Skip to content

Commit

Permalink
Added .github files
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctyano
ctyano committed Nov 12, 2024
1 parent c862f0b commit 80604ed
Show file tree
Hide file tree
Showing 5 changed files with 493 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/pull_request_template.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
## Type of changes

Choose one of the below, or leave them empty:

- [ ] New feature proposal
- [ ] Bug fix
- [ ] Minor improvements
- [ ] Refactoring (no functional changes)
- [ ] Non-code changes (updating documentation, workflows, etc.)

144 changes: 144 additions & 0 deletions .github/workflows/check-remote.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
name: Check remote repositories and create corresponding tag

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
# If any commit message in your push or the HEAD commit of your PR contains the strings
# [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
# workflows triggered on the push or pull_request events will be skipped.
# https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
schedule:
- cron: '0 21 * * *' # Friday 21:00 UTC, Saturday 06:00 JST
workflow_dispatch:

env:
DOCKER_REGISTRY_URL: ghcr.io
TARGET_TAG: ""
SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa
GIT_SUBMODULE_URL: https://github.com/openpolicyagent/opa.git
GIT_SUBMODULE_PATH: opa

jobs:
build:

runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: write
checks: none
contents: write
deployments: none
issues: none
discussions: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none

steps:
# A GitHub Action to expose useful environment variables.
# https://github.com/FranzDiebold/github-env-vars-action
-
name: GitHub Environment Variables Action
id: env
# uses: https://github.com/FranzDiebold/github-env-vars-action/tags
uses: FranzDiebold/github-env-vars-action@v2

# A GitHub Action to check remote repositories
-
name: Check remote repositories
id: check
if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
run: |
# Get latest release tag with:
# curl -s https://api.github.com/repos/AthenZ/athenz/releases \
# | jq -r .[].tag_name \
# | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
# | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
# | head -n1
if [[ "${{ env.CI_REF }}" == "refs/tags/"* ]] && [[ "$(basename ${{ env.CI_REF }})" =~ ^v?([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z]+)?(\.[0-9]+)?$ ]]; then
PACKAGE_VERSION="$(git tag --points-at HEAD | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g')"
TAG_VERSION="$(git tag --points-at HEAD | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g')"
else
PACKAGE_VERSION="$( \
curl -s https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \
| jq -r .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
TAG_VERSION="$( \
curl -s https://api.github.com/repos/${{ env.SOURCE_GITHUB_REPOSITORY }}/releases \
| jq -r .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
fi
CURRENT_VERSION="$( \
curl -s https://api.github.com/repos/${{ env.CI_REPOSITORY_OWNER }}/${{ env.CI_REPOSITORY_NAME }}/releases \
| jq -r .[].tag_name \
| grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \
| sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \
| sort -ru \
| head -n1 \
)"
printf "VERSION=${PACKAGE_VERSION}\n" >> $GITHUB_ENV
printf "TAG_VERSION=${TAG_VERSION}\n" >> $GITHUB_ENV
printf "CURRENT_VERSION=${CURRENT_VERSION}\n" >> $GITHUB_ENV
# A GitHub Action to update submodule and commit
-
name: Update submodule and commit
id: update
if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
run: |
set -x
git config advice.addIgnoredFile false
git submodule add -f ${{ env.GIT_SUBMODULE_URL }} ${{ env.GIT_SUBMODULE_PATH }}
cd ${{ env.GIT_SUBMODULE_PATH }} && git fetch --refetch --tags ${{ env.GIT_SUBMODULE_URL }} && git checkout ${{ env.TAG_VERSION }}
cd ${GITHUB_WORKSPACE}
git config --global user.name "github-actions"
git config --global user.email "[email protected]"
git add -f ${{ env.GIT_SUBMODULE_PATH }}
git commit -m "Updated ${{ env.GIT_SUBMODULE_PATH }} to ${{ env.TAG_VERSION }}" || true
# A GitHub Action to create git tags
#
# Using the GITHUB_TOKEN in a workflow
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
# This prevents you from accidentally creating recursive workflow runs.
# For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
-
name: Create git tag
id: tag
if: ${{ env.CURRENT_VERSION != '' && env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
git tag -f ${{ env.TAG_VERSION }}
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}
git push -f origin tag ${{ env.TAG_VERSION }}
# A GitHub Action to dispatch event
# https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event
-
name: Trigger Workflows
if: ${{ env.CURRENT_VERSION != '' && env.VERSION != '' && env.VERSION != env.CURRENT_VERSION }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
curl --fail -X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/trigger-workflows.yaml/dispatches \
-d "{\"ref\":\"${{ env.TAG_VERSION }}\",\"inputs\":{\"target_version\":\"${{ env.VERSION }}\",\"current_version\":\"${{ env.CURRENT_VERSION }}\"}}"
137 changes: 137 additions & 0 deletions .github/workflows/github-releases.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
name: Create Github Releases with Packages

