chore(github-actions): update digest github-actions-versions-non-major #189
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# yamllint disable rule:line-length | |
name: "release" | |
# yamllint disable-line rule:truthy | |
on: | |
pull_request: | |
paths: | |
- '.github/workflows/release.yaml' | |
- '.releaserc.js' | |
- 'package.json' | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
image_name: ${{ secrets.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_REGISTRY_PATH }}/homelab-workspace | |
image_cache_name: ${{ secrets.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_REGISTRY_CACHE_PATH }}/coder-workspace | |
image_path: images/homelab-workspace | |
template_path: templates/docker/homelab-workspace | |
default_branch: main | |
jobs: | |
create-release: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
# if: github.event.pull_request.merged == true | |
outputs: | |
released_sha: ${{ steps.release_info.outputs.sha }} | |
released_version: ${{ steps.release_info.outputs.version }} | |
steps: | |
- name: Check out | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
token: "${{ secrets.GH_RELEASES_TOKEN }}" | |
fetch-depth: 0 | |
- name: Set up node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 | |
with: | |
node-version-file: '.node-version' | |
cache: 'npm' | |
cache-dependency-path: 'package-lock.json' | |
- name: Install node packages | |
run: npm ci --no-fund --no-audit | |
- name: Release - dry run | |
if: github.event_name == 'pull_request' | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_RELEASES_TOKEN }} | |
run: | | |
CURRENT_BRANCH=$GITHUB_HEAD_REF | |
GITHUB_REF=$CURRENT_BRANCH | |
set -x | |
npx semantic-release --dry-run --no-ci --branches $CURRENT_BRANCH | |
- name: Release | |
if: github.event_name == 'workflow_dispatch' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_RELEASES_TOKEN }} | |
run: | | |
set -x | |
npx semantic-release | |
- name: Output release info | |
id: release_info | |
shell: bash | |
env: | |
TRIGGER_EVENT: ${{ github.event_name }} | |
# yamllint disable-line rule:indentation | |
run: | | |
if [[ "${TRIGGER_EVENT}" == "workflow_dispatch" ]]; then | |
# an actual release has been triggered. | |
if [[ ! -f /tmp/released.version ]]; then | |
echo "No release occurred... cannot proceed." | |
exit 1 | |
fi | |
echo "version=v$(cat /tmp/released.version)" >> "$GITHUB_OUTPUT" | |
else | |
# release workflow is being tested | |
echo "version=v0.0.0" >> "$GITHUB_OUTPUT" | |
fi | |
echo "sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
publish-image: | |
needs: [create-release] | |
uses: ppat/images/.github/workflows/build-image-workflow.yaml@main | |
with: | |
image_context_path: images/homelab-workspace | |
label_title: "Homelab Workspace" | |
label_description: "Homelab workspace image" | |
source_git_ref: ${{ (github.event_name == 'pull_request') && format('refs/heads/{0}', github.head_ref) || format('refs/tags/{0}', needs.create-release.outputs.released_version) }} | |
timeout_minutes: 180 | |
secrets: | |
private_registry_username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
private_registry_token: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} | |
repository_private_registry: ${{ secrets.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_REGISTRY_PATH }}/homelab-workspace | |
repository_build_cache: ${{ secrets.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_REGISTRY_CACHE_PATH }}/homelab-workspace | |
tailscale_oauth_client_id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} | |
tailscale_oauth_secret: ${{ secrets.TAILSCALE_OAUTH_SECRET }} | |
build_secrets: | | |
