Skip to content
Trigger provider release

Trigger provider release #247

Sign in to view logs

Trigger provider release

Trigger provider release #247

Workflow file for this run

.github/workflows/release-providers.yml at d997460
name: Trigger provider release
on:
release:
types: [published]
workflow_dispatch:
inputs:
providers:
description: 'Space-separated provider paths (e.g. "providers/gcp providers/aws")'
required: false
default: "providers/*/"
permissions:
contents: read
jobs:
release-providers:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
# https://github.com/peter-evans/create-pull-request/issues/48
# https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-using-ssh-deploy-keys
# tl;dr:
# The GITHUB_TOKEN is limited when creating PRs from a workflow
# becasue of that we use a ssh key for which the limitations do not apply
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ssh-key: ${{ secrets.CNQUERY_DEPLOY_KEY_PRIV }}
fetch-depth: 0
- name: Import environment variables from file
run: cat ".github/env" >> $GITHUB_ENV
- name: Install Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ">=${{ env.golang-version }}"
cache: false
- name: Install Protoc
uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.protoc-version }}
- name: Validate provider paths
id: validate
env:
PROVIDERS_INPUT: ${{ inputs.providers || 'providers/*/' }}
run: |
# Ensure each entry matches providers/<name> or providers/<name>/
for p in $PROVIDERS_INPUT; do
if ! [[ "$p" =~ ^providers/[a-zA-Z0-9*_-]+/?$ ]]; then
echo "::error::Invalid provider path: '$p'. Must match providers/<name>/"
exit 1
fi
done
echo "PROVIDERS=$PROVIDERS_INPUT" >> "$GITHUB_OUTPUT"
- name: Update provider versions
id: update-providers
run: |
go run providers-sdk/v1/util/version/version.go update \
${{ steps.validate.outputs.PROVIDERS }} \
--increment=patch --output=.version-output
- name: Prepare title and branch name
id: branch
run: |
if [ -f .version-output/title.txt ]; then
COMMIT_TITLE=$(cat .version-output/title.txt)
else
echo "No providers updated, skipping PR creation"
echo "SKIP=true" >> $GITHUB_OUTPUT
exit 0
fi
BRANCH_NAME="version/providers_update_$(date +%Y%m%d_%H%M)"
echo "COMMIT_TITLE=${COMMIT_TITLE}" >> $GITHUB_OUTPUT
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT
# We have to use this extension, because `gh pr create` does not support the ssh key case
- name: Create pull request
if: ${{ steps.branch.outputs.SKIP != 'true' }}
id: cpr
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
base: main
labels: providers
committer: "Mondoo Tools <tools@mondoo.com>"
author: "Mondoo Tools <tools@mondoo.com>"
commit-message: ${{ steps.branch.outputs.COMMIT_TITLE }}
title: ${{ steps.branch.outputs.COMMIT_TITLE }}
branch: ${{ steps.branch.outputs.BRANCH_NAME }}
body-path: .version-output/body.md
- name: PR infos
if: ${{ steps.branch.outputs.SKIP != 'true' && steps.cpr.outputs.pull-request-number }}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
- name: Send Slack notification
if: ${{ steps.branch.outputs.SKIP != 'true' && steps.cpr.outputs.pull-request-number }}
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
with:
method: chat.postMessage
token: ${{ secrets.SLACK_BOT_TOKEN }}
payload: |
{
"channel": "C07QZDJFF89",
"text": "✨ Provider release PR created",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":rocket: *Provider release PR created*: <${{ steps.cpr.outputs.pull-request-url }}|${{ steps.branch.outputs.COMMIT_TITLE }}>\nThis PR is ready for review."
}
}
]
}