-
Notifications
You must be signed in to change notification settings - Fork 17
144 lines (137 loc) · 4.17 KB
/
_publish_release.yml
File metadata and controls
144 lines (137 loc) · 4.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: _publish_release
permissions:
actions: read
on:
workflow_call:
secrets:
app-id:
app-key:
gpg-key:
gpg-password:
inputs:
artifact-workflows:
type: string
required: true
artifacts:
type: boolean
default: false
committer-email:
required: true
type: string
committer-name:
required: true
type: string
dry-run:
default: false
type: boolean
event:
default: ${{ github.event.workflow_run.event }}
type: string
fail-if-exists:
default: false
type: boolean
filter-artifacts:
default: .
type: string
name:
required: true
type: string
prepare-dev:
required: false
type: string
repository:
default: ${{ github.repository }}
type: string
sha:
default: ${{ github.event.workflow_run.head_sha }}
type: string
template-artifacts:
type: string
default: |
\($name)-{artifacts,source}*
title:
default: ${{ github.event.workflow_run.head_commit.message }}
type: string
version:
default:
type: string
version-file:
required: true
type: string
workflows:
type: string
required: true
jobs:
release:
permissions:
actions: read
name: release (${{ inputs.name }})
runs-on: ubuntu-24.04
steps:
- uses: envoyproxy/toolshed/actions/appauth@5e0c5734ee7fc8a30629bd3f54fc910f92285bbe
id: appauth
name: Appauth
if: >-
inputs.event == 'push'
&& ! inputs.dry-run
with:
app_id: ${{ secrets.app-id }}
key: ${{ secrets.app-key }}
- id: checkout
name: Checkout the repository
uses: envoyproxy/toolshed/actions/github/checkout@5e0c5734ee7fc8a30629bd3f54fc910f92285bbe
with:
branch: main
committer-name: ${{ inputs.committer-name }}
committer-email: ${{ inputs.committer-email }}
config: |
ref: ${{ inputs.sha }}
pr: ${{ inputs.event == 'pull_request' && github.event.pull_request.number || '' }}
token: ${{ steps.appauth.outputs.token }}
- if: inputs.dry-run
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: temprepo
- if: inputs.dry-run
run: |
cp -a temprepo/.github/workflows/prepare_bazel_dev.sh .github/workflows
rm -rf temprepo
- name: Initialize GPG
id: gpg
if: >-
inputs.artifacts
uses: envoyproxy/toolshed/actions/gpg@5e0c5734ee7fc8a30629bd3f54fc910f92285bbe
with:
gpg-key: ${{ ! inputs.dry-run && secrets.gpg-key || '' }}
gpg-password: ${{ ! inputs.dry-run && secrets.gpg-password || '' }}
- name: Release title (eg commit message)
id: title
uses: envoyproxy/toolshed/actions/jq@5e0c5734ee7fc8a30629bd3f54fc910f92285bbe
with:
options: -sRr
input: |
${{ inputs.title }}
filter: |
split("\n") | first
- name: Publish the release
uses: envoyproxy/toolshed/actions/github/release@5e0c5734ee7fc8a30629bd3f54fc910f92285bbe
with:
artifact-workflows: ${{ inputs.artifact-workflows }}
artifacts: ${{ inputs.artifacts }}
dry-run: ${{ inputs.dry-run }}
event: ${{ inputs.event }}
fail-if-exists: ${{ inputs.fail-if-exists }}
filter-artifacts: ${{ inputs.filter-artifacts }}
gpg-fingerprint: ${{ steps.gpg.outputs.fingerprint }}
gpg-passphrase: ${{ steps.gpg.outputs.passphrase }}
name: ${{ inputs.name }}
prepare-dev: ${{ inputs.prepare-dev && format('{0}/{1}', github.workspace, inputs.prepare-dev) || '' }}
repository: ${{ inputs.repository }}
sha: ${{ inputs.sha }}
summary: true
template-artifacts: ${{ inputs.template-artifacts }}
title: ${{ steps.title.outputs.value }}
token: ${{ steps.appauth.outputs.token || github.token }}
version: ${{ inputs.version }}
version-file: ${{ inputs.version-file }}
workflows: ${{ inputs.workflows }}