update requirements #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: publish to balenaCloud | |
| on: | |
| # https://github.com/orgs/community/discussions/26724 | |
| pull_request: | |
| types: [opened, synchronize, closed] | |
| branches: | |
| - master | |
| env: | |
| ENVIRONMENT: balena-cloud.com | |
| BLOCK_PREFIX: belodetek/unzoner-api | |
| VERBOSE: true | |
| jobs: | |
| versioning: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| outputs: | |
| semver: ${{ steps.semver.outputs.version }} | |
| version_tag: ${{ steps.semver.outputs.version_tag }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| # https://github.com/marketplace/actions/git-semantic-version | |
| - name: generate new semantic version | |
| id: semver | |
| uses: paulhatch/[email protected] | |
| with: | |
| # https://www.conventionalcommits.org | |
| format: "${major}.${minor}.${patch}" | |
| major_pattern: "/major:\\s*|Change-type:\\s*major/gmi" | |
| minor_pattern: "/minor:\\s*|Change-type:\\s*minor/gmi" | |
| - name: check semver | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| echo 'changed: ${{ steps.semver.outputs.changed }}' | |
| echo 'increment: ${{ steps.semver.outputs.increment }}' | |
| echo 'major: ${{ steps.semver.outputs.major }}' | |
| echo 'minor: ${{ steps.semver.outputs.minor }}' | |
| echo 'patch: ${{ steps.semver.outputs.patch }}' | |
| echo 'version: ${{ steps.semver.outputs.version }}' | |
| echo 'version_tag: ${{ steps.semver.outputs.version_tag }}' | |
| release-notes: | |
| runs-on: ubuntu-latest | |
| needs: versioning | |
| strategy: | |
| fail-fast: true | |
| outputs: | |
| release_notes: ${{ steps.release-notes.outputs.release_notes }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| # https://github.com/cookpete/auto-changelog | |
| - name: generate release notes | |
| id: release-notes | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| sudo npm --location=global install auto-changelog | |
| tmpfile="$(mktemp)" | |
| git tag '${{ needs.versioning.outputs.version_tag }}' | |
| auto-changelog \ | |
| --output "${tmpfile}" \ | |
| --starting-version '${{ needs.versioning.outputs.version_tag }}' \ | |
| --ending-version '${{ needs.versioning.outputs.version_tag }}' | |
| release_notes="$(cat < "${tmpfile}")" && rm -f "${tmpfile}" | |
| echo "::set-output name=release_notes::$(echo "${release_notes}" | openssl base64 -A)" | |
| publish: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - versioning | |
| - release-notes | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| arch: | |
| - aarch64 | |
| - amd64 | |
| - armv7hf | |
| outputs: | |
| aarch64_release_id: ${{ steps.block.outputs.aarch64_release_id }} | |
| aarch64_version: ${{ steps.block.outputs.aarch64_version }} | |
| amd64_release_id: ${{ steps.block.outputs.amd64_release_id }} | |
| amd64_version: ${{ steps.block.outputs.amd64_version }} | |
| armv7hf_release_id: ${{ steps.block.outputs.armv7hf_release_id }} | |
| armv7hf_version: ${{ steps.block.outputs.armv7hf_version }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: install additional dependencies | |
| if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
| run: | | |
| sudo apt install -y git-secret | |
| - name: import GPG key | |
| id: import-gpg-key | |
| if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
| uses: crazy-max/ghaction-import-gpg@v4 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: reveal secrets | |
| if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
| run: | | |
| git secret reveal -fp '${{ secrets.GPG_PASSPHRASE }}' | |
| - name: update release version(s) | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| # https://github.com/mikefarah/yq/issues/439 | |
| #yq -i e '.version="${{ needs.versioning.outputs.semver }}"' balena.yml | |
| sed -i '/version:.*/d' balena.yml | |
| echo 'version: ${{ needs.versioning.outputs.semver }}' >> balena.yml | |
| - name: push draft or finalise release | |
| id: build | |
| # https://github.com/balena-io/deploy-to-balena-action/pull/195 | |
| uses: balena-io/deploy-to-balena-action@master | |
| with: | |
| balena_token: ${{ secrets.BALENA_API_KEY }} | |
| environment: ${{ env.ENVIRONMENT }} | |