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
# If any commit message in your push or the HEAD commit of your PR contains the strings
# [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
# workflows triggered on the push or pull_request events will be skipped.
# https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
workflow_call:
pull_request:
branches:
- main

env:
SOURCE_GITHUB_REPOSITORY: open-policy-agent/opa

jobs:
build:

runs-on: ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: none
checks: none
contents: write
deployments: none
issues: none
discussions: none
packages: read
pull-requests: none
repository-projects: none
security-events: none
statuses: none

steps:
# A GitHub Action to expose useful environment variables.
# https://github.com/FranzDiebold/github-env-vars-action
-
name: GitHub Environment Variables Action
id: env
# uses: https://github.com/FranzDiebold/github-env-vars-action/tags
uses: FranzDiebold/github-env-vars-action@v2

# This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
# https://github.com/actions/checkout
-
name: Checkout repository
id: checkout
# You may pin to the exact commit or the version.
# uses: https://github.com/actions/checkout/tags
uses: actions/checkout@v4
with:
submodules: recursive

# GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow.
# Open Policy Agent (OPA) is an open source, general-purpose policy engine.
# https://github.com/open-policy-agent/setup-opa
-
name: Setup OPA with latest version
id: setup-opa-latest
if: ${{ github.event.inputs.target_version == '' }}
# uses: https://github.com/open-policy-agent/setup-opa/tags
uses: open-policy-agent/setup-opa@v2
with:
version: latest

# GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflow.
# Open Policy Agent (OPA) is an open source, general-purpose policy engine.
# https://github.com/open-policy-agent/setup-opa
-
name: Setup OPA with specific version
id: setup-opa-version
if: ${{ github.event.inputs.target_version != '' }}
# uses: https://github.com/open-policy-agent/setup-opa/tags
uses: open-policy-agent/setup-opa@v2
with:
version: ${{ github.event.inputs.target_version }}

# A GitHub Action to Create Open Policy Agent Bundle
# https://nfpm.goreleaser.com/install/#go-install
-
name: Build Open Policy Agent Bundle
id: opa-build
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
run: |
set -x
OPA_BUILD_MESSAGE=$(opa build -b policy/ -o bundle.tar.gz --debug 2>&1)
printf "OPA_BUILD_MESSAGE=${OPA_BUILD_MESSAGE}\n" >> $GITHUB_ENV
test -f ./bundle.tar.gz
# A GitHub Action to create GitHub Release
# https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
-
name: Create GitHub Release
id: create_release
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
tag=v${{ github.event.inputs.target_version }}
body=$(curl -s https://api.github.com/repos/${SOURCE_GITHUB_REPOSITORY}/releases | jq -r ".[] | select(.tag_name == \"$tag\") | \"# [\"+.name+\"](\"+.html_url+\")${{ env.OPA_BUILD_MESSAGE }}\"")
curl \
-XPOST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
"https://api.github.com/repos/${CI_REPOSITORY}/releases" \
-d "{\"tag_name\":\"$tag\",\"name\":\"Release $tag\",\"body\":\"$body\",\"draft\":false,\"prerelease\":false}"
# A GitHub Action to upload release assets
# https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset
-
name: Upload GitHub Release Assets
id: upload_release_assets
if: ${{ github.event_name != 'pull_request' && github.event.inputs.target_version != '' && github.event.inputs.target_version != github.event.inputs.current_version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
tag=v${{ github.event.inputs.target_version }}
release_id=$(curl \
-XGET \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
"https://api.github.com/repos/${CI_REPOSITORY}/releases/tags/$tag" \
| jq '.id')
curl \
-XPOST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Content-Type: $(file --mime-type -b ./bundle.tar.gz)" \
--data-binary @./bundle.tar.gz \
"https://uploads.github.com/repos/${CI_REPOSITORY}/releases/$release_id/assets?name=$(basename ./bundle.tar.gz)"
Expand Down
Loading

0 comments on commit 80604ed

Please sign in to comment.