update requirements #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: publish to balenaCloud | |
on: | |
# https://github.com/orgs/community/discussions/26724 | |
pull_request: | |
types: [opened, synchronize, closed] | |
branches: | |
- master | |
env: | |
ENVIRONMENT: balena-cloud.com | |
BLOCK_PREFIX: belodetek/unzoner-api | |
VERBOSE: true | |
jobs: | |
versioning: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
outputs: | |
semver: ${{ steps.semver.outputs.version }} | |
version_tag: ${{ steps.semver.outputs.version_tag }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# https://github.com/marketplace/actions/git-semantic-version | |
- name: generate new semantic version | |
id: semver | |
uses: paulhatch/[email protected] | |
with: | |
# https://www.conventionalcommits.org | |
format: "${major}.${minor}.${patch}" | |
major_pattern: "/major:\\s*|Change-type:\\s*major/gmi" | |
minor_pattern: "/minor:\\s*|Change-type:\\s*minor/gmi" | |
- name: check semver | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
echo 'changed: ${{ steps.semver.outputs.changed }}' | |
echo 'increment: ${{ steps.semver.outputs.increment }}' | |
echo 'major: ${{ steps.semver.outputs.major }}' | |
echo 'minor: ${{ steps.semver.outputs.minor }}' | |
echo 'patch: ${{ steps.semver.outputs.patch }}' | |
echo 'version: ${{ steps.semver.outputs.version }}' | |
echo 'version_tag: ${{ steps.semver.outputs.version_tag }}' | |
release-notes: | |
runs-on: ubuntu-latest | |
needs: versioning | |
strategy: | |
fail-fast: true | |
outputs: | |
release_notes: ${{ steps.release-notes.outputs.release_notes }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
# https://github.com/cookpete/auto-changelog | |
- name: generate release notes | |
id: release-notes | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
sudo npm --location=global install auto-changelog | |
tmpfile="$(mktemp)" | |
git tag '${{ needs.versioning.outputs.version_tag }}' | |
auto-changelog \ | |
--output "${tmpfile}" \ | |
--starting-version '${{ needs.versioning.outputs.version_tag }}' \ | |
--ending-version '${{ needs.versioning.outputs.version_tag }}' | |
release_notes="$(cat < "${tmpfile}")" && rm -f "${tmpfile}" | |
echo "::set-output name=release_notes::$(echo "${release_notes}" | openssl base64 -A)" | |
publish: | |
runs-on: ubuntu-latest | |
needs: | |
- versioning | |
- release-notes | |
strategy: | |
fail-fast: true | |
matrix: | |
arch: | |
- aarch64 | |
- amd64 | |
- armv7hf | |
outputs: | |
aarch64_release_id: ${{ steps.block.outputs.aarch64_release_id }} | |
aarch64_version: ${{ steps.block.outputs.aarch64_version }} | |
amd64_release_id: ${{ steps.block.outputs.amd64_release_id }} | |
amd64_version: ${{ steps.block.outputs.amd64_version }} | |
armv7hf_release_id: ${{ steps.block.outputs.armv7hf_release_id }} | |
armv7hf_version: ${{ steps.block.outputs.armv7hf_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install additional dependencies | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
run: | | |
sudo apt install -y git-secret | |
- name: import GPG key | |
id: import-gpg-key | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: reveal secrets | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
run: | | |
git secret reveal -fp '${{ secrets.GPG_PASSPHRASE }}' | |
- name: update release version(s) | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
# https://github.com/mikefarah/yq/issues/439 | |
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' balena.yml | |
sed -i '/version:.*/d' balena.yml | |
echo 'version: ${{ needs.versioning.outputs.semver }}' >> balena.yml | |
- name: push draft or finalise release | |
id: build | |
# https://github.com/balena-io/deploy-to-balena-action/pull/195 | |
uses: balena-io/deploy-to-balena-action@master | |
with: | |
balena_token: ${{ secrets.BALENA_API_KEY }} | |
environment: ${{ env.ENVIRONMENT }} | |
fleet: ${{ env.BLOCK_PREFIX }}-${{ matrix.arch }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: export block build results | |
id: block | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
block_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}'&\$select=id" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r '.d[].id')" | |
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/193 | |
arch_version='${{ steps.build.outputs.version }}' | |
release_id='${{ steps.build.outputs.release_id }}' | |
if [[ -z $arch_version ]]; then | |
arch_version='${{ needs.versioning.outputs.semver }}' | |
fi | |
if [[ -z $release_id ]]; then | |
release_id=$(curl --retry 3 --fail \ | |
"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}&\$select=id,semver,is_final,is_invalidated,release_type" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \ | |
'.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \ | |
| head -n 1) | |
fi | |
echo "::set-output name=${{ matrix.arch }}_block_id::${block_id}" | |
echo "::set-output name=${{ matrix.arch }}_release_id::${release_id}" | |
echo "::set-output name=${{ matrix.arch }}_version::${arch_version}" | |
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/194 | |
- name: update balena release notes | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
# https://github.com/orgs/community/discussions/25634 | |
release_id='${{ steps.block.outputs[format('{0}_release_id', matrix.arch)] }}' | |
block_id='${{ steps.block.outputs[format('{0}_block_id', matrix.arch)] }}' | |
# FIXME: probably require additional escaping of JSON reserved characters | |
release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \ | |
| base64 -d \ | |
| awk '{printf "%s\\n", $0}')" | |
curl --retry 3 --fail \ | |
-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}%20and%20id%20eq%20${release_id}" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
-d "{\"note\":\"${release_notes}\"}" | |
commit: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true | |
needs: | |
- versioning | |
- publish | |
strategy: | |
fail-fast: true | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches | |
# https://github.com/orgs/community/discussions/25305 | |
token: ${{ secrets.PAT }} | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
# https://github.com/cookpete/auto-changelog | |
- name: set release version(s) and prepare CHANGELOG.md | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
sudo npm --location=global install auto-changelog | |
git tag '${{ needs.versioning.outputs.version_tag }}' | |
sed -i '/version:.*/d' balena.yml | |
echo 'version: ${{ needs.versioning.outputs.semver }}' >> balena.yml | |
auto-changelog | |
git tag --delete '${{ needs.versioning.outputs.version_tag }}' | |
- name: import GPG key | |
id: import-gpg-key | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_config_global: true | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
# https://github.com/marketplace/actions/git-auto-commit | |
- name: Commit CHANGELOG and versioned asset(s) | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
# https://stackoverflow.com/a/61565445/1559300 | |
with: | |
add_options: -u | |
branch: ${{ github.base_ref }} | |
commit_author: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
commit_message: | | |
ci: Update CHANGELOG and ${{ needs.versioning.outputs.version_tag }} asset(s) | |
Signed-off-by: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
commit_options: --no-verify --signoff | |
commit_user_email: ${{ steps.import-gpg-key.outputs.email }} | |
commit_user_name: ${{ steps.import-gpg-key.outputs.name }} | |
disable_globbing: true | |
file_pattern: CHANGELOG.md balena.yml | |
push_options: --force | |
skip_checkout: true | |
skip_dirty_check: true | |
skip_fetch: true | |
status_options: --untracked-files=no | |
tagging_message: ${{ needs.versioning.outputs.version_tag }} |