-
Notifications
You must be signed in to change notification settings - Fork 4
152 lines (145 loc) · 6.96 KB
/
release.yaml
File metadata and controls
152 lines (145 loc) · 6.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: release
on:
push:
branches:
- main
env:
AWS_REGION: us-west-2
AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
ACME_SERVER_URL: https://acme-v02.api.letsencrypt.org/directory
AWS_MAX_ATTEMPTS: 100
AWS_RETRY_MODE: adaptive
NIX_INSTALL_SHA: e9d447ce3d2ff62d7ff9cb6ef401de6fa8acb148839dd00f7271945d7b638b14
NIX_INSTALL_VERSION: 2.34.7
permissions: write-all
jobs:
release:
runs-on: ubuntu-latest
outputs:
release_pr: ${{ steps.release-please.outputs.pr }}
steps:
# https://github.com/googleapis/release-please-action/releases
- uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
id: release-please
with:
release-type: terraform-module
# https://github.com/actions/github-script/releases
- uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0
if: steps.release-please.outputs.pr
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.createComment({
issue_number: ${{ fromJson(steps.release-please.outputs.pr).number }},
owner: "${{ github.repository_owner }}",
repo: "${{ github.event.repository.name }}",
body: "Please make sure e2e tests pass before merging this PR! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
})
test:
needs:
- release
if: needs.release.outputs.release_pr
runs-on: ubuntu-latest
steps:
# https://github.com/actions/checkout/releases
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{secrets.GITHUB_TOKEN}}
fetch-depth: 0
- id: aws-creds
# https://github.com/aws-actions/configure-aws-credentials/releases
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 28800 # 8 hours
output-credentials: true
- name: install-nix
run: |
curl -L -o install-nix.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install"
echo "${NIX_INSTALL_SHA} install-nix.sh" | sha256sum -c -
chmod +x install-nix.sh
./install-nix.sh
source /home/runner/.nix-profile/etc/profile.d/nix.sh
nix --version
which nix
rm -f install-nix.sh
- name: run_tests
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
ZONE: ${{secrets.ZONE}}
IDENTIFIER: ${{github.run_id}}
run: |
# nix ignores environment variables that are not specifically kept
export AWS_MAX_ATTEMPTS="100"
export AWS_RETRY_MODE="adaptive"
export GITHUB_OWNER="rancher"
export ACME_SERVER_URL="https://acme-v02.api.letsencrypt.org/directory"
export RANCHER_INSECURE="false"
./run_tests.sh -s
cleanup:
needs:
- release
- test
if: always() && needs.release.outputs.release_pr
runs-on: ubuntu-latest
steps:
# https://github.com/actions/checkout/releases
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{secrets.GITHUB_TOKEN}}
fetch-depth: 0
- id: aws-creds
# https://github.com/aws-actions/configure-aws-credentials/releases
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: ${{github.run_id}}-cleanup
aws-region: ${{env.AWS_REGION}}
role-duration-seconds: 3600 # 1 hour
output-credentials: true
- name: install-nix
run: |
curl -L -o install-nix.sh "https://releases.nixos.org/nix/nix-${NIX_INSTALL_VERSION}/install"
echo "${NIX_INSTALL_SHA} install-nix.sh" | sha256sum -c -
chmod +x install-nix.sh
./install-nix.sh
source /home/runner/.nix-profile/etc/profile.d/nix.sh
nix --version
which nix
rm -f install-nix.sh
- name: cleanup
shell: '/home/runner/.nix-profile/bin/nix develop --ignore-environment --extra-experimental-features nix-command --extra-experimental-features flakes --keep HOME --keep SSH_AUTH_SOCK --keep IDENTIFIER --keep GITHUB_TOKEN --keep GITHUB_OWNER --keep ZONE --keep AWS_ROLE --keep AWS_REGION --keep AWS_DEFAULT_REGION --keep AWS_ACCESS_KEY_ID --keep AWS_SECRET_ACCESS_KEY --keep AWS_SESSION_TOKEN --keep UPDATECLI_GPGTOKEN --keep UPDATECLI_GITHUB_TOKEN --keep UPDATECLI_GITHUB_ACTOR --keep GPG_SIGNING_KEY --keep NIX_SSL_CERT_FILE --keep NIX_ENV_LOADED --keep TERM --command bash -e {0}'
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
AWS_SESSION_TOKEN: ${{ steps.aws-creds.outputs.aws-session-token }}
IDENTIFIER: ${{github.run_id}}
run: |
export AWS_MAX_ATTEMPTS="100"
./run_tests.sh -c $IDENTIFIER
report:
needs:
- release
- test
- cleanup
if: success() && needs.release.outputs.release_pr #Ensure the test jobs succeeded, and that a release PR was created.
runs-on: ubuntu-latest
steps:
# https://github.com/actions/github-script/releases
- uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.createComment({
issue_number: ${{ fromJson(needs.release.outputs.release_pr).number }},
owner: "${{ github.repository_owner }}",
repo: "${{ github.event.repository.name }}",
body: "End to End Tests Passed! \n ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
})