Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add approval workflow #85

Merged
merged 5 commits into from
Jan 10, 2025
Merged

Add approval workflow #85

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f4eb10b
add approval workflow
sk593 Nov 15, 2024
c0c9de8
update approval workflow
sk593 Nov 25, 2024
ef86952
update github app
sk593 Dec 3, 2024
67bd0fd
nit indent
sk593 Dec 13, 2024
b88e282
Merge branch 'main' into add-approval-workflow
sk593 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/actions/download-pr-data-artifact/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: "Download PR number saved as an artifact"
description: |
This action can be used together with save-pr-as-artifact custom action which uploads the PR number as an artifact.
This action downloads the artifact to retrieve the PR number.
outputs:
"pr_number":
value: ${{ steps.set-pr-number.outputs.pr_number }}
description: The PR number downloaded from the artifact
runs:
using: "composite"
steps:
- name: Download artifact
uses: actions/github-script@v7
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr_number"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
- name: "Unzip artifact"
shell: bash
run: unzip pr_number.zip
- name: Set PR number
id: set-pr-number
uses: actions/github-script@v7
with:
script: |
let fs = require('fs');
PR_NUMBER=fs.readFileSync('./pr_number').toString();
console.log(`Setting output: pr_number=${PR_NUMBER}`);
core.setOutput('pr_number', PR_NUMBER);
16 changes: 16 additions & 0 deletions .github/actions/save-pr-as-artifact/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: "Save PR number as artifact"
description: "Save PR number as artifact"
runs:
using: "composite"
steps:
- name: Save PR number
shell: bash
env:
PR_NUMBER: ${{ github.event.number }}
run: |
mkdir -p ./pr
echo $PR_NUMBER > ./pr/pr_number
- uses: actions/upload-artifact@v4
with:
name: pr_number
path: pr/
23 changes: 23 additions & 0 deletions .github/workflows/approve-publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Approve Publish Bicep Types

on:
pull_request:
branches:
- main
- features/*
- release/*

jobs:
approve-publish:
name: "Approve Publish Bicep Types"
runs-on: ubuntu-latest
environment: publish-bicep
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Save PR number
uses: ./.github/actions/save-pr-as-artifact

- name: Publish Bicep
run: echo "Publishing Bicep types..."
89 changes: 83 additions & 6 deletions .github/workflows/publish-bicep.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,88 +21,165 @@ on:
- main
tags:
- v*
pull_request:
branches:
- main
workflow_run:
workflows: ["Approve Publish Bicep Types"]
types:
- completed
workflow_dispatch:
inputs: {}

permissions:
id-token: write
contents: read
checks: write

env:
# bicep-types ACR url for uploading AWS Bicep types
BICEP_TYPES_REGISTRY: 'biceptypes.azurecr.io'
AWS_REGION: us-west-2
CI_PUBLISH_RELEASE: ${{ github.repository == 'radius-project/bicep-types-aws' && startsWith(github.ref, 'refs/tags/v') && github.event_name == 'push' }}
CI_PUBLISH_LATEST: ${{ github.repository == 'radius-project/bicep-types-aws' && github.ref == 'refs/heads/main' && github.event_name == 'push' }}
PUBLISH_BICEP_APP_ID: 1077084
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to document this to build shared context?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we should. Will open a task to track

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thanks! Could you link the issue here once it is created?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#106


jobs:
build-and-push-bicep-types:
name: Publish Radius bicep types to ACR
runs-on: ubuntu-latest
environment: publish-bicep
steps:
steps:
- name: Get GitHub app token
uses: tibdex/github-app-token@v2
id: get_installation_token
with:
app_id: ${{ env.PUBLISH_BICEP_APP_ID }}
private_key: ${{ secrets.PUBLISH_BICEP_APP_PRIVATE_KEY }}

