filter sensitive info from URLs according to the new specs #172
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build gem | |
on: | |
workflow_dispatch: | |
inputs: | |
push: | |
description: Push gem | |
required: true | |
type: boolean | |
default: true | |
push: | |
branches: | |
- '**' | |
env: | |
GEM_HOST: 'https://rubygems.pkg.github.com/DataDog' | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- final | |
- dev | |
runs-on: ubuntu-latest | |
name: Build gem (${{ matrix.type }}) | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@31a7f6d628878b80bc63375a93ae079ec50a1601 # v1.143.0 | |
with: | |
ruby-version: '3.2' | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- name: Patch version | |
if: ${{ matrix.type != 'final' }} | |
run: | | |
# Obtain context information | |
git_ref='${{ github.ref }}' | |
git_branch="$(echo "${git_ref}" | sed -e 's#^refs/heads/##')" | |
git_sha='${{ github.sha }}' | |
gha_run_id='${{ github.run_id }}' | |
# Output info for CI debug | |
echo git_ref="${git_ref}" | |
echo git_branch="${git_branch}" | |
echo git_sha="${git_sha}" | |
echo gha_run_id="${gha_run_id}" | |
# Sanitize for ruby version usage | |
git_branch_sanitized="$(echo "$git_branch" | sed -e 's/[^a-zA-Z0-9+]\{1,\}/./g')" | |
echo git_branch_sanitized="${git_branch_sanitized}" | |
# Shorten commit sha | |
git_sha_short="${git_sha:0:12}" | |
echo git_sha_short="${git_sha_short}" | |
# Set component values: | |
# - PRE is `dev` to denote being a development version and | |
# act as a categorizer. | |
# - BUILD starts with CI run id for ordering. | |
# - BUILD has CI run id for traceability, prefixed by `gha` | |
# for identification. | |
# - BUILD has commit next for traceability, prefixed git-describe | |
# style by `g` for identification. | |
# - BUILD has branch name last since it has to be separated | |
# by dots and thus has variable version segment size and | |
# unpredictable ordering; it can thus be reliably extracted | |
# and does not impair readability in lists | |
PRE='${{ matrix.type }}' | |
BUILD="gha${gha_run_id}.g${git_sha_short}.${git_branch_sanitized}" | |
# Output info for CI debug | |
echo PRE="${PRE}" | |
echo BUILD="${BUILD}" | |
# Patch in components | |
sed lib/datadog/ci/version.rb -i -e "s/^\([\t ]*PRE\) *= */\1 = \'${PRE}\' # /" | |
sed lib/datadog/ci/version.rb -i -e "s/^\([\t ]*BUILD\) *= */\1 = \'${BUILD}\' # /" | |
# Test result | |
cat lib/datadog/ci/version.rb | grep -e PRE -e BUILD | |
ruby -Ilib -rdatadog/ci/version -e 'puts Datadog::CI::VERSION::STRING' | |
ruby -Ilib -rdatadog/ci/version -e 'puts Gem::Version.new(Datadog::CI::VERSION::STRING).to_s' | |
- name: Patch gem host | |
if: ${{ matrix.type != 'final' }} | |
run: | | |
# Patch in GEM_HOST | |
sed datadog-ci.gemspec -i -e "s,^\([\t ]*spec\.metadata\['allowed_push_host'\]\) *= *,\1 = \'${GEM_HOST}\' # ," | |
# Test result | |
cat datadog-ci.gemspec | grep -e allowed_push_host | |
- name: Build gem | |
run: bundle exec rake build | |
- name: List gem | |
run: | | |
find pkg | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg/*.gem' | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- final | |
- dev | |
runs-on: ubuntu-latest | |
name: Test gem | |
needs: | |
- build | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg' | |
- name: List gem | |
run: | | |
find pkg | |
- uses: ruby/setup-ruby@31a7f6d628878b80bc63375a93ae079ec50a1601 # v1.143.0 | |
with: | |
ruby-version: '3.2' | |
- name: Install gem | |
run: | | |
gem install pkg/*.gem | |
push: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- dev | |
runs-on: ubuntu-latest | |
name: Push gem | |
needs: | |
- test | |
if: ${{ inputs.push }} | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg' | |
- name: List gem | |
run: | | |
find pkg | |
- name: Set up GitHub Packages authentication | |
run: | | |
mkdir -p ~/.gem | |
cat > ~/.gem/credentials <<'CREDENTIALS' | |
--- | |
:github: Bearer ${{ secrets.GITHUB_TOKEN }} | |
CREDENTIALS | |
chmod 0600 ~/.gem/credentials | |
- name: Push gem | |
run: | | |
find pkg -name '*.gem' | while read -r gem; do | |
echo "=== pushing '${gem}'" | |
gem push --key github --host ${{ env.GEM_HOST }} "${gem}" | |
done | |
- name: Clean up credentials | |
run: | | |
rm -rvf ~/.gem/credentials |