1111 type : boolean
1212 default : false
1313 createPullRequest :
14- description : ' Create pull request back into main '
14+ description : ' Create pull request back into dev-v2 '
1515 required : true
1616 type : boolean
17- default : false
18- uploadJWT :
19- description : ' Temporary JWT to publish packages to up-ap.nginx.com'
20- required : true
21- type : string
22- default : ' '
23- workflow_call :
17+ default : false
2418
2519permissions :
2620 contents : read
@@ -30,17 +24,22 @@ jobs:
3024 permissions :
3125 contents : write
3226 pull-requests : write
27+
3328 name : Update Release
3429 runs-on : ubuntu-22.04
3530 steps :
3631 - uses : actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
3732 with :
3833 fetch-depth : 0
34+
3935 - uses : actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
4036 with :
4137 go-version-file : ' go.mod'
38+
4239 - uses : actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
40+
4341 - run : npm install semver@7.6.2
42+
4443 - name : Create Draft Release
4544 uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
4645 id : release
@@ -115,30 +114,36 @@ jobs:
115114 release_upload_url: release.data.upload_url,
116115 }
117116 }
117+
118118name : Set Environment Variables
119119 run : |
120120 echo "${{steps.release.outputs.result}}"
121121 echo "VERSION=$(echo '${{steps.release.outputs.result}}' | jq -r '.version')" >> $GITHUB_ENV
122122 echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_ENV
123123 echo "RELEASE_UPLOAD_URL=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_upload_url')" >> $GITHUB_ENV
124+
124125name : Setup build environment
125126 run : |
126127 sudo apt-get update
127128 sudo apt-get install -y gpgv1 monkeysphere
128129 go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.3
130+
129131name : Tag release
130132 run : |
131133 git config --global user.name 'github-actions'
132134 git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
133135 git tag -a "v${{env.VERSION}}" -m "CI Autogenerated"
134136 git tag -a "sdk/v${{env.VERSION}}" -m "CI Autogenerated"
137+
135138name : Push Tags
136139 if : ${{ inputs.publishPackages == true }}
137140 run : |
138141 git push origin "v${{env.VERSION}}"
139142 git push origin "sdk/v${{env.VERSION}}"
143+
140144name : Set up Docker Buildx
141145 uses : docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
146+
142147 - name : Build Docker Image
143148 uses : docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
144149 with :
@@ -150,17 +155,20 @@ jobs:
150155 no-cache : true
151156 build-args : |
152157 package_type=signed-package
158+
153159name : Build Packages
154160 env :
155161 INDIGO_GPG_AGENT : ${{ secrets.INDIGO_GPG_AGENT }}
156162 NFPM_SIGNING_KEY_FILE : .key.asc
157163 run : |
158164 echo "$INDIGO_GPG_AGENT" | base64 --decode > .key.asc
159165 make clean package
166+
160167name : Azure Login
161168 uses : azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
162169 with :
163170 creds : ${{ secrets.AZURE_CREDENTIALS }}
171+
164172 - name : Azure Upload Release Packages
165173 uses : azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0
166174 with :
@@ -169,24 +177,37 @@ jobs:
169177 az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \
170178 --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/}
171179 done
180+
172181name : Azure Logout
173182 run : |
174183 az logout
175184if : always()
185+
176186 - name : Upload Release Assets
177187 env :
178188 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
179189 # clobber overwrites existing assets of the same name
180190 run : |
181191 gh release upload --clobber v${{env.VERSION}} \
182192 $(find ./build/github/packages -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.pkg" -o -name "*.apk" \))
193+
194+ name : Get Id Token
195+ if : ${{ inputs.publishPackages == true }}
196+ uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
197+ id : idtoken
198+ with :
199+ script : |
200+ let id_token = await core.getIDToken()
201+ core.setOutput('id_token', id_token)
202+
183203name : Publish Release Packages
184204 if : ${{ inputs.publishPackages == true }}
185205 env :
186- TOKEN : ${{ inputs.uploadJWT }}
187- UPLOAD_URL : " https://up-ap-tmp .nginx.com"
206+ TOKEN : ${{ steps.idtoken.outputs.id_token }}
207+ UPLOAD_URL : " https://up-ap.nginx.com"
188208 run : |
189209 make release
210+
190211name : Publish Github Release
191212 if : ${{ inputs.publishPackages == true }}
192213 uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
@@ -200,18 +221,19 @@ jobs:
200221 draft: false,
201222 }))
202223 console.log(`Release published: ${release.data.html_url}`)
224+
203225name : Create Pull Request
204226 if : ${{ inputs.publishPackages == true && inputs.createPullRequest == true}}
205227 uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
206228 with :
207229 script : |
208230 const { repo, owner } = context.repo;
209231 const result = await github.rest.pulls.create({
210- title: 'Merge ${{ github.ref_name }} back into main ',
232+ title: 'Merge ${{ github.ref_name }} back into dev-v2 ',
211233 owner,
212234 repo,
213235 head: '${{ github.ref_name }}',
214- base: 'main ',
236+ base: 'dev-v2 ',
215237 body: [
216238 'This PR is auto-generated by the release branch workflow.'
217239 ].join('\n')
0 commit comments