- name: Set up checkout target (push)
if: github.event_name == 'push'
run: |
echo "CHECKOUT_REPO=${{ github.repository }}" >> $GITHUB_ENV
echo "CHECKOUT_REF=refs/heads/main" >> $GITHUB_ENV

- name: Check out code
uses: actions/checkout@v4

- name: "Download PR data artifacts"
if: github.event_name == 'workflow_run'
uses: ./.github/actions/download-pr-data-artifact
id: get-pr-number

- name: "Set PR context (workflow_run)"
if: github.event_name == 'workflow_run'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const payload = context.payload.workflow_run;
let fs = require('fs');
// Set environment variables
fs.appendFileSync(process.env.GITHUB_ENV,
`CHECKOUT_REPO=${payload.head_repository.full_name}\n`+
`CHECKOUT_REF=${payload.head_sha}\n` +
`PR_NUMBER=${{ steps.get-pr-number.outputs.pr_number }}\n`);

- uses: LouisBrunner/[email protected]
id: create_check_run
if: always()
with:
token: ${{ steps.get_installation_token.outputs.token }}
name: "Publish Radius bicep types to ACR"
status: in_progress
repo: ${{ github.repository }}
sha: ${{ env.CHECKOUT_REF }}
details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

- name: Checkout Radius repository
uses: actions/checkout@v4
with:
repository: ${{ env.CHECKOUT_REPO }}
ref: ${{ env.CHECKOUT_REF }}

- name: Parse release version and set environment variables
run: python ./.github/scripts/get_release_version.py

- name: Set up Go ${{ env.GOVER }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GOVER }}

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: 'Build aws-type-downloader'
env:
GOPROXY: "https://proxy.golang.org"
working-directory: 'src/aws-type-downloader'
run: go build .

- name: Download AWS specs from CloudControl
run: |
cd src/aws-type-downloader && go run main.go --output ../../artifacts/types --clean

- name: 'Initialize submodule'
run: |
git submodule update --init --recursive
npm --prefix bicep-types/src/bicep-types ci && npm --prefix bicep-types/src/bicep-types run build; \

- name: Generate Bicep extensibility types for AWS
env:
VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }}
run: |
npm --prefix ./src/aws-type-generator install
npm run --prefix ./src/aws-type-generator start -- --input ../../artifacts/types --output ../../artifacts/bicep --release-version ${{ env.VERSION }}

- name: Upload AWS Bicep types artifacts
uses: actions/upload-artifact@v4
with:
name: aws-bicep-types
path: ./artifacts/bicep
if-no-files-found: error

- name: 'Login via Azure CLI'
if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
uses: azure/login@v2
with:
client-id: ${{ secrets.BICEPTYPES_CLIENT_ID }}
tenant-id: ${{ secrets.BICEPTYPES_TENANT_ID }}
subscription-id: ${{ secrets.BICEPTYPES_SUBSCRIPTION_ID }}

- name: Setup and verify bicep CLI
if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
chmod +x ./bicep
sudo mv ./bicep /usr/local/bin/bicep
bicep --version

- name: Publish bicep types
if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }}
env:
VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }}
run: |
bicep publish-extension ./artifacts/bicep/index.json --target br:${{ env.BICEP_TYPES_REGISTRY }}/aws:${{ env.VERSION }} --force
bicep publish-extension ./artifacts/bicep/index.json --target br:${{ env.BICEP_TYPES_REGISTRY }}/aws:${{ env.VERSION }} --force

- uses: LouisBrunner/[email protected]
if: always()
with:
token: ${{ steps.get_installation_token.outputs.token }}
check_run_id: ${{ steps.create_check_run.outputs.check_run_id }}
name: "Publish Radius bicep types to ACR"
repo: ${{ github.repository }}
sha: ${{ env.CHECKOUT_REF }}
status: completed
conclusion: ${{ job.status == 'success' && 'success' || 'failure' }}
output: |
{"summary":"Publish Bicep Types run completed. See links for more information.","title":"Publish Radius bicep types to ACR"}
details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
Loading