAYLORBOT_GITHUB_ACTION }})
gh_api_get_latest_release_version()
{
if ! version="$(gh api "repos/$1/releases/latest" --jq '.tag_name[1:] | split(".") | .[0], .[1], .[2]')"
then
case "$version" in
*Not\ Found*) echo Assuming v0.0.0, hooray first release! >&2 ; version="0 0 0" ;;
*) version="" ; return 1 ;;
esac
fi
echo "$version"
}
version_parts=($(gh_api_get_latest_release_version "${{ github.repository }}"))
version_major=${version_parts[0]}
version_minor=${version_parts[1]}
version_patch=${version_parts[2]}
case ${version} in
patch)
version_patch=$((version_patch+1))
;;
minor)
version_minor=$((version_minor+1))
version_patch=0
;;
major)
version_major=$((version_major+1))
version_minor=0
version_patch=0
if [[ "${version_major}" != "1" ]]; then
echo "needs_major_bump=true" >> $GITHUB_OUTPUT
fi
;;
*)
echo "Unknown Semver level provided"
exit 1
;;
esac
version="${version_major}.${version_minor}.${version_patch}"
else
version="${version#v}" # Strip "v" prefix.
version_major=$(echo "${version}" | cut -d "." -f 1)
version_minor=$(echo "${version}" | cut -d "." -f 2)
version_patch=$(echo "${version}" | cut -d "." -f 3)
# This will help us detect versions with suffixes as majors, i.e 3.0.0-alpha1.
# Even though it's a pre-release, it's still a major.
if [[ $version_minor = 0 && $version_patch =~ ^0.* && $version_major != 1 ]]; then
echo "needs_major_bump=true" >> $GITHUB_OUTPUT
fi
fi
repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')"
echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\""
echo "repo_name=${repo_name}" >> $GITHUB_OUTPUT
echo "base=${base}" >> $GITHUB_OUTPUT
echo "head=${head}" >> $GITHUB_OUTPUT
echo "version=${version}" >> $GITHUB_OUTPUT
- name: Check if PR exists
id: pr_exists
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
run: |
head="${{ steps.gather_facts.outputs.branch }}"
branch="${head#refs/heads/}" # Strip "refs/heads/" prefix.
if gh pr view --repo "${{ github.repository }}" "${branch}" --json state --jq .state | grep -i 'open' > /dev/null; then
gh pr view --repo "${{ github.repository }}" "${branch}"
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "skip=false" >> $GITHUB_OUTPUT
fi
create_release_pr:
name: Create release PR
runs-on: ubuntu-22.04
needs:
- gather_facts
if: ${{ needs.gather_facts.outputs.skip != 'true' }}
env:
architect_flags: "--organisation ${{ github.repository_owner }} --project ${{ needs.gather_facts.outputs.repo_name }}"
steps:
- uses: actions/setup-go@v3
with:
go-version: '=1.18.1'
- name: Install architect
uses: giantswarm/[email protected]
with:
binary: "architect"
version: "6.11.0"
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ needs.gather_facts.outputs.branch }}
- name: Prepare release changes
run: |
architect prepare-release ${{ env.architect_flags }} --version "${{ needs.gather_facts.outputs.version }}"
- name: Update version field in Chart.yaml
run: |
# Define chart_dir
repository="${{ needs.gather_facts.outputs.repo_name }}"
chart="helm/${repository}"
# Check chart directory.
if [ ! -d "${chart}" ]
then
echo "Could not find chart directory '${chart}', adding app suffix."
# Add app suffix.
chart="helm/${repository}-app"
# Check chart directory with app suffix.
if [ ! -d "${chart}" ]
then
echo "Could not find chart directory '${chart}', removing app suffix."
# Remove app suffix.
chart="helm/${repository%-app}"
if [ ! -d "${chart}" ]
then
# Print error.
echo "Could not find chart directory '${chart}', doing nothing."
fi
fi
fi
# Define chart YAML.
chart_yaml="${chart}/Chart.yaml"
# Check chart YAML.
if [ -f "${chart_yaml}" ]
then
# check if version in Chart.yaml is templated using architect
if [ $(grep -c "^version:.*\.Version.*$" "${chart_yaml}") = "0" ]; then
yq -i '.version = "${{ needs.gather_facts.outputs.version }}"' "${chart_yaml}"
fi
fi
- name: Bump go module defined in go.mod if needed
run: |
if [ "${{ needs.gather_facts.outputs.needs_major_bump }}" = true ] && test -f "go.mod"; then
go install github.com/marwan-at-work/mod/cmd/[email protected]
mod upgrade
fi
- name: Set up git identity
run: |
git config --local user.email "[email protected]"
git config --local user.name "taylorbot"
- name: Create release commit
env:
version: "${{ needs.gather_facts.outputs.version }}"
run: |
git add -A
git commit -m "Release v${{ env.version }}"
- name: Push changes
env:
remote_repo: "https://${{ github.actor }}:${{ secrets.TAYLORBOT_GITHUB_ACTION }}@github.com/${{ github.repository }}.git"
run: |
git push "${remote_repo}" HEAD:${{ needs.gather_facts.outputs.branch }}
- name: Create PR
env:
GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
base: "${{ needs.gather_facts.outputs.base }}"
version: "${{ needs.gather_facts.outputs.version }}"
run: |
hub pull-request -f -m "Release v${{ env.version }}" -a ${{ github.actor }} -b ${{ env.base }} -h ${{ needs.gather_facts.outputs.branch }}