mirror of
https://github.com/sobolevn/git-secret
synced 2024-10-31 21:20:29 +00:00
Add release dry-run
This commit is contained in:
parent
666691de88
commit
7d68acffbe
31
.github/workflows/release-ci.yml
vendored
31
.github/workflows/release-ci.yml
vendored
@ -4,27 +4,27 @@ on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
|
||||
# In case we change the some build scripts:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
paths:
|
||||
- 'utils/*/install.sh'
|
||||
- 'utils/**'
|
||||
- '.ci/release-ci/**'
|
||||
- '.github/workflows/release-ci.yml'
|
||||
pull_request:
|
||||
paths:
|
||||
- 'utils/*/install.sh'
|
||||
- 'utils/**'
|
||||
- '.ci/release-ci/**'
|
||||
- '.github/workflows/release-ci.yml'
|
||||
|
||||
concurrency:
|
||||
concurrency:
|
||||
group: ${{ github.head_ref || github.run_id }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
existing:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
@ -50,12 +50,29 @@ jobs:
|
||||
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
|
||||
make release-ci
|
||||
|
||||
# Keep in sync with `release.yml`:
|
||||
dryrun:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
release-type:
|
||||
- apk
|
||||
- deb
|
||||
- rpm
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Run dry run of the release process
|
||||
run: |
|
||||
SECRETS_RELEASE_TYPE="${{ matrix.release-type }}" \
|
||||
SECRETS_RELEASE_DRY_RUN=1 \
|
||||
make release
|
||||
|
||||
# https://github.community/t/run-github-actions-job-only-if-previous-job-has-failed/174786/2
|
||||
create-issue-on-failure:
|
||||
name: Create an issue if release-ci cron failed
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build]
|
||||
if: ${{ github.event_name == 'schedule' && github.repository == 'sobolevn/git-secret' && always() && needs.build.result == 'failure' }}
|
||||
needs: [existing]
|
||||
if: ${{ github.event_name == 'schedule' && github.repository == 'sobolevn/git-secret' && always() && (needs.existing.result == 'failure' || needs.dryrun.result == 'failure') }}
|
||||
permissions:
|
||||
issues: write
|
||||
steps:
|
||||
|
@ -2,15 +2,20 @@
|
||||
|
||||
set -e
|
||||
|
||||
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
|
||||
echo 'dry-run finished'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRETS_PROJECT_ROOT/utils/apk/meta.sh"
|
||||
|
||||
VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
|
||||
readonly VERSION_NAME="git-secret-${SCRIPT_VERSION}.apk"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
||||
|
||||
function upload_with_architecture {
|
||||
@ -18,7 +23,8 @@ function upload_with_architecture {
|
||||
local file_location
|
||||
file_location="$(locate_release 'apk' "$arch")"
|
||||
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
--max-time 10 \
|
||||
--retry 3 \
|
||||
--retry-delay 5 \
|
||||
@ -31,7 +37,8 @@ for architecture in "${ALPINE_ARCHITECTURES[@]}"; do
|
||||
done
|
||||
|
||||
# Now, we need to trigger metadata reindex:
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
--max-time 5 \
|
||||
--retry 3 \
|
||||
--retry-delay 5 \
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Full list is here:
|
||||
# http://dl-cdn.alpinelinux.org/alpine/v3.13/main/
|
||||
# shellcheck disable=SC2034
|
||||
ALPINE_ARCHITECTURES=(
|
||||
readonly ALPINE_ARCHITECTURES=(
|
||||
'aarch64'
|
||||
'armhf'
|
||||
'armv7'
|
||||
|
@ -6,19 +6,19 @@ set -e
|
||||
source "$SECRETS_PROJECT_ROOT/src/version.sh"
|
||||
|
||||
# Initializing and settings:
|
||||
READ_PERM=0644
|
||||
EXEC_PERM=0755
|
||||
readonly READ_PERM=0644
|
||||
readonly EXEC_PERM=0755
|
||||
|
||||
SCRIPT_NAME='git-secret'
|
||||
SCRIPT_DESCRIPTION='Shell scripts to encrypt your private data inside a git repository.'
