diff --git a/action.yml b/action.yml index ae40c1a64..a35d67f4c 100644 --- a/action.yml +++ b/action.yml @@ -266,6 +266,35 @@ runs: with: clean: false if: ${{ github.event_name != 'issue_comment' && inputs.configure-checkout == 'true' }} + + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + clean: false + repository: ${{ env.action_repository }} + ref: ${{ env.action_ref }} + path: digger-action-repo + env: + action_repository: ${{ github.action_repository }} + action_ref: ${{ github.action_ref }} + + - name: Get release tag + id: get_release_tag + shell: bash + working-directory: digger-action-repo + run: | + # Fetch tags + git fetch --prune --unshallow --tags + # Collect tags pointing exactly at this commit, sorted by version (highest first) + tags="$(git tag --points-at HEAD --sort=-v:refname || true)" + echo "Tags: $tags" + # Keep only tags that are SemVer starting with 'v' (e.g., v1.2.3, v1.2.3-rc.1, v1.2.3+meta) + semvers="$(printf '%s\n' "$tags" | grep -E "^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-[0-9A-Za-z.-]+)?(\+[0-9A-Za-z.-]+)?$" || true)" + echo "SemVers: $semvers" + # Pick the first (highest) match if any + tag="$(printf '%s\n' "$semvers" | head -n 1)" + echo "Tag: $tag" + echo "tag=$tag" >> "$GITHUB_OUTPUT" + - name: Set up Google Auth Using A Service Account Key uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13 with: @@ -396,7 +425,7 @@ runs: with: go-version-file: "${{ github.action_path }}/cli/go.mod" cache: false - if: ${{ !startsWith(github.action_ref, 'v') }} + if: ${{ steps.get_release_tag.outputs.tag == '' }} - name: Determine Golang cache paths id: golang-env @@ -404,7 +433,7 @@ runs: echo "build-cache-path=$(go env GOCACHE)" >>"$GITHUB_OUTPUT" echo "module-cache-path=$(go env GOMODCACHE)" >>"$GITHUB_OUTPUT" shell: bash - if: ${{ !startsWith(github.action_ref, 'v') }} + if: ${{ steps.get_release_tag.outputs.tag == '' }} - name: Copy Digger CLI go.sum for cache key run: | @@ -416,7 +445,7 @@ runs: cp "$GITHUB_ACTION_PATH/cli/go.sum" "$GITHUB_WORKSPACE/.digger.go.sum" fi shell: bash - if: ${{ !startsWith(github.action_ref, 'v') }} + if: ${{ steps.get_release_tag.outputs.tag == '' }} - name: Adding required env vars for next step uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 @@ -434,7 +463,7 @@ runs: shell: bash - name: build and run digger - if: ${{ !startsWith(github.action_ref, 'v') && inputs.local-dev-mode == 'false' }} + if: ${{ steps.get_release_tag.outputs.tag == '' && inputs.local-dev-mode == 'false' }} shell: bash env: PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }} @@ -486,9 +515,9 @@ runs: digger - name: run digger - if: ${{ startsWith(github.action_ref, 'v') && inputs.local-dev-mode == 'false' }} + if: ${{ steps.get_release_tag.outputs.tag != '' && inputs.local-dev-mode == 'false' }} env: - actionref: ${{ github.action_ref }} + tag: ${{ steps.get_release_tag.outputs.tag }} PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }} PLAN_UPLOAD_S3_ENCRYPTION_ENABLED: ${{ inputs.upload-plan-destination-s3-encryption-enabled }} PLAN_UPLOAD_S3_ENCRYPTION_TYPE: ${{ inputs.upload-plan-destination-s3-encryption-type }} @@ -525,16 +554,16 @@ runs: set -euo pipefail echo "🔧 Downloading Digger CLI..." - echo "Runner OS: ${{ runner.os }}, Arch: ${{ runner.arch }}, Action Ref: ${actionref}" + echo "Runner OS: ${{ runner.os }}, Arch: ${{ runner.arch }}, Action Ref: ${tag}" if [[ ${{ inputs.ee }} == "true" ]]; then if [[ ${{ inputs.fips }} == "true" ]]; then - DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${actionref}/digger-ee-cli-${{ runner.os }}-${{ runner.arch }}-fips" + DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${tag}/digger-ee-cli-${{ runner.os }}-${{ runner.arch }}-fips" else - DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${actionref}/digger-ee-cli-${{ runner.os }}-${{ runner.arch }}" + DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${tag}/digger-ee-cli-${{ runner.os }}-${{ runner.arch }}" fi else - DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${actionref}/digger-cli-${{ runner.os }}-${{ runner.arch }}" + DOWNLOAD_URL="https://github.com/diggerhq/digger/releases/download/${tag}/digger-cli-${{ runner.os }}-${{ runner.arch }}" fi echo "Downloading from: $DOWNLOAD_URL" @@ -543,12 +572,12 @@ runs: echo "Failed to download Digger CLI from $DOWNLOAD_URL" echo "" echo "Possible reasons:" - echo "1. The release ${actionref} might not exist" + echo "1. The release ${tag} might not exist" echo "2. Binary for ${{ runner.os }}-${{ runner.arch }} might not be available" echo "3. Network connectivity issues" echo "" echo "Suggestions:" - echo "- Check if release ${actionref} exists at: https://github.com/diggerhq/digger/releases" + echo "- Check if release ${tag} exists at: https://github.com/diggerhq/digger/releases" echo "- Verify the architecture combination is supported" echo "- Try using a different release version" exit 1 @@ -574,7 +603,6 @@ runs: - name: run digger in local dev mode if: ${{ inputs.local-dev-mode == 'true' }} env: - actionref: ${{ github.action_ref }} PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }} PLAN_UPLOAD_S3_ENCRYPTION_ENABLED: ${{ inputs.upload-plan-destination-s3-encryption-enabled }} PLAN_UPLOAD_S3_ENCRYPTION_TYPE: ${{ inputs.upload-plan-destination-s3-encryption-type }}