Merge pull request #585 from umccr/bugfix/ora-reference-tar-optional #216
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Workflow Release Asset | |
on: | |
push: | |
tags: | |
# Matches dragen-pon-qc/3.9.3 | |
# Matches tso500-ctdna-with-post-processing-pipeline/1.1.0--1.0.0 | |
# Matches dragen-somatic-pipeline/4.0.3-rc | |
# ** required since our tags have '/' in them -- https://stackoverflow.com/a/61892639/6946787 | |
# Single quotes required since * is a special character in yaml | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
- '**' | |
jobs: | |
# Workflow split due to https://github.com/actions/runner/issues/662 | |
# This way we do a 'precheck', update a few vars and most importantly make sure that the tag is legix | |
release_asset_precheck: | |
name: release asset precheck | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
# Checkout code | |
- name: Checkout code | |
id: git_checkout | |
uses: actions/checkout@v4 | |
# Set to fail | |
- name: Update bash settings | |
id: update_bash_settings | |
run: | | |
set -euo pipefail | |
# Install jq (for querying branch name) | |
- name: Install Jq | |
id: install_jq | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install jq -y | |
# Get tag | |
- name: Set output | |
id: get_tag | |
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
# Ensure tag matches regex | |
- name: action regex match | |
id: tag_regex_match | |
uses: kaisugi/[email protected] | |
with: | |
text: ${{ steps.get_tag.outputs.tag }} | |
regex: '^[A-Za-z0-9-_]+/[0-9]+\.[0-9]+\.[0-9]+(?:--\S+)?(-rc)?$' | |
# Get email and username | |
- name: Get User Configurations | |
id: get_user_configurations | |
run: | | |
echo "user_name=${{ github.actor }}" >> "${GITHUB_OUTPUT}" | |
echo "user_email=${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com" >> "${GITHUB_OUTPUT}" | |
# Has regex match | |
- name: has regex match | |
id: has_regex_match | |
run: | | |
create_release="false" | |
is_prerelease="false" | |
if [[ -n "${{ steps.tag_regex_match.outputs.match }}" ]]; then | |
create_release="true" | |
fi | |
if [[ -n "${{ steps.tag_regex_match.outputs.group1 }}" ]]; then | |
is_prerelease="true" | |
fi | |
echo "create_release=${create_release}" >> "${GITHUB_OUTPUT}" | |
echo "is_prerelease=${is_prerelease}" >> "${GITHUB_OUTPUT}" | |
# Get date | |
- name: get date | |
id: get_date | |
run: | | |
echo "date_str=$(date +%Y%m%d%H%M%S)" >> "${GITHUB_OUTPUT}" | |
# Get workflow path | |
- name: get workflow path | |
id: get_workflow_path | |
run: | | |
# Get tag without release candidate | |
tag="${{ steps.get_tag.outputs.tag }}" | |
tag="${tag//-rc}" | |
# Check workflow directory exists | |
if [[ ! -d "workflows/$tag" ]]; then | |
echo "Could not find directory workflows/$tag" | |
exit 1 | |
fi | |
workflow_path="$( \ | |
find "workflows/$tag" \ | |
-mindepth 1 \ | |
-maxdepth 1 \ | |
-type f \ | |
-name "*.cwl" | |
)" | |
echo "workflow_path=${workflow_path}" >> "${GITHUB_OUTPUT}" | |
# Set git tag env var | |
- name: set git tag | |
id: set_git_tag | |
run: | | |
echo "git_tag=${{ steps.get_tag.outputs.tag }},${{ steps.get_tag.outputs.tag }}__${{ steps.get_date.outputs.date_str }}" >> "${GITHUB_OUTPUT}" | |
# Set up complete | |
# Set outputs | |
outputs: | |
original_tag: ${{ steps.get_tag.outputs.tag }} | |
git_tag: ${{ steps.set_git_tag.outputs.git_tag }} | |
user_name: ${{ steps.get_user_configurations.outputs.user_name }} | |
user_email: ${{ steps.get_user_configurations.outputs.user_email }} | |
workflow_path: ${{ steps.get_workflow_path.outputs.workflow_path }} | |
create_release: ${{ steps.has_regex_match.outputs.create_release }} | |
is_prerelease: ${{ steps.has_regex_match.outputs.is_prerelease }} | |
get_umccr_prod_icav2_access_token: | |
# Note this currently gets the access token for the 'trial' project | |
name: Get ICAv2 Access Token (umccr-prod) | |
uses: ./.github/workflows/get_tenant_icav2_access_token.yml | |
with: | |
role_to_assume_arn: arn:aws:iam::472057503814:role/gh-service-icav2-pipeline-user-prod | |
secret_arn: arn:aws:secretsmanager:ap-southeast-2:472057503814:secret:ICAv2JWTKey-umccr-prod-service-pipelines-WoiHJv | |
secrets: | |
symmetrical_encryption_key: ${{ secrets.SYMMETRICAL_ENCRYPTION_KEY }} | |
create_release_asset: | |
name: create release asset | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash -l {0} | |
needs: | |
- release_asset_precheck | |
- get_umccr_prod_icav2_access_token | |
steps: | |
# Checkout code | |
- name: Checkout code | |
id: git_checkout | |
uses: actions/checkout@v4 | |
# Decrypt tokens | |
- id: decrypt_umccr_prod_icav2_access_token | |
name: Decrypt Access Token | |
uses: ./.github/actions/decrypt_token | |
with: | |
encrypted_token: ${{ needs.get_umccr_prod_icav2_access_token.outputs.icav2_access_token_encrypted }} | |
decryption_key: ${{ secrets.SYMMETRICAL_ENCRYPTION_KEY }} | |
# Create release asset | |
- name: create release asset | |
id: create_release_asset | |
if: needs.release_asset_precheck.outputs.create_release == 'true' | |
run: | | |
docker run \ | |
--rm \ | |
--volume "$PWD:$PWD" \ | |
--workdir "$PWD" \ | |
--env CWL_ICA_REPO_PATH="${PWD}" \ | |
--env GITHUB_SERVER_URL="${GITHUB_SERVER_URL}" \ | |
--env GITHUB_REPOSITORY="${GITHUB_REPOSITORY}" \ | |
--env GITHUB_TAG="${{ needs.release_asset_precheck.outputs.git_tag }}" \ | |
--env GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" \ | |
--env _GIT_AUTHOR_NAME="${{ needs.release_asset_precheck.outputs.user_name }}" \ | |
--env _GIT_AUTHOR_EMAIL="${{ needs.release_asset_precheck.outputs.user_email }}" \ | |
--env ICAV2_ACCESS_TOKEN_UMCCR_PROD="${{ steps.decrypt_umccr_prod_icav2_access_token.outputs.decrypted_token }}" \ | |
ghcr.io/umccr/cwl-ica-cli:latest \ | |
bash ".github/scripts/create_workflow_release_asset.sh" \ | |
--workflow-path "${{ needs.release_asset_precheck.outputs.workflow_path }}" \ | |
--is-prerelease "${{ needs.release_asset_precheck.outputs.is_prerelease }}" |