diff --git a/.github/workflows/check-remote.yaml b/.github/workflows/check-remote.yaml new file mode 100644 index 0000000..d1d41d2 --- /dev/null +++ b/.github/workflows/check-remote.yaml @@ -0,0 +1,113 @@ +name: Check remote repositories and create corresponding tag + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + # If any commit message in your push or the HEAD commit of your PR contains the strings + # [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] + # workflows triggered on the push or pull_request events will be skipped. + # https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/ + schedule: + - cron: '0 21 * * 5' # Friday 21:00 UTC, Saturday 06:00 JST + push: + branches: + - main + workflow_dispatch: + +env: + DOCKER_REGISTRY_URL: ghcr.io + TARGET_TAG: "" + TRACKING_GIT_REPO: AthenZ/athenz + +jobs: + build: + + runs-on: ubuntu-latest + # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + permissions: + actions: write + checks: none + contents: write + deployments: none + issues: none + discussions: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + + steps: + # A GitHub Action to check remote repositories + - + name: Check remote repositories + id: check + if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name != 'pull_request' }} + run: | + if [[ "${{ env.CI_REF }}" == "refs/tags/"* ]] && [[ "$(basename ${{ env.CI_REF }})" =~ ^v?([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z]+)?(\.[0-9]+)?$ ]]; then + PACKAGE_VERSION="$(git tag --points-at HEAD | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g')" + TAG_VERSION="$(git tag --points-at HEAD | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g')" + else + PACKAGE_VERSION="$( \ + curl -s https://api.github.com/repos/${{ env.TRACKING_GIT_REPO }}/releases \ + | jq -r .[].tag_name \ + | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ + | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ + | sort -ru \ + | head -n1 + )" + TAG_VERSION="$( \ + curl -s https://api.github.com/repos/${{ env.TRACKING_GIT_REPO }}/releases \ + | jq -r .[].tag_name \ + | grep -E ".*(v[0-9]*.[0-9]*.[0-9]*).*" \ + | sed -e 's/.*\(v[0-9]*.[0-9]*.[0-9]*\).*/\1/g' \ + | sort -ru \ + | head -n1 + )" + fi + printf "VERSION=${PACKAGE_VERSION}\n" >> $GITHUB_ENV + printf "TAG_VERSION=${TAG_VERSION}\n" >> $GITHUB_ENV + + # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. + # https://github.com/actions/checkout + - + name: Checkout repository + id: checkout + # You may pin to the exact commit or the version. + # uses: https://github.com/actions/checkout/tags + uses: actions/checkout@v3 + with: + submodules: recursive + + # A GitHub Action to create git tags + # + # Using the GITHUB_TOKEN in a workflow + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow + # When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. + # This prevents you from accidentally creating recursive workflow runs. + # For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur. + - + name: Create git tag + id: tag + if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.event_name != 'pull_request' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -x + git tag -f ${{ env.TAG_VERSION }} + git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }} + git push -f origin tag ${{ env.TAG_VERSION }} + + - name: Trigger Workflows + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -x + curl --fail -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + https://api.github.com/repos/${{ github.repository }}/actions/workflows/trigger-workflows.yaml/dispatches \ + -d "{\"ref\":\"${{ env.TAG_VERSION }}\"}" diff --git a/README.md b/README.md index 19933b2..da28d6c 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,8 @@ It is currently owned and maintained by [ctyano](https://github.com/ctyano). ``` VERSION=0.0.0 -ATHENZ_PACKAGE_VERSION="$(curl -s https://api.github.com/repos/AthenZ/athenz/tags | jq -r .[].name | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' | head -n1)" -docker build --build-arg VERSION=0.0.0 --build-arg ATHENZ_VERSION=${ATHENZ_PACKAGE_VERSION} -t athenz-auth-core . +ATHENZ_PACKAGE_VERSION="$(curl -s https://api.github.com/repos/AthenZ/athenz/tags | jq -r .[].name | sed -e 's/.*v\([0-9]*.[0-9]*.[0-9]*\).*/\1/g' | sort -ru | head -n1)" +docker build --build-arg VERSION=${VERSION:-0.0.0} --build-arg ATHENZ_VERSION=${ATHENZ_PACKAGE_VERSION} -t athenz-auth-core . ``` ## List of Distributions