gh-workflows/.github/workflows/just.yml at main · hotosm/gh-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: Just

on:
  workflow_call:
    inputs:
      environment:
        description: "The Github environment to use for variables."
        required: true
        type: string
      example_env_file_path:
        description: "Path to example dotenv file to substitute variables for."
        type: string
        default: .env.example
      command:
        description: "The Just command to run (defined in Justfile)."
        required: true
        type: string

jobs:
  just:
    runs-on: ubuntu-latest

    environment:
      name: ${{ inputs.environment }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Just
        uses: extractions/setup-just@v2
        with:
          just-version: 1.40.0

      # Extract repo vars/secrets into environment variables for the next step
      # NOTE it may look like secrets are exposed, but they are hidden in the GUI
      - name: Vars and Secrets to Env
        env:
          TAG_OVERRIDE: ${{ env.TAG_OVERRIDE || 'ci-dev' }}
          GIT_BRANCH: ${{ github.ref_name }}
          VARS_CONTEXT: ${{ toJson(vars) }}
          SECRETS_CONTEXT: ${{ toJson(secrets) }}
        run: |
          # Random delimeter string for security
          delim=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)

          # Parse JSON with multiline strings, using delimeter (Github specific)
          to_envs() { jq -r "to_entries[] | \"\(.key)<<$delim\n\(.value)\n$delim\n\""; }

          # Set vars to env for next step
          echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV
          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> $GITHUB_ENV

          # Set VARS_CONTEXT if not null
          if [ "${VARS_CONTEXT}" != "null" ]; then
            echo "${VARS_CONTEXT}" | to_envs >> $GITHUB_ENV
          fi

          # Set SECRETS_CONTEXT if not null
          if [ "${SECRETS_CONTEXT}" != "null" ]; then
            echo "${SECRETS_CONTEXT}" | to_envs >> $GITHUB_ENV
          fi

      # From generated environment variables, create a `.env` file in repo root
      # If a .env.example exists, the variables are substituted in from Github env
      - name: Create .env file
        env:
          EXAMPLE_DOTENV: ${{ inputs.example_env_file_path }}
        run: |
          echo "Checking if ${EXAMPLE_DOTENV} exists"
          if [ -f ${EXAMPLE_DOTENV} ]; then
            # Get a8m/envsubst (required for default vals syntax ${VAR:-default})
            echo "Downloading envsubst"
            curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
            if [ $? -ne 0 ]; then
                echo "Failed to download envsubst"
                exit 1
            fi
            chmod +x envsubst
            echo "Substituting variables from ${EXAMPLE_DOTENV} --> .env"
            ./envsubst < "${EXAMPLE_DOTENV}" > .env
          else
            echo "${EXAMPLE_DOTENV} not found, creating empty .env"
            touch .env
          fi

          echo "GIT_BRANCH=${GIT_BRANCH}" >> .env
          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> .env

      - name: Run Command
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: just ${{ inputs.command }}