FETCH_GH_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
publish-template: | |
needs: [create-release, publish-image] | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Tailscale Connect | |
uses: tailscale/github-action@4e4c49acaa9818630ce0bd7a564372c17e33fb4d # v2 | |
with: | |
oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} | |
oauth-secret: ${{ secrets.TAILSCALE_OAUTH_SECRET }} | |
tags: tag:github-action-ci-runner | |
# renovate: datasource=github-releases depName=tailscale/tailscale | |
version: "1.76.1" | |
- name: Login to Coder | |
id: login | |
env: | |
CODER_URL: "${{ secrets.CODER_URL }}" | |
shell: bash | |
# yamllint disable-line rule:indentation | |
run: | | |
while ! curl -fsSL ${CODER_URL} > /dev/null; do | |
echo "Waiting for coder service to be ready... sleep 5s!" | |
sleep 5 | |
done | |
echo "Coder service is accepting connections..." | |
echo | |
echo "Generating authentication token..." | |
export CODER_SESSION_TOKEN=$(curl -X POST ${CODER_URL}/api/v2/users/login \ | |
-H 'Content-Type: application/json' \ | |
-H 'Accept: application/json' \ | |
--data '{"email": "'${{ secrets.CODER_EMAIL }}'", "password": "'${{ secrets.CODER_PASSWORD }}'"}' \ | |
| jq -r .session_token) | |
echo "::add-mask::${CODER_SESSION_TOKEN}" | |
if [[ -z "${CODER_SESSION_TOKEN}" || "${CODER_SESSION_TOKEN}" = "null" ]]; then | |
echo "Error generating coder authentication token." | |
exit 1 | |
fi | |
echo "Authentication token generated." | |
echo | |
echo "Determining coder version..." | |
export CODER_VERSION=$(curl -fsSL ${CODER_URL}/api/v2/buildinfo | jq -r .version | cut -d'+' -f1 | cut -d'v' -f2) | |
echo "Installing coder CLI..." | |
curl -fsSL https://coder.com/install.sh | sh -s -- --method standalone --version "${CODER_VERSION}" | |
echo | |
echo "Logging into Coder..." | |
coder login ${CODER_URL} | |
- name: Publish template | |
id: publish-template | |
env: | |
TEMPLATE_DIR: ${{ env.template_path }} | |
TEMPLATE_VERSION: "${{ needs.create-release.outputs.released_version != 'v0.0.0' && needs.create-release.outputs.released_version || needs.create-release.outputs.released_sha }}" | |
WORKSPACE_IMAGE: "${{ secrets.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_REGISTRY_PATH }}/homelab-workspace:${{ needs.publish-image.outputs.image_tag }}" | |
shell: bash | |
# yamllint disable-line rule:indentation | |
run: | | |
if echo $TEMPLATE_VERSION | grep -E '[0-9]+\.[0-9]+\.[0-9]+'; then | |
export TEMPLATE_NAME="$(echo ${TEMPLATE_DIR} | cut -d/ -f3)" | |
export RELEASE_MSG="[Release Notes](https://github.com/${{ github.repository }}/releases/tag/${TEMPLATE_VERSION})" | |
else | |
export TEMPLATE_NAME="$(echo ${TEMPLATE_DIR} | cut -d/ -f3)-test" | |
export RELEASE_MSG="[Changes](https://github.com/${{ github.repository }}/commit/${TEMPLATE_VERSION})" | |
fi | |
echo "Publishing template ${TEMPLATE_DIR} as ${TEMPLATE_NAME}..." | |
set -x | |
coder template push \ | |
--directory ${TEMPLATE_DIR} \ | |
--var workspace_image=${WORKSPACE_IMAGE} \ | |
--var test_mode=false \ | |
--name ${TEMPLATE_VERSION} \ | |
--message "${RELEASE_MSG}" \ | |
--yes \ | |
${TEMPLATE_NAME} | |
set +x | |
echo | |
echo "Confirming template has been published..." | |
coder templates list --output json > /tmp/templates.json | |
export SELECTED_TEMPLATE=$(cat /tmp/templates.json | jq -r '.[] | select(.Template.name == "'${TEMPLATE_NAME}'")') | |
if [[ -z $SELECTED_TEMPLATE ]]; then | |
echo "Could not find any template published as $TEMPLATE_NAME." | |
exit 1 | |
fi | |
echo "Template has been published successfully." | |
- name: Tailscale Disconnect | |
if: success() || failure() | |
run: sudo -E tailscale logout |