| fleet: ${{ env.BLOCK_PREFIX }}-${{ matrix.arch }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: export block build results | |
| id: block | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| block_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}'&\$select=id" \ | |
| -H 'Content-Type: application/json' \ | |
| -H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| | jq -r '.d[].id')" | |
| # FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/193 | |
| arch_version='${{ steps.build.outputs.version }}' | |
| release_id='${{ steps.build.outputs.release_id }}' | |
| if [[ -z $arch_version ]]; then | |
| arch_version='${{ needs.versioning.outputs.semver }}' | |
| fi | |
| if [[ -z $release_id ]]; then | |
| release_id=$(curl --retry 3 --fail \ | |
| "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}&\$select=id,semver,is_final,is_invalidated,release_type" \ | |
| -H 'Content-Type: application/json' \ | |
| -H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| | jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \ | |
| '.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \ | |
| | head -n 1) | |
| fi | |
| echo "::set-output name=${{ matrix.arch }}_block_id::${block_id}" | |
| echo "::set-output name=${{ matrix.arch }}_release_id::${release_id}" | |
| echo "::set-output name=${{ matrix.arch }}_version::${arch_version}" | |
| # FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/194 | |
| - name: update balena release notes | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| # https://github.com/orgs/community/discussions/25634 | |
| release_id='${{ steps.block.outputs[format('{0}_release_id', matrix.arch)] }}' | |
| block_id='${{ steps.block.outputs[format('{0}_block_id', matrix.arch)] }}' | |
| # FIXME: probably require additional escaping of JSON reserved characters | |
| release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \ | |
| | base64 -d \ | |
| | awk '{printf "%s\\n", $0}')" | |
| curl --retry 3 --fail \ | |
| -X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}%20and%20id%20eq%20${release_id}" \ | |
| -H 'Content-Type: application/json' \ | |
| -H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| -d "{\"note\":\"${release_notes}\"}" | |
| commit: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true | |
| needs: | |
| - versioning | |
| - publish | |
| strategy: | |
| fail-fast: true | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches | |
| # https://github.com/orgs/community/discussions/25305 | |
| token: ${{ secrets.PAT }} | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| # https://github.com/cookpete/auto-changelog | |
| - name: set release version(s) and prepare CHANGELOG.md | |
| run: | | |
| [[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
| sudo npm --location=global install auto-changelog | |
| git tag '${{ needs.versioning.outputs.version_tag }}' | |
| sed -i '/version:.*/d' balena.yml | |
| echo 'version: ${{ needs.versioning.outputs.semver }}' >> balena.yml | |
| auto-changelog | |
| git tag --delete '${{ needs.versioning.outputs.version_tag }}' | |
| - name: import GPG key | |
| id: import-gpg-key | |
| uses: crazy-max/ghaction-import-gpg@v4 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| # https://github.com/marketplace/actions/git-auto-commit | |
| - name: Commit CHANGELOG and versioned asset(s) | |
| uses: stefanzweifel/git-auto-commit-action@v4 | |
| # https://stackoverflow.com/a/61565445/1559300 | |
| with: | |
| add_options: -u | |
| branch: ${{ github.base_ref }} | |
| commit_author: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
| commit_message: | | |
| ci: Update CHANGELOG and ${{ needs.versioning.outputs.version_tag }} asset(s) | |
| Signed-off-by: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
| commit_options: --no-verify --signoff | |
| commit_user_email: ${{ steps.import-gpg-key.outputs.email }} | |
| commit_user_name: ${{ steps.import-gpg-key.outputs.name }} | |
| disable_globbing: true | |
| file_pattern: CHANGELOG.md balena.yml | |
| push_options: --force | |
| skip_checkout: true | |
| skip_dirty_check: true | |
| skip_fetch: true | |
| status_options: --untracked-files=no | |
| tagging_message: ${{ needs.versioning.outputs.version_tag }} |