-
Notifications
You must be signed in to change notification settings - Fork 98
92 lines (82 loc) · 3.36 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: release
on:
workflow_dispatch:
release:
types: [ published ]
jobs:
terraform-provider-release:
name: 'Terraform Provider Release'
uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/community.yml@v5
secrets:
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-private-key-passphrase: ${{ secrets.PASSPHRASE }}
with:
setup-go-version-file: 'go.mod'
verify-publications:
needs: terraform-provider-release
runs-on: ubuntu-latest
name: Verifying TF Registry Publications
strategy:
matrix:
registry:
- "https://registry.opentofu.org/v1"
- "https://registry.terraform.io/v1"
steps:
- uses: actions/checkout@v4
- uses: actions/github-script@v7
env:
REGISTRY: ${{ matrix.registry }}
with:
script: |
async function verifyPublication(targetVersion, registry) {
const url = `${registry}/providers/linode/linode/versions`;
const response = await fetch(url);
if (!response.ok) {
console.log(`Error response status: ${response.status}`);
}
const json = await response.json();
return json.versions.find((v) => v.version == targetVersion) != null;
}
let prefix = "refs/tags/v";
if (!context.ref.startsWith(prefix)) {
throw new Error(`Invalid ref: ${context.ref}`);
}
const TARGET_VERSION = context.ref.slice(prefix.length);
const REGISTRY = process.env.REGISTRY;
// 1 retry request per minute, 3 hours in total
const REGISTRY_POLL_RETRIES = ${{ vars.REGISTRY_POLL_RETRIES }};
const REGISTRY_POLL_INTERVAL = ${{ vars.REGISTRY_POLL_INTERVAL }};
console.log(`Verifying publication of v${TARGET_VERSION} on ${REGISTRY}`);
let found = false;
let count = 0;
while (!found && count < REGISTRY_POLL_RETRIES) {
count++;
found = await verifyPublication(TARGET_VERSION, REGISTRY);
if (found) {
break;
}
console.log(
`Publication of v${TARGET_VERSION} on ${REGISTRY} isn't found, retrying in ${REGISTRY_POLL_INTERVAL} ms...`
);
await new Promise((r) => setTimeout(r, REGISTRY_POLL_INTERVAL));
}
if (found) {
console.log(
`Verified that Linode Provider v${TARGET_VERSION} has been successfully published on ${REGISTRY}.`
);
} else {
throw new Error(
`Timeout waiting for Linode Provider v${TARGET_VERSION} publication on ${REGISTRY}`
);
}