constellation/.github/workflows/versionsapi.yml
renovate[bot] dcf1b88a29
deps: update actions/checkout action to v4 (#2752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00

197 lines
5.8 KiB
YAML

name: Versionsapi cli
on:
workflow_dispatch:
inputs:
command:
description: Command to run
required: true
type: choice
options:
- latest
- list
- add
- remove
ref:
description: --ref flag
required: false
type: string
stream:
description: --stream flag
required: false
type: string
version:
description: --version flag
required: false
type: string
kind:
description: --kind flag
required: false
type: string
version_path:
description: --version-path flag
required: false
type: string
add_latest:
description: --latest flag
required: false
default: false
type: boolean
add_release:
description: --release flag
required: false
default: false
type: boolean
rm_all:
description: --all flag
required: false
default: false
type: boolean
dryrun:
description: --dryrun flag
required: false
default: false
type: boolean
workflow_call:
inputs:
command:
description: Command to run
required: true
type: string
ref:
description: --ref flag
required: false
type: string
stream:
description: --stream flag
required: false
type: string
version:
description: --version flag
required: false
type: string
kind:
description: --kind flag
required: false
type: string
version_path:
description: --version-path flag
required: false
type: string
add_latest:
description: --latest flag
required: false
type: boolean
add_release:
description: --release flag
required: false
type: boolean
rm_all:
description: --all flag
required: false
type: boolean
dryrun:
description: --dryrun flag
required: false
default: false
type: boolean
outputs:
output:
description: Output of the command
value: ${{ jobs.versionsapi.outputs.output }}
concurrency:
group: versionsapi
cancel-in-progress: false
jobs:
versionsapi:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
outputs:
output: ${{ steps.run.outputs.output }}
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Check required rights
id: check-rights
shell: bash
run: |
case "${{ inputs.command }}" in
add)
echo "Write access to S3 bucket required."
echo "write=true" | tee -a "$GITHUB_OUTPUT"
echo "No authentication at cloud provider required."
echo "auth=false" | tee -a "$GITHUB_OUTPUT"
;;
remove)
echo "Write access to S3 bucket required."
echo "write=true" | tee -a "$GITHUB_OUTPUT"
echo "Authentication at cloud provider required."
echo "auth=true" | tee -a "$GITHUB_OUTPUT"
;;
latest | list)
echo "Only read access required."
echo "write=false" | tee -a "$GITHUB_OUTPUT"
echo "auth=false" | tee -a "$GITHUB_OUTPUT"
;;
*)
echo "Unknown command '${{ inputs.command }}'."
exit 1
;;
esac
- name: Login to AWS without write access
if: steps.check-rights.outputs.write == 'false'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1
- name: Login to AWS with write access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite
aws-region: eu-central-1
- name: Login to AWS with write and image remove access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove
aws-region: eu-central-1
- name: Login to Azure
if: steps.check-rights.outputs.auth == 'true'
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Login to GCP
if: steps.check-rights.outputs.auth == 'true'
uses: ./.github/actions/login_gcp
with:
service_account: "image-deleter@constellation-images.iam.gserviceaccount.com"
- name: Execute versionsapi CLI
id: run
uses: ./.github/actions/versionsapi
with:
command: ${{ inputs.command }}
ref: ${{ inputs.ref }}
stream: ${{ inputs.stream }}
version: ${{ inputs.version }}
kind: ${{ inputs.kind }}
version_path: ${{ inputs.version_path }}
add_latest: ${{ inputs.add_latest }}
add_release: ${{ inputs.add_release }}
rm_all: ${{ inputs.rm_all }}
dryrun: ${{ inputs.dryrun }}