Skip to content
Build Certbot Lambda Package

Update certbot version; add GH actions build #17

Sign in to view logs

Update certbot version; add GH actions build

Update certbot version; add GH actions build #17

Workflow file for this run

.github/workflows/build.yml at a2afba2
name: Build Certbot Lambda Package
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
workflow_dispatch:
permissions:
id-token: write
jobs:
setup-build-workflow:
runs-on: ubuntu-latest
outputs:
IS_PRERELEASE: ${{ steps.set-vars.outputs.IS_PRERELEASE }}
IS_MERGE_TO_MAIN: ${{ steps.set-vars.outputs.IS_MERGE_TO_MAIN }}
IS_MERGE_TO_DEVELOP: ${{ steps.set-vars.outputs.IS_MERGE_TO_DEVELOP }}
REF_TO_BUILD_AND_TAG: ${{ steps.set-vars.outputs.REF_TO_BUILD_AND_TAG }}
IS_DEPENDABOT_PR: ${{ steps.actor_check.outputs.IS_DEPENDABOT_PR }}
steps:
- name: Set default env variables
id: set-vars
uses: actions/github-script@v7
with:
script: |
const targetRef = '${{ github.base_ref }}';
const sourceRef = '${{ github.head_ref }}';
const mergeRef = '${{ github.ref }}';
const prIsDraft = '${{ github.event.pull_request.draft }}' === 'true';
const prMergedToMain = mergeRef === 'refs/heads/master';
const isPreRelease = !prMergedToMain
// For a detailed explanation of why we use different refs for different scenarios
// see https://docs.github.com/en/rest/reference/pulls#get-a-pull-request
const refToBuildAndTag = isPreRelease ? sourceRef : mergeRef;
Object.entries({
IS_PRERELEASE: isPreRelease,
IS_MERGE_TO_MAIN: prMergedToMain,
REF_TO_BUILD_AND_TAG: refToBuildAndTag,
}).forEach(pair => {
core.setOutput(...pair);
console.info(...pair);
});
- name: Check if Dependabot PR
id: actor_check
uses: actions/github-script@v7
with:
script: |
const actor = '${{ github.actor}}';
const knownDependabotNames = [
'dependabot[bot]',
'dependabot'
];
const isDependabotPR = knownDependabotNames.includes(actor);
core.info(`Is Dependabot PR: ${isDependabotPR}`);
core.setOutput('IS_DEPENDABOT_PR', isDependabotPR);
get-version:
runs-on: ubuntu-latest
needs: setup-build-workflow
outputs:
NEXT_VERSION: ${{ steps.get-version.outputs.NEXT_VERSION }}
NEXT_VERSION_NO_PREFIX: ${{ steps.get-version.outputs.NEXT_VERSION_NO_PREFIX }}
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0 # Includes all history for all branches and tags
- id: get-version
uses: joemcbride/[email protected]
with:
calculate-prerelease-version: ${{ needs.setup-build-workflow.outputs.IS_PRERELEASE }}
branch-name: ${{ needs.setup-build-workflow.outputs.REF_TO_BUILD_AND_TAG }}
tag-prefix: certbot-
fallback-to-no-prefix-search: false
default-release-type: minor
create-ref: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- run: |
echo "The next version is ${{ env.NEXT_VERSION }}"
echo "The next version without the prefix is ${{ env.NEXT_VERSION_NO_PREFIX }}"
build:
runs-on: ubuntu-latest
needs: get-version
env:
CI: true
AWS_REGION: us-west-2
NEXT_VERSION: ${{ needs.get-version.outputs.NEXT_VERSION }}
NEXT_VERSION_NO_PREFIX: ${{ needs.get-version.outputs.NEXT_VERSION_NO_PREFIX }}
NEXT_BUILD_VERSION: ${{ needs.get-version.outputs.NEXT_BUILD_VERSION }}
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.11'
- name: Run package script
run: ./package.sh
- name: Show package size
run: |
echo "Package size:"
du -h certbot/certbot.zip || echo "certbot.zip not found"
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: certbot-lambda-package
path: certbot/certbot-lambda.zip
retention-days: 30
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: arn:aws:iam::888985673581:role/GithubActions-DovetailSofware_Org-OIDC
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
- name: Upload Certbot Lambda Assets to S3
working-directory: certbot
run: |
aws s3 cp . s3://jenkins-artifacts.us-west-2.dovetailnow.com/jobs/certbot-lambda/$NEXT_VERSION_NO_PREFIX --recursive --exclude "*" --include "*.zip"