Zenko/.github/actions/create-component-deployments/action.yaml at 0dd99d2255dd7f9d3a2511c98bf65ed1b1f5e88d · scality/Zenko · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Manage Component Deployments
description: >
  Create or update GitHub Deployments on scality component repos
  referenced in deps.yaml, providing integration visibility.
  Generates a minimally-scoped token (deployments:write + packages:read,
  limited to the exact repos found in deps.yaml).
  Falls back to OCI manifest annotations when image tags are not valid git refs.

inputs:
  app-id:
    description: GitHub App ID for token generation
    required: true
  app-private-key:
    description: GitHub App private key for token generation
    required: true
  deps-file:
    description: Path to deps.yaml
    required: false
    default: solution/deps.yaml
  target-branch:
    description: >-
      Target branch to diff deps against (when set, deployments are created only for
      changed componentsets)
    required: false
    default: ''
  environment:
    description: Deployment environment name (e.g. zenko/development/2.11)
    required: true
  status:
    description: Deployment status (in_progress, success, failure)
    required: true
  transient:
    description: Whether deployments are transient (auto-inactivated on newer success)
    required: false
    default: 'false'
  production:
    description: Whether deployments target a production environment
    required: false
    default: 'false'
  log-url:
    description: URL to link from the deployment status
    required: true
  description:
    description: Human-readable deployment status description
    required: false
    default: ''
  github-token:
    description: GitHub token for github-script (only needed for act.js tests)
    required: false
    default: ${{ github.token }}

runs:
  using: composite
  steps:
    - name: Filter to changed dependencies
      if: inputs.target-branch != ''
      id: filter
      shell: bash
      run: |
        # Diff against the merge-base (common ancestor with target branch) rather
        # than the target branch tip, so deps where the PR branch is merely
        # behind on target don't show up as "changed". Requires fetch-depth: 0
        # on the caller checkout.
        git fetch origin "${{ inputs.target-branch }}"
        base_ref=$(git merge-base HEAD "origin/${{ inputs.target-branch }}")
        echo "Diffing against merge-base $base_ref"
        git show "$base_ref:${{ inputs.deps-file }}" > /tmp/base-deps.yaml 2>/dev/null || echo '{}' > /tmp/base-deps.yaml

        yq eval-all '
          select(fi == 0) as $curr | select(fi == 1) as $base |
          $curr | with_entries(select(.value.tag != ($base[.key].tag // "")))
        ' '${{ inputs.deps-file }}' /tmp/base-deps.yaml > /tmp/changed-deps.yaml

        cat /tmp/changed-deps.yaml
        echo "deps-file=/tmp/changed-deps.yaml" >> "$GITHUB_OUTPUT"

    - name: Convert deps.yaml to JSON
      id: json
      shell: bash
      run: |
        yq -o=json '${{ steps.filter.outputs.deps-file || inputs.deps-file }}' > /tmp/changed-deps.json
        echo "deps-file=/tmp/changed-deps.json" >> "$GITHUB_OUTPUT"

    - name: Parse component repos from deps.yaml
      id: parse
      uses: actions/github-script@v7
      with:
        github-token: ${{ inputs.github-token }}
        script: |
          const { parseDeps } = require('${{ github.action_path }}/parse-deps.js');
          const selfRepo = process.env.GITHUB_REPOSITORY || 'scality/zenko';
          const { components, repos } = parseDeps('${{ steps.json.outputs.deps-file }}', selfRepo);

          if (components.length === 0) {
            core.info('No component repos found in deps.yaml');
            core.setOutput('components', '');
            return;
          }

          core.setOutput('components', JSON.stringify(components));
          core.setOutput('repos', repos.join('\n'));

    - name: Generate scoped deployments token
      if: steps.parse.outputs.components != ''
      id: app-token
      uses: actions/create-github-app-token@v2
      with:
        app-id: ${{ inputs.app-id }}
        private-key: ${{ inputs.app-private-key }}
        owner: ${{ github.repository_owner }}
        repositories: ${{ steps.parse.outputs.repos }}
        permission-deployments: write
        permission-packages: read

    - name: Create or update deployments
      if: steps.parse.outputs.components != ''
      uses: actions/github-script@v7
      env:
        COMPONENTS: ${{ steps.parse.outputs.components }}
      with:
        github-token: ${{ steps.app-token.outputs.token }}
        script: |
          const { createDeployments } = require('${{ github.action_path }}/create-deployments.js');
          await createDeployments({
            github, core,
            components: JSON.parse(process.env.COMPONENTS),
            environment: `${{ inputs.environment }}`,
            status: `${{ inputs.status }}`,
            transient: ${{ inputs.transient }},
            production: ${{ inputs.production }},
            logUrl: `${{ inputs.log-url }}`,
            description: `${{ inputs.description }}`,
            token: `${{ steps.app-token.outputs.token }}`,
          });