fix initialization of github action environment variable #546
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 🏃♀️ Continuous Integration and Delivery: Unstable | |
| # ================================================= | |
| # | |
| # Note: for this workflow to succeed, the following secrets must be installed | |
| # in the repository or inherited from the organization: | |
| # | |
| # ``ADMIN_GITHUB_TOKEN`` | |
| # A personal access token of a user with collaborator or better access to | |
| # the project repository. You can generate this by visiting GitHub → | |
| # Settings → Developer settings → Personal access tokens → Generate new | |
| # token. Give the token scopes on ``repo``, ``write:packages``, | |
| # ``delete:packages``, ``workflow``, and ``read:gpg_key``. | |
| # ``CODE_SIGNING_KEY`` | |
| # A *private* key with which we can sign artifacts. | |
| # ``OSSRH_USERNAME`` | |
| # Username for the Central Repository. | |
| # ``OSSRH_USERNAME`` | |
| # Password for the Central Repository. | |
| --- | |
| name: 🤪 Unstable integration & delivery | |
| # Driving Event | |
| # ------------- | |
| # | |
| # What event starts this workflow: a push to ``main`` (or ``master`` in old | |
| # parlance). | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| concurrency: roundup | |
| # What to Do | |
| # ---------- | |
| # | |
| # Round up, yee-haw! | |
| jobs: | |
| unstable-assembly: | |
| name: 🧩 Unstable Assembly | |
| runs-on: ubuntu-latest | |
| if: github.actor != 'pdsen-ci' | |
| steps: | |
| - | |
| name: 💳 Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| lfs: true | |
| fetch-depth: 0 | |
| token: ${{secrets.ADMIN_GITHUB_TOKEN}} | |
| - | |
| name: 💵 Maven Cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.m2/repository | |
| # The "key" used to indicate a set of cached files is the operating system runner | |
| # plus "mvn" for Maven-specific builds, plus a hash of the `pom.xml` files, which | |
| # should uniquely identify the dependent jars; plus "pds" because we pds-prefix | |
| # everything with "pds" in PDS—even when the context is obvious! 😅 | |
| key: pds-${{runner.os}}-mvn-${{hashFiles('**/pom.xml')}} | |
| # To restore a set of files, we only need to match a prefix of the saved key. | |
| restore-keys: pds-${{runner.os}}-mvn- | |
| - | |
| name: 🤠 Roundup | |
| uses: NASA-PDS/roundup-action@stable | |
| with: | |
| assembly: unstable | |
| packages: openjdk21 | |
| maven-doc-phases: package | |
| env: | |
| central_portal_username: ${{secrets.CENTRAL_REPOSITORY_USERNAME}} | |
| central_portal_token: ${{secrets.CENTRAL_REPOSITORY_TOKEN}} | |
| CODE_SIGNING_KEY: ${{secrets.CODE_SIGNING_KEY}} | |
| ADMIN_GITHUB_TOKEN: ${{secrets.ADMIN_GITHUB_TOKEN}} | |
| GITHUB_TOKEN: ${{secrets.ADMIN_GITHUB_TOKEN}} | |
| - | |
| name: 🫙 Jar File Determination | |
| id: jarrer | |
| run: echo "jar_file=$(find ./service/target/ -maxdepth 1 -regextype posix-extended -regex '.*/registry-api-service-[0-9]+\.[0-9]+\.[0-9]+(-SNAPSHOT)?\.jar')" >> $GITHUB_OUTPUT | |
| - | |
| name: 🎰 QEMU Multiple Machine Emulation | |
| uses: docker/setup-qemu-action@v4 | |
| - | |
| name: 🚢 Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| # we want to publish the docker image ""locally" to GHCR as the AWS Pull Through Cache requires authentication | |
| # and we don't have an organization account to manage read-only logins for the cache | |
| - | |
| name: 💳 GHCR Identification | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{github.actor}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| # also push the image to DockerHub because we keep providing that distribution channel. | |
| - | |
| name: 💳 Docker Hub Identification | |
| uses: docker/login-action@v4 | |
| with: | |
| username: ${{secrets.DOCKERHUB_USERNAME}} | |
| password: ${{secrets.DOCKERHUB_TOKEN}} | |
| - | |
| name: Set lowercase repo name | |
| run: echo "LOWER_GHCR_REPO=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - | |
| name: 🧱 Image Construction and Publication | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: ./ | |
| file: ./docker/Dockerfile | |
| build-args: api_jar=${{steps.jarrer.outputs.jar_file}} | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: | | |
| ghcr.io/${{env.LOWER_GHCR_REPO}}:develop | |
| ${{secrets.DOCKERHUB_USERNAME}}/registry-api-service:develop | |
| - | |
| name: ∫ Integration tests … hold onto your hats, pardners | |
| run: | | |
| git clone --quiet https://github.com/NASA-PDS/registry.git | |
| cd registry/docker/certs | |
| ./generate-certs.sh | |
| cd .. | |
| docker image pull ${{secrets.DOCKERHUB_USERNAME}}/registry-api-service:latest | |
| docker image inspect ${{secrets.DOCKERHUB_USERNAME}}/registry-api-service:latest >/dev/null | |
| docker compose \ | |
| --ansi never --profile int-registry-batch-loader --project-name registry \ | |
| up --detach --quiet-pull | |
| docker compose \ | |
| --ansi never --profile int-registry-batch-loader --project-name registry \ | |
| run --rm --no-TTY reg-api-integration-test-with-wait | |
| ... | |
| # -*- mode: yaml; indent: 4; fill-column: 120; coding: utf-8 -*- |