Skip to content
Post-Merge CI Pipeline

[gha] Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 … #552

Sign in to view logs

[gha] Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 …

[gha] Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 … #552

Workflow file for this run

.github/workflows/post-merge.yml at 9f945b2
---
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
name: Post-Merge CI Pipeline
on:
push:
branches:
- main
- release-*
workflow_dispatch:
permissions:
contents: read
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
pre-checks:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }}
manifest: ${{ contains(steps.check-files.outputs.changed_files, 'ena-manifest.yaml') }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: "Discover Changed Subfolders"
id: discover-changes
uses: open-edge-platform/orch-ci/discover-changed-subfolders@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
- name: "Filter Out Unwanted Changed Subfolders"
id: filter-changes
env:
changed_projects: ${{ steps.discover-changes.outputs.changed_projects }}
run: |
folders_to_remove='[".github",".reuse","LICENSES"]'
filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))')
echo "filtered_projects=${filtered_projects}" >> ${GITHUB_OUTPUT}
- name: Discover Changed Files
id: check-files
uses: open-edge-platform/orch-ci/discover-changed-files@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
with:
project_folder: "."
post-merge-pipeline:
permissions:
contents: read
id-token: write
security-events: write
actions: read
needs: pre-checks
if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' && needs.pre-checks.outputs.filtered_projects != '[""]' }}
strategy:
fail-fast: false
matrix:
# runner_version: [ubuntu-24.04, ubuntu-22.04]
project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }}
uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
with:
# runner_version: ${{ matrix.runner_version }}
runs_on: ubuntu-22.04
run_build: true
run_lint: true
run_test: true
run_package_build: true
run_deb_push: true
run_version_tag: true
run_version_dev: true
prefix_tag_separator: "/"
project_folder: ${{ matrix.project_folder }}
remove_cache_go: true
cache_go: true
bootstrap_tools: "all,golangci-lint2"
secrets:
SYS_EMF_GH_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }}
NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
MSTEAMS_WEBHOOK: ${{ secrets.TEAMS_WEBHOOK }}
push-manifest:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
needs:
- pre-checks
- post-merge-pipeline
if: ${{ always() && needs.pre-checks.outputs.manifest == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0 # Fetch all history, WO sporadic issue with missing tags
fetch-tags: true # Fetch tags
ref: ${{ github.head_ref }} # Checkout the branch that triggered the workflow to avoid detached HEAD
persist-credentials: false
- name: Checkout action repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: open-edge-platform/orch-ci
path: ci
token: ${{ secrets.SYS_EMF_GH_TOKEN }}
persist-credentials: false
- name: Setup CI environment
uses: open-edge-platform/orch-ci/.github/actions/bootstrap@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
with:
gh_token: ${{ secrets.SYS_EMF_GH_TOKEN }}
bootstrap_tools: "yq,aws,oras"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
aws-region: us-west-2
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2
with:
registries: "080137407410"
- name: Push manifest
shell: bash
env:
REGISTRY: 080137407410.dkr.ecr.us-west-2.amazonaws.com
REPOSITORY: edge-orch/en/files/ena-manifest
MANIFEST: ena-manifest.yaml
run: |
version=$(yq '.metadata.release' ${MANIFEST})
if [[ "$version" =~ .*-dev ]]; then
version=${version}-$(git rev-parse --short HEAD)
yq -i ".metadata.release = \"${version}\"" ${MANIFEST}
fi
aws ecr create-repository --region us-west-2 --repository-name ${REPOSITORY} || true
oras push --artifact-type application/vnd.intel.orch.en \
${REGISTRY}/${REPOSITORY}:${GITHUB_REF_NAME},${version} ${MANIFEST}
- name: Tag new manifest version
env:
GITHUB_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }}
run: |
./common/ci_scripts/manifest-versioning.sh tag
collect-versions:
permissions:
contents: read
runs-on: ubuntu-latest
needs:
- pre-checks
- post-merge-pipeline
- push-manifest
outputs:
manifest_version: ${{ steps.manifest-version.outputs.version }}
if: ${{ always() && needs.pre-checks.outputs.manifest == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0 # Fetch all history, WO sporadic issue with missing tags
fetch-tags: true # Fetch tags
ref: ${{ github.head_ref }} # Checkout the branch that triggered the workflow to avoid detached HEAD
persist-credentials: false
- name: Setup CI environment
uses: open-edge-platform/orch-ci/.github/actions/bootstrap@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
with:
gh_token: ${{ secrets.SYS_EMF_GH_TOKEN }}
bootstrap_tools: "base,yq"
- name: Get manifest version
id: manifest-version
shell: bash
run: |
echo "version=$(yq '.metadata.release' ena-manifest.yaml)" >> ${GITHUB_OUTPUT}
update-manifest-emf:
permissions:
contents: read
runs-on: ubuntu-latest
needs:
- pre-checks
- post-merge-pipeline
- push-manifest
- collect-versions
if: ${{ always() && needs.pre-checks.outputs.manifest == 'true' }}
steps:
- name: Checkout EMF repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: open-edge-platform/edge-manageability-framework
path: edge-manageability-framework
token: ${{ secrets.SYS_EMF_GH_TOKEN }}
persist-credentials: false
- name: Setup CI environment
uses: open-edge-platform/orch-ci/.github/actions/bootstrap@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1
with:
gh_token: ${{ secrets.SYS_EMF_GH_TOKEN }}
bootstrap_tools: "base"
- name: Set up Git identity
shell: bash
run: |
git config --global user.name "GitHub Bot"
git config --global user.email "github-bot@intel.com"
- name: Update manifest version in chart
shell: bash
working-directory: edge-manageability-framework
env:
manifest_version: ${{ needs.collect-versions.outputs.manifest_version }}
run: |
if [[ $(echo "${manifest_version}" | grep 'dev') ]]; then
echo "Skipping manifest version update as no new version created"
else
sed -i "s# enAgentManifestTag: .*# enAgentManifestTag: \""${manifest_version}"\"#" argocd/applications/configs/infra-onboarding.yaml
fi
- name: Commit changes to branch and create PR
shell: bash
working-directory: edge-manageability-framework
env:
GITHUB_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }}
GH_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }}
run: |
git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
check_changed_files=$(git status -s)
if [ "${check_changed_files}" != "" ]; then
current_date=$(date +%d-%m-%Y-%H%M%S)
branch_name="update-manifest-version-${current_date}"
git checkout -b $branch_name
git add -A
git commit -m "Update edge node manifest version to latest"
git push origin $branch_name
gh pr create --title "Update edge node manifest version to latest" --body "Bumping edge node manifest version to latest iteration" --base main --head $branch_name
fi