|
||||
SCRIPT_VERSION="$GITSECRET_VERSION"
|
||||
readonly SCRIPT_NAME='git-secret'
|
||||
readonly SCRIPT_DESCRIPTION='Shell scripts to encrypt your private data inside a git repository.'
|
||||
readonly SCRIPT_VERSION="$GITSECRET_VERSION"
|
||||
|
||||
# This may be overridden:
|
||||
if [[ -z "$SCRIPT_BUILD_DIR" ]]; then
|
||||
SCRIPT_BUILD_DIR="$PWD/build"
|
||||
fi
|
||||
|
||||
SCRIPT_DEST_DIR="$SCRIPT_BUILD_DIR/buildroot"
|
||||
readonly SCRIPT_DEST_DIR="$SCRIPT_BUILD_DIR/buildroot"
|
||||
|
||||
|
||||
function locate_release {
|
||||
|
@ -2,23 +2,30 @@
|
||||
|
||||
set -e
|
||||
|
||||
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
|
||||
echo 'dry-run finished'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
||||
# This folder should contain just one `.dev` file:
|
||||
DEB_FILE_LOCATION="$(locate_release 'deb')"
|
||||
DEB_FILE_NAME="$(basename "$DEB_FILE_LOCATION")"
|
||||
readonly DEB_FILE_LOCATION="$(locate_release 'deb')"
|
||||
readonly DEB_FILE_NAME="$(basename "$DEB_FILE_LOCATION")"
|
||||
|
||||
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
-XPUT "$BASE_API_URL/git-secret-deb/$DEB_FILE_NAME;deb.distribution=git-secret;deb.component=main;deb.architecture=all" \
|
||||
-T "$DEB_FILE_LOCATION"
|
||||
|
||||
# Now, we need to trigger metadata reindex:
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
-XPOST "$BASE_API_URL/api/deb/reindex/git-secret-deb"
|
||||
|
||||
echo
|
||||
|
@ -2,23 +2,30 @@
|
||||
|
||||
set -e
|
||||
|
||||
if [[ "$SECRETS_DEPLOY_DRY_RUN" == 1 ]]; then
|
||||
echo 'dry-run finished'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
source "$SECRETS_PROJECT_ROOT/utils/build-utils.sh"
|
||||
|
||||
# Artifactory location:
|
||||
BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
readonly BASE_API_URL='https://gitsecret.jfrog.io/artifactory'
|
||||
|
||||
# This folder should contain just one `.rpm` file:
|
||||
RPM_FILE_LOCATION="$(locate_release 'rpm')"
|
||||
RPM_FILE_NAME="$(basename "$RPM_FILE_LOCATION")"
|
||||
readonly RPM_FILE_LOCATION="$(locate_release 'rpm')"
|
||||
readonly RPM_FILE_NAME="$(basename "$RPM_FILE_LOCATION")"
|
||||
|
||||
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
-XPUT "$BASE_API_URL/git-secret-rpm/rpm/$RPM_FILE_NAME" \
|
||||
-T "$RPM_FILE_LOCATION"
|
||||
|
||||
# Now, we need to trigger metadata reindex:
|
||||
curl -sS -u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
curl -sS \
|
||||
-u "$SECRETS_ARTIFACTORY_CREDENTIALS" \
|
||||
-XPOST "$BASE_API_URL/api/yum/git-secret-rpm?async=1"
|
||||
|
||||
echo
|
||||
|
@ -3,7 +3,7 @@
|
||||
set -e
|
||||
|
||||
|
||||
PREFIX="$1"
|
||||
readonly PREFIX="$1"
|
||||
if [ -z "$PREFIX" ]; then
|
||||
echo "usage: $0 <prefix>" >&2
|
||||
exit 1
|
||||
|
Loading…
Reference in New Issue
Block a user