Skip to content

Update tag action based on new approach #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MitchellGerdisch merged 1 commit into from
Aug 4, 2025
Merged

Update tag action based on new approach #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 40 additions & 10 deletions .github/workflows/tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,29 +13,59 @@ jobs:
contents: read

runs-on: ubuntu-latest

### Set variables for the given component.
### See https://github.com/pulumi-pequod/pequod-policies/shared-github-actions/action.yml for the full list of supported inputs.
env:
# Need to manage the list of component types that this component repo provides.
# FUTURE HOPE: Deduce this by parsing the component code or, better yet, be able to get this
# via a Pulumi Cloud API after publishing.
COMPONENT_TYPES: '["cloudfront-s3-cdk:index:CloudFrontS3"]'
PULUMI_ORG: 'pequod' # The Pulumi organization to publish the component to.

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }} # Checkout the specific tag that triggered the workflow
fetch-depth: 0 # Ensures the build matches the git tag.

- name: Authenticate to Pulumi
uses: pulumi/auth-actions@v1
with:
organization: pequod
organization: ${{ env.PULUMI_ORG }}
requested-token-type: urn:pulumi:token-type:access_token:organization
scope: admin

# Determine the version to use - either the triggered tag or latest tag for manual runs
- name: Determine Component Version
id: version
run: |
if [[ "${{ github.event_name }}" == "push" ]]; then
# For tag pushes, use the tag that triggered the workflow
VERSION="${{ github.ref_name }}"
echo "Using triggered tag: $VERSION"
else
# For manual runs, get the latest tag
VERSION=$(git tag --sort=-version:refname | head -1)
echo "Manual run: Using latest tag: $VERSION"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT

# Publish if this is a tag push.
- name: Publish Component to Pulumi Org
if: github.event_name == 'push'
run: |
echo "Publishing latest component version to the pequod Pulumi org."
pulumi package publish https://github.com/${{ github.repository }} --publisher pequod
echo "Publishing latest component version to the ${{ env.PULUMI_ORG }} Pulumi org."
pulumi package publish https://github.com/${{ github.repository }} --publisher ${{ env.PULUMI_ORG }}

# Update the policy config with the new component version regardless of if this is
# a triggered or manual run.
# Uses composite action in the pequod-policies repository to update the policy config.
- name: Update Policy Config
uses: pulumi-pequod/pequod-policies/shared-github-actions/component-version-policy-config@main
with:
pulumi_org: ${{ env.PULUMI_ORG }}
component_types: ${{ env.COMPONENT_TYPES }}
component_version: ${{ steps.version.outputs.version }}

- name: Manual run - Skip publishing
if: github.event_name == 'workflow_dispatch'
run: |
echo "This is a manual workflow run."
echo "Skipping component publishing to prevent accidental releases."
echo "To publish, push a new tag instead of running manually."