Release #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Release' | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| future_release: | ||
| description: 'Tag for the future release (d.d.d)' | ||
| required: true | ||
| permissions: | ||
| contents: write | ||
| env: | ||
| src_branch: "dev" | ||
| dst_branch: "master" | ||
| jobs: | ||
| validate_arguments: | ||
| name: 'Validate arguments' | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: Validate source branch | ||
| run: | | ||
| if [ "${GITHUB_REF#refs/heads/}" != "${src_branch}" ]; then | ||
| echo "Invalid branch. This workflow can only be ran on ${src_branch} branch. Got ${GITHUB_REF#refs/heads/}." | ||
| exit 1 | ||
| fi | ||
| - name: Validate release version value | ||
| run: | | ||
| if ! echo ${{ github.event.inputs.future_release }} | grep -E '^([0-9]{1,3}\.){2}[0-9]{1,3}$'; then | ||
| echo "Future release should be in the format of x.y.z where x, y & z are all numbers" | ||
| exit 1 | ||
| fi | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| ref: ${{ env.src_branch }} | ||
| - name: Validate tag availability | ||
| run: | | ||
| ! git rev-parse ${{ github.event.inputs.future_release }} | ||
| - name: Check source branch is "fast-forward" mergale | ||
| run: | | ||
| git merge-base --is-ancestor origin/${dst_branch} ${src_branch} | ||
| update_versions: | ||
| name: 'Update versions in examples and READMEs' | ||
| needs: validate_arguments | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| ref: ${{ env.src_branch }} | ||
| token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} | ||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_wrapper: false | ||
| terraform_version: ~1.7.0 | ||
| - name: Format version for zip file name | ||
| run: | | ||
| version="${{ github.event.inputs.future_release }}" | ||
| formatted_version=${version//./_} | ||
| echo "FORMATTED_VERSION=$formatted_version" >> $GITHUB_OUTPUT | ||
| id: format-version | ||
| - name: Update modules' versions in examples | ||
| run: | | ||
| find ./examples/ -type f -exec sed -i 's;.*latest release tag.*;version="'${{ github.event.inputs.future_release }}'" # latest release tag;' {} \; | ||
| - name: Update READMEs | ||
| run: | | ||
| echo "Formatted version: ${{ steps.format-version.outputs.FORMATTED_VERSION }}" | ||
| find . -type f -name 'README.md' -exec sed -E -i 's;github.com/imperva/dsfkit/tree/([0-9]*\.){2}[0-9]*;github.com/imperva/dsfkit/tree/'${{ github.event.inputs.future_release }}';g' {} \; | ||
| find . -type f -name 'README.md' -exec sed -E -i 's;github.com/imperva/dsfkit/blob/([0-9]*\.){2}[0-9]*;github.com/imperva/dsfkit/blob/'${{ github.event.inputs.future_release }}';g' {} \; | ||
| find . -type f -name 'README.md' -exec sed -E -i 's;github.com/imperva/dsfkit/raw/([0-9]*\.){2}[0-9]*;github.com/imperva/dsfkit/raw/'${{ github.event.inputs.future_release }}';g' {} \; | ||
| find . -type f -name 'README.md' -exec sed -E -i '/\/examples\// s;([0-9]+_){2}[0-9]+\.zip;${{ steps.format-version.outputs.FORMATTED_VERSION }}\.zip;g' {} \; | ||
| - name: Update installer machine link | ||
| run: | | ||
| sed -E -i 's;github.com/imperva/dsfkit/blob/([0-9]*\.){2}[0-9]*/installer_machine;github.com/imperva/dsfkit/blob/'${{ github.event.inputs.future_release }}'/installer_machine;g' ./README.md | ||
| - name: Run terraform linter | ||
| run: | | ||
| terraform fmt -recursive | ||
| - name: Zip per examples, remove old version zip | ||
| run: | | ||
| for d in $(find ./examples -type d -links 2); do | ||
| _d=$(dirname ${d}) | ||
| _b=$(basename ${d}) | ||
| pushd $_d | ||
| rm ${_b}/*.zip | ||
| mv ${_b} ${_b}_${{ steps.format-version.outputs.FORMATTED_VERSION }} | ||
| zip -FSr ${_b}_${{ steps.format-version.outputs.FORMATTED_VERSION }}/${_b}_${{ steps.format-version.outputs.FORMATTED_VERSION }}.zip ${_b}_${{ steps.format-version.outputs.FORMATTED_VERSION }} | ||
| mv ${_b}_${{ steps.format-version.outputs.FORMATTED_VERSION }} ${_b} | ||
| popd | ||
| done | ||
| - name: Zip Sonar python upgrader, remove old version zip | ||
| run: | | ||
| rm modules/sonar_python_upgrader_*.zip | ||
| pushd modules/aws/sonar-upgrader | ||
| mv python_upgrader sonar_python_upgrader_${{ steps.format-version.outputs.FORMATTED_VERSION }} | ||
| zip -FSr ../../sonar_python_upgrader_${{ steps.format-version.outputs.FORMATTED_VERSION }}.zip sonar_python_upgrader_${{ steps.format-version.outputs.FORMATTED_VERSION }} | ||
| mv sonar_python_upgrader_${{ steps.format-version.outputs.FORMATTED_VERSION }} python_upgrader | ||
| popd | ||
| - name: Commit changes to git repo | ||
| uses: stefanzweifel/git-auto-commit-action@v4 | ||
| with: | ||
| commit_message: Automatic commit before release [release=${{ github.event.inputs.future_release }}] | [skip actions] | ||
| merge: | ||
| name: 'Merge' | ||
| needs: update_versions | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| ref: ${{ env.dst_branch }} | ||
| token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} | ||
| - name: Merge | ||
| run: | | ||
| git merge origin/${src_branch} --ff-only | ||
| git push | ||
| tag_branch: | ||
| needs: merge | ||
| name: 'Tag release' | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| ref: ${{ env.dst_branch }} | ||
| - name: tag | ||
| run: | | ||
| git tag ${{ github.event.inputs.future_release }} ${{ env.dst_branch }} | ||
| git push origin ${{ github.event.inputs.future_release }} | ||
| deploy_modules: | ||
| needs: tag_branch | ||
| uses: ./.github/workflows/deploy_module.yml | ||
| secrets: | ||
| PUSH_TO_OTHER_REPOS_TOKEN_ADMIN: ${{ secrets.PUSH_TO_OTHER_REPOS_TOKEN_ADMIN }} | ||
| test_plan: | ||
| needs: deploy_modules | ||
| uses: ./.github/workflows/plan_cli.yml | ||
| with: | ||
| use_modules_from_terraform_registry: true | ||
| explicit_ref: master | ||
| secrets: | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| AWS_ACCESS_KEY_ID_STAGE: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} | ||
| AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} | ||
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | ||
| DAM_LICENSE: ${{ secrets.DAM_LICENSE }} | ||
| release: | ||
| needs: test_plan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| ref: ${{ env.dst_branch }} | ||
| - name: Release | ||
| run: | | ||
| gh release create ${{ github.event.inputs.future_release }} --verify-tag --latest --generate-notes | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| test_apply: | ||
| needs: release | ||
| uses: ./.github/workflows/sonar_poc_cli.yml | ||
| with: | ||
| use_modules_from_terraform_registry: true | ||
| explicit_ref: master | ||
| secrets: | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }} | ||
|
Check failure on line 219 in .github/workflows/release.yml
|
||
