-
Notifications
You must be signed in to change notification settings - Fork 0
146 lines (128 loc) · 5.66 KB
/
publish-action-repo.yml
File metadata and controls
146 lines (128 loc) · 5.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Publish GitHub Action Repository
on:
release:
types: [published, edited]
workflow_dispatch:
inputs:
release_tag:
description: "Release tag to publish from the source repository"
required: false
default: ""
action_repository:
description: "Dedicated public repository that hosts the Marketplace action"
required: false
default: "hashgraph-online/hol-codex-plugin-scanner-action"
create_repository:
description: "Create the dedicated action repository if it does not exist"
required: false
default: true
type: boolean
permissions:
contents: read
concurrency:
group: codex-plugin-scanner-action-publish-${{ github.event.release.tag_name || inputs.release_tag || github.ref }}
cancel-in-progress: false
jobs:
publish-action-repo:
name: Publish GitHub Action Repository
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.ACTION_REPO_TOKEN }}
ACTION_REPOSITORY: ${{ inputs.action_repository != '' && inputs.action_repository || vars.ACTION_REPOSITORY != '' && vars.ACTION_REPOSITORY || 'hashgraph-online/hol-codex-plugin-scanner-action' }}
RELEASE_TAG: ${{ github.event.release.tag_name || inputs.release_tag }}
CREATE_REPOSITORY: ${{ github.event_name == 'workflow_dispatch' && (inputs.create_repository && 'true' || 'false') || 'true' }}
PUBLISH_IMMUTABLE_RELEASE: ${{ github.event_name == 'release' || inputs.release_tag != '' }}
SOURCE_REF: ${{ github.event.release.tag_name || inputs.release_tag || github.ref_name }}
SOURCE_REPOSITORY: ${{ github.repository }}
SOURCE_SERVER_URL: ${{ github.server_url }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: ${{ github.event.release.tag_name || inputs.release_tag || github.ref }}
fetch-depth: 0
- name: Validate publication credentials
run: |
if [ -z "${GH_TOKEN}" ]; then
echo "ACTION_REPO_TOKEN is required to publish the GitHub Action repository." >&2
exit 1
fi
- name: Resolve version
id: version
run: |
TAG="${RELEASE_TAG}"
if [ -z "${TAG}" ]; then
TAG=$(python3 -c "import tomllib; p=tomllib.load(open('pyproject.toml','rb')); print('v' + p['project']['version'])")
fi
VERSION="${TAG#v}"
echo "tag=${TAG}" >> "${GITHUB_OUTPUT}"
echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"
- name: Ensure action repository exists
run: |
if gh repo view "${ACTION_REPOSITORY}" >/dev/null 2>&1; then
exit 0
fi
if [ "${CREATE_REPOSITORY}" != "true" ]; then
echo "Action repository ${ACTION_REPOSITORY} does not exist and automatic creation is disabled." >&2
exit 1
fi
gh repo create "${ACTION_REPOSITORY}" \
--public \
--description "HOL Codex Plugin Scanner GitHub Action" \
--homepage "${SOURCE_SERVER_URL}/${SOURCE_REPOSITORY}" \
--disable-wiki
- name: Sync action repository contents
run: |
VERSION="${{ steps.version.outputs.version }}"
TAG="${{ steps.version.outputs.tag }}"
WORKDIR="${RUNNER_TEMP}/action-repository"
git clone "https://x-access-token:${GH_TOKEN}@github.com/${ACTION_REPOSITORY}.git" "${WORKDIR}"
cd "${WORKDIR}"
if git ls-remote --exit-code origin refs/heads/main >/dev/null 2>&1; then
git fetch origin main
git switch -C main origin/main
else
git switch --orphan main
fi
find . -mindepth 1 -maxdepth 1 ! -name '.git' -exec rm -rf {} +
cp "${GITHUB_WORKSPACE}/action/action.yml" action.yml
cp "${GITHUB_WORKSPACE}/action/README.md" README.md
cp "${GITHUB_WORKSPACE}/LICENSE" LICENSE
cp "${GITHUB_WORKSPACE}/SECURITY.md" SECURITY.md
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add action.yml README.md LICENSE SECURITY.md
HAS_HEAD=true
git rev-parse --verify HEAD >/dev/null 2>&1 || HAS_HEAD=false
if [ "${HAS_HEAD}" = "true" ] && git diff --cached --quiet; then
echo "No action repository content changes detected."
else
git commit -m "chore: publish action bundle ${TAG}"
git push origin HEAD:main
fi
git tag -f v1
git push origin refs/tags/v1 --force
if [ "${PUBLISH_IMMUTABLE_RELEASE}" = "true" ]; then
git tag -f "${TAG}"
git push origin "refs/tags/${TAG}" --force
fi
- name: Create or update action repository release
if: env.PUBLISH_IMMUTABLE_RELEASE == 'true'
run: |
VERSION="${{ steps.version.outputs.version }}"
TAG="${{ steps.version.outputs.tag }}"
if [ -n "${RELEASE_TAG}" ]; then
NOTES="Published automatically from ${SOURCE_SERVER_URL}/${SOURCE_REPOSITORY}/releases/tag/${TAG}"
else
NOTES="Published automatically from ${SOURCE_SERVER_URL}/${SOURCE_REPOSITORY}/tree/${SOURCE_REF}"
fi
if gh release view "${TAG}" --repo "${ACTION_REPOSITORY}" >/dev/null 2>&1; then
gh release edit "${TAG}" \
--repo "${ACTION_REPOSITORY}" \
--title "${TAG}" \
--notes "${NOTES}"
else
gh release create "${TAG}" \
--repo "${ACTION_REPOSITORY}" \
--title "${TAG}" \
--notes "${NOTES}"
fi