diff --git a/.github/workflows/add_new_issue_to_triage_project.yml b/.github/workflows/add_new_issue_to_triage_project.yml new file mode 100644 index 0000000..f3c5b84 --- /dev/null +++ b/.github/workflows/add_new_issue_to_triage_project.yml @@ -0,0 +1,40 @@ +# Add new issues to triage project board (https://github.com/orgs/simp/projects/11) +# ------------------------------------------------------------------------------ +# +# NOTICE: **This file is maintained with puppetsync** +# +# This file is updated automatically as part of a puppet module baseline. +# +# The next baseline sync will overwrite any local changes to this file! +# +# ============================================================================== +# This pipeline uses the following GitHub Action Secrets: +# +# GitHub Secret variable Notes +# ------------------------------- --------------------------------------- +# AUTO_TRIAGE_TOKEN Token with appropriate permissions +# +# ------------------------------------------------------------------------------ +# +# +--- +name: Add new issues to triage project + +'on': + issues: + types: + - opened + - reopened + pull_request_target: + types: + - opened + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.5.0 + with: + project-url: https://github.com/orgs/simp/projects/11 + github-token: ${{ secrets.AUTO_TRIAGE_TOKEN }} diff --git a/.github/workflows/tag_deploy_rubygem.yml b/.github/workflows/tag_deploy_rubygem.yml new file mode 100644 index 0000000..9bdd919 --- /dev/null +++ b/.github/workflows/tag_deploy_rubygem.yml @@ -0,0 +1,212 @@ +# Create GitHub release, build & publish .gem to rubygems.org on SemVer tag push +# +# This workflow's jobs are only triggered in repos under the `simp` organization +# ------------------------------------------------------------------------------ +# +# NOTICE: **This file is maintained with puppetsync** +# +# This file is updated automatically as part of a standardized asset baseline. +# +# The next baseline sync will overwrite any local changes to this file! +# +# ============================================================================== +# +# This pipeline uses the following GitHub Action Secrets: +# +# GitHub Secret variable Type Notes +# ------------------------ -------- ---------------------------------------- +# RUBYGEMS_API_KEY Required +# +# ------------------------------------------------------------------------------ +# +# NOTES: +# +# * The CHANGELOG text is altered to remove RPM-style date headers, which don't +# render well as markdown on the GitHub release pages +# +# * By default, the gem is built and released using the standard rake tasks +# from "bundler/gem_tasks". To override these, create a JSON file at +# `.github/workflows.local.json`, using the following format: +# +# { +# "gem_build_command": "bundle exec rake build", +# "gem_release_command": "bundle exec rake build release:rubygem_push", +# "gem_pkg_dir": "pkg" +# } +# +# All keys are optional. +# +--- +name: 'Tag: Release to GitHub + rubygems.org (no RPMS)' + +'on': + push: + tags: + # NOTE: These filter patterns aren't actually regexes: + # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet + - '[0-9]+\.[0-9]+\.[0-9]+' + - '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+' + +env: + PUPPET_VERSION: '~> 8' + LOCAL_WORKFLOW_CONFIG_FILE: .github/workflows.local.json + +jobs: + releng-checks: + name: "RELENG checks" + if: github.repository_owner == 'simp' + runs-on: ubuntu-latest + outputs: + build_command: ${{ steps.commands.outputs.build_command }} + release_command: ${{ steps.commands.outputs.release_command }} + pkg_dir: ${{ steps.commands.outputs.pkg_dir }} + steps: + - name: "Assert '${{ github.ref }}' is a tag" + run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }' + - uses: actions/checkout@v3 + with: + ref: ${{ github.ref }} + clean: true + - name: Determine build and release commands + id: commands + run: | + # By default, this is the standard task from "bundler/gem_tasks" + # To override it, add the new command to LOCAL_WORKFLOW_CONFIG_FILE + GEM_BUILD_COMMAND='bundle exec rake build' + GEM_RELEASE_COMMAND='bundle exec rake build release:rubygem_push' + GEM_PKG_DIR='pkg' + if jq -r '. | keys' "$LOCAL_WORKFLOW_CONFIG_FILE" 2>/dev/null | \ + grep -w '"gem_pkg_dir"' &> /dev/null; then + GEM_PKG_DIR="$(jq -r .gem_pkg_dir "$LOCAL_WORKFLOW_CONFIG_FILE" )" + fi + if jq -r '. | keys' "$LOCAL_WORKFLOW_CONFIG_FILE" 2>/dev/null | \ + grep -w '"gem_build_command"' &> /dev/null; then + GEM_BUILD_COMMAND="$(jq -r .gem_build_command "$LOCAL_WORKFLOW_CONFIG_FILE" )" + fi + if jq -r '. | keys' "$LOCAL_WORKFLOW_CONFIG_FILE" 2>/dev/null | \ + grep -w '"gem_release_command"' &> /dev/null; then + GEM_RELEASE_COMMAND="$(jq -r .gem_release_command "$LOCAL_WORKFLOW_CONFIG_FILE" )" + fi + echo "build_command=$GEM_BUILD_COMMAND" | tee -a "$GITHUB_OUTPUT" + echo "pkg_dir=$GEM_PKG_DIR" | tee -a "$GITHUB_OUTPUT" + echo "release_command=$GEM_RELEASE_COMMAND" | tee -a "$GITHUB_OUTPUT" + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7 + bundler-cache: true + - name: Test build the package + run: "${{ steps.commands.outputs.build_command }}" + - name: "Assert '${{ github.ref }}' matches the package version" + run: | + tag="${GITHUB_REF/refs\/tags\//}" + [ -d "${{ steps.commands.outputs.pkg_dir }}" ] || \ + { echo "::error ::No directory found at ${{ steps.commands.outputs.pkg_dir }}/" ; exit 3 ; } + ls -1 "${{ steps.commands.outputs.pkg_dir }}"/*.gem || \ + { echo "::error ::No gem file found at ${{ steps.commands.outputs.pkg_dir }}/*.gem" ; exit 2 ; } + [ -f "${{ steps.commands.outputs.pkg_dir }}"/*-${tag}.gem ] || \ + { echo "::error ::tag '${tag}' does not match package $(ls -1 ${{ steps.commands.outputs.pkg_dir }}/*.gem)"; exit 1 ; } + + create-github-release: + name: Deploy GitHub Release + needs: + - releng-checks + if: github.repository_owner == 'simp' + runs-on: ubuntu-latest + outputs: + prerelease: ${{ steps.tag-check.outputs.prerelease }} + tag: ${{ steps.tag-check.outputs.tag }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.ref }} + clean: true + fetch-depth: 0 + + - name: Get tag & annotation info (${{github.ref}}) + id: tag-check + run: | + tag="${GITHUB_REF/refs\/tags\//}" + annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)" + annotation_title="$(echo "$annotation" | head -1)" + + if [[ "$tag" =~ ^(simp-|v)?[0-9]+\.[0-9]+\.[0-9]+(-(rc|alpha|beta|pre|post)?([0-9]+)?)?$ ]]; then + if [ -n "${BASH_REMATCH[2]}" ]; then + prerelease=yes + annotation_title="Pre-release of ${tag}" + fi + else + printf '::error ::Release Tag format is not SemVer, X.Y.Z-R, X.Y.Z-: "%s"\n' "$RELEASE_TAG" + exit 88 + fi + + echo "tag=$tag" | tee -a "$GITHUB_OUTPUT" + echo "prerelease=$prerelease" | tee -a "$GITHUB_OUTPUT" + echo "TARGET_TAG=$tag" | tee -a "$GITHUB_ENV" + + # Prepare annotation body as a file for the next step + # + # * The GitHub Release renders the text in this file as markdown + # * The `perl -pe` removes RPM-style date headers from the CHANGELOG, + # because they don't render well as markdown on the Release page + echo "RELEASE_MESSAGE<> "$GITHUB_ENV" + printf '%s\n\n' "$annotation_title" >> "$GITHUB_ENV" + echo "$annotation" | tail -n +2 | \ + perl -pe 'BEGIN{undef $/;} s/\n\* (Mon|Tue|Wed|Thu|Fri|Sat|Sun) .*?\n//smg;' >> "$GITHUB_ENV" + echo "EOF$$" >> "$GITHUB_ENV" + + - name: Create Release + id: create_release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IS_PRERELEASE: ${{ steps.tag-check.outputs.prerelease }} + run: | + echo "${RELEASE_MESSAGE}" > /tmp/.commit-msg.txt + args=(-F /tmp/.commit-msg.txt) + [[ "$IS_PRERELEASE" == yes ]] && args+=(--prerelease) + + gh release create ${args[@]} "$TARGET_TAG" + + deploy-rubygem: + name: Deploy RubyGem Release + needs: + - releng-checks + - create-github-release + if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes') + runs-on: ubuntu-latest + env: + RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }} + BUILD_COMMAND: ${{ needs.releng-checks.outputs.build_command }} + RELEASE_COMMAND: ${{ needs.releng-checks.outputs.release_command }} + PKG_DIR: ${{ needs.releng-checks.outputs.pkg_dir }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.ref }} + clean: true + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7 + bundler-cache: true + - name: Build RubyGem + run: | + echo "Setting up file permissions..." + chmod -R go=u-w . + + echo "Running '$BUILD_COMMAND'..." + $BUILD_COMMAND + + - name: Release RubyGem + run: | + echo "Setting up gem credentials..." + mkdir -p ~/.gem + + cat << EOF > ~/.gem/credentials + --- + :rubygems_api_key: ${RUBYGEMS_API_KEY} + EOF + chmod 0600 ~/.gem/credentials + + echo "Running '$RELEASE_COMMAND'..." + $RELEASE_COMMAND