From 195fe27870fc2692c3361917448aefdf097dcf6b Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Mon, 2 Jan 2023 13:34:49 +0100 Subject: [PATCH] ci: add versionsapi workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .github/workflows/versionsapi.yml | 191 ++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 .github/workflows/versionsapi.yml diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml new file mode 100644 index 000000000..7a6bdf8a6 --- /dev/null +++ b/.github/workflows/versionsapi.yml @@ -0,0 +1,191 @@ +name: Versionsapi cli + +on: + workflow_dispatch: + inputs: + command: + description: Command to run + required: true + type: choice + options: + - add + - latest + - list + - rm + ref: + description: --ref flag + required: false + type: string + stream: + description: --stream flag + required: false + type: string + version: + description: --version flag + required: false + type: string + add_latest: + description: --latest flag + required: false + default: false + type: boolean + add_release: + description: --release flag + required: false + default: false + type: boolean + rm_all: + description: --all flag + required: false + default: false + type: boolean + workflow_call: + inputs: + command: + description: Command to run + required: true + type: string + ref: + description: --ref flag + required: false + type: string + stream: + description: --stream flag + required: false + type: string + version: + description: --version flag + required: false + type: string + add_latest: + description: --latest flag + required: false + type: boolean + add_release: + description: --release flag + required: false + type: boolean + rm_all: + description: --all flag + required: false + type: boolean + outputs: + output: + description: Output of the command + value: ${{ jobs.versionsapi.outputs.output }} + +concurrency: + group: versionsapi + cancel-in-progress: false + +jobs: + versionsapi: + runs-on: ubuntu-22.04 + permissions: + id-token: write + contents: read + outputs: + output: ${{ steps.run.outputs.output }} + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + with: + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Check required rights + id: check-rights + shell: bash + run: | + case "${{ inputs.command }}" in + add) + echo "Write access to S3 bucket required." + echo "write=true" >> "$GITHUB_OUTPUT" + echo "No authentication at cloud provider required." + echo "auth=false" >> "$GITHUB_OUTPUT" + ;; + rm) + echo "Write access to S3 bucket required." + echo "write=true" >> "$GITHUB_OUTPUT" + echo "Authentication at cloud provider required." + echo "auth=true" >> "$GITHUB_OUTPUT" + ;; + latest | list) + echo "Only read access required." + echo "write=false" >> "$GITHUB_OUTPUT" + echo "auth=false" >> "$GITHUB_OUTPUT" + ;; + *) + echo "Unknown command '${{ inputs.command }}'." + exit 1 + ;; + esac + + - name: Login to AWS without write access + if: steps.check-rights.outputs.write == 'false' + uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0 + with: + role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead + aws-region: eu-central-1 + + - name: Login to AWS with write access + if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false' + uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0 + with: + role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite + aws-region: eu-central-1 + + - name: Login to AWS with write and image remove access + if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true' + uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0 + with: + role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove + aws-region: eu-central-1 + + - name: Login to Azure + if: steps.check-rights.outputs.auth == 'true' + uses: ./.github/actions/login_azure + with: + azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} + + - name: Login to GCP + if: steps.check-rights.outputs.auth == 'true' + uses: ./.github/actions/login_gcp + with: + gcp_service_account_json: ${{ secrets.GCP_IMAGE_UPLOAD_SERVICE_ACCOUNT }} + + - name: Setup Go environment + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: "1.19.4" + cache: true + + - name: Build versionsapi CLI + working-directory: internal/versionsapi/cli + run: go build -o versionsapi + + - name: Execute versionsapi CLI + id: run + working-directory: internal/versionsapi/cli + run: | + set -x + + ref=$([[ -n "${{ inputs.ref }}" ]] && echo "--ref ${{ inputs.ref }}" || echo "") + stream=$([[ -n "${{ inputs.stream }}" ]] && echo "--stream ${{ inputs.stream }}" || echo "") + version=$([[ -n "${{ inputs.version }}" ]] && echo "--version ${{ inputs.version }}" || echo "") + add_latest=$([[ "${{ inputs.add_latest }}" == "true" ]] && echo "--latest" || echo "") + add_release=$([[ "${{ inputs.add_release }}" == "true" ]] && echo "--release" || echo "") + rm_all=$([[ "${{ inputs.rm_all }}" == "true" ]] && echo "--all" || echo "") + + # shellcheck disable=SC2086 + out=$( + ./versionsapi "${{ inputs.command }}" \ + ${ref} \ + ${stream} \ + ${version} \ + ${add_latest} \ + ${add_release} \ + ${rm_all} \ + --verbose + ) + echo "$out" + echo "output=$out" >> "$GITHUB_OUTPUT"