Add release dry-run

This commit is contained in:
sobolevn 2022-06-05 10:56:24 +03:00
parent 666691de88
commit 7d68acffbe
No known key found for this signature in database
GPG Key ID: FF672D568AE3C73E
7 changed files with 67 additions and 29 deletions

View File

@ -4,27 +4,27 @@ on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
# In case we change the some build scripts:
push:
branches:
- master
paths:
- 'utils/*/install.sh'
- 'utils/**'
- '.ci/release-ci/**'
- '.github/workflows/release-ci.yml'
pull_request:
paths:
- 'utils/*/install.sh'
- 'utils/**'
- '.ci/release-ci/**'
- '.github/workflows/release-ci.yml'
concurrency:
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build:
existing:
runs-on: ubuntu-latest
strategy:
matrix:
@ -50,12 +50,29 @@ jobs:
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
make release-ci
# Keep in sync with `release.yml`:
dryrun:
runs-on: ubuntu-latest
strategy:
matrix:
release-type:
- apk
- deb
- rpm
steps:
- uses: actions/checkout@v3
- name: Run dry run of the release process
run: |
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
SECRETS_RELEASE_DRY_RUN=1 \
make release
# https://github.community/t/run-github-actions-job-only-if-previous-job-has-failed/174786/2
create-issue-on-failure:
name: Create an issue if release-ci cron failed
runs-on: ubuntu-latest
needs: [build]
if: ${{ github.event_name == 'schedule' && github.repository == 'sobolevn/git-secret' && always() && needs.build.result == 'failure' }}
needs: [existing]
if: ${{ github.event_name == 'schedule' && github.repository == 'sobolevn/git-secret' && always() && (needs.existing.result == 'failure' || needs.dryrun.result == 'failure') }}
permissions:
issues: write
steps:

View File

@ -2,15 +2,20 @@
set -e
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
echo 'dry-run finished'
exit 0
fi
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/apk/meta.sh"
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
readonly VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
function upload_with_architecture {
@ -18,7 +23,8 @@ function upload_with_architecture {
local file_location
file_location="$(locate_release 'apk' "$arch")"
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
--max-time 10 \
--retry 3 \
--retry-delay 5 \
@ -31,7 +37,8 @@ for architecture in "${ALPINE_ARCHITECTURES[@]}"; do
done
# Now, we need to trigger metadata reindex:
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
--max-time 5 \
--retry 3 \
--retry-delay 5 \

View File

@ -1,7 +1,7 @@
# Full list is here:
# http://dl-cdn.alpinelinux.org/alpine/v3.13/main/
# shellcheck disable=SC2034
ALPINE_ARCHITECTURES=(
readonly ALPINE_ARCHITECTURES=(
'aarch64'
'armhf'
'armv7'

View File

@ -6,19 +6,19 @@ set -e
source "$SECRETS_PROJECT_ROOT/src/version.sh"
# Initializing and settings:
READ_PERM=0644
EXEC_PERM=0755
readonly READ_PERM=0644
readonly EXEC_PERM=0755
SCRIPT_NAME='git-secret'
SCRIPT_DESCRIPTION='Shell scripts to encrypt your private data inside a git repository.'
SCRIPT_VERSION="$GITSECRET_VERSION"
readonly SCRIPT_NAME='git-secret'
readonly SCRIPT_DESCRIPTION='Shell scripts to encrypt your private data inside a git repository.'
readonly SCRIPT_VERSION="$GITSECRET_VERSION"
# This may be overridden:
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
SCRIPT_BUILD_DIR="$PWD/build"
fi
SCRIPT_DEST_DIR="$SCRIPT_BUILD_DIR/buildroot"
readonly SCRIPT_DEST_DIR="$SCRIPT_BUILD_DIR/buildroot"
function locate_release {

View File

@ -2,23 +2,30 @@
set -e
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
echo 'dry-run finished'
exit 0
fi
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
# This folder should contain just one `.dev` file:
DEB_FILE_LOCATION="$(locate_release 'deb')"
DEB_FILE_NAME="$(basename "$DEB_FILE_LOCATION")"
readonly DEB_FILE_LOCATION="$(locate_release 'deb')"
readonly DEB_FILE_NAME="$(basename "$DEB_FILE_LOCATION")"
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
-XPUT "$BASE_API_URL/git-secret-deb/$DEB_FILE_NAME;deb.distribution=git-secret;deb.component=main;deb.architecture=all" \
-T "$DEB_FILE_LOCATION"
# Now, we need to trigger metadata reindex:
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
-XPOST "$BASE_API_URL/api/deb/reindex/git-secret-deb"
echo

View File

@ -2,23 +2,30 @@
set -e
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
echo 'dry-run finished'
exit 0
fi
# shellcheck disable=SC1090,SC1091
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
# Artifactory location:
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
# This folder should contain just one `.rpm` file:
RPM_FILE_LOCATION="$(locate_release 'rpm')"
RPM_FILE_NAME="$(basename "$RPM_FILE_LOCATION")"
readonly RPM_FILE_LOCATION="$(locate_release 'rpm')"
readonly RPM_FILE_NAME="$(basename "$RPM_FILE_LOCATION")"
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
-XPUT "$BASE_API_URL/git-secret-rpm/rpm/$RPM_FILE_NAME" \
-T "$RPM_FILE_LOCATION"
# Now, we need to trigger metadata reindex:
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
curl -sS \
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
-XPOST "$BASE_API_URL/api/yum/git-secret-rpm?async=1"
echo

View File

@ -3,7 +3,7 @@
set -e
PREFIX="$1"
readonly PREFIX="$1"
if [ -z "$PREFIX" ]; then
echo "usage: $0 <prefix>" >&2
exit 1