Skip to content

filter sensitive info from URLs according to the new specs #172

filter sensitive info from URLs according to the new specs

filter sensitive info from URLs according to the new specs #172

Workflow file for this run

name: Build gem
on:
workflow_dispatch:
inputs:
push:
description: Push gem
required: true
type: boolean
default: true
push:
branches:
- '**'
env:
GEM_HOST: 'https://rubygems.pkg.github.com/DataDog'
jobs:
build:
strategy:
fail-fast: false
matrix:
type:
- final
- dev
runs-on: ubuntu-latest
name: Build gem (${{ matrix.type }})
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ruby/setup-ruby@31a7f6d628878b80bc63375a93ae079ec50a1601 # v1.143.0
with:
ruby-version: '3.2'
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- name: Patch version
if: ${{ matrix.type != 'final' }}
run: |
# Obtain context information
git_ref='${{ github.ref }}'
git_branch="$(echo "${git_ref}" | sed -e 's#^refs/heads/##')"
git_sha='${{ github.sha }}'
gha_run_id='${{ github.run_id }}'
# Output info for CI debug
echo git_ref="${git_ref}"
echo git_branch="${git_branch}"
echo git_sha="${git_sha}"
echo gha_run_id="${gha_run_id}"
# Sanitize for ruby version usage
git_branch_sanitized="$(echo "$git_branch" | sed -e 's/[^a-zA-Z0-9+]\{1,\}/./g')"
echo git_branch_sanitized="${git_branch_sanitized}"
# Shorten commit sha
git_sha_short="${git_sha:0:12}"
echo git_sha_short="${git_sha_short}"
# Set component values:
# - PRE is `dev` to denote being a development version and
# act as a categorizer.
# - BUILD starts with CI run id for ordering.
# - BUILD has CI run id for traceability, prefixed by `gha`
# for identification.
# - BUILD has commit next for traceability, prefixed git-describe
# style by `g` for identification.
# - BUILD has branch name last since it has to be separated
# by dots and thus has variable version segment size and
# unpredictable ordering; it can thus be reliably extracted
# and does not impair readability in lists
PRE='${{ matrix.type }}'
BUILD="gha${gha_run_id}.g${git_sha_short}.${git_branch_sanitized}"
# Output info for CI debug
echo PRE="${PRE}"
echo BUILD="${BUILD}"
# Patch in components
sed lib/datadog/ci/version.rb -i -e "s/^\([\t ]*PRE\) *= */\1 = \'${PRE}\' # /"
sed lib/datadog/ci/version.rb -i -e "s/^\([\t ]*BUILD\) *= */\1 = \'${BUILD}\' # /"
# Test result
cat lib/datadog/ci/version.rb | grep -e PRE -e BUILD
ruby -Ilib -rdatadog/ci/version -e 'puts Datadog::CI::VERSION::STRING'
ruby -Ilib -rdatadog/ci/version -e 'puts Gem::Version.new(Datadog::CI::VERSION::STRING).to_s'
- name: Patch gem host
if: ${{ matrix.type != 'final' }}
run: |
# Patch in GEM_HOST
sed datadog-ci.gemspec -i -e "s,^\([\t ]*spec\.metadata\['allowed_push_host'\]\) *= *,\1 = \'${GEM_HOST}\' # ,"
# Test result
cat datadog-ci.gemspec | grep -e allowed_push_host
- name: Build gem
run: bundle exec rake build
- name: List gem
run: |
find pkg
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg/*.gem'
test:
strategy:
fail-fast: false
matrix:
type:
- final
- dev
runs-on: ubuntu-latest
name: Test gem
needs:
- build
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg'
- name: List gem
run: |
find pkg
- uses: ruby/setup-ruby@31a7f6d628878b80bc63375a93ae079ec50a1601 # v1.143.0
with:
ruby-version: '3.2'
- name: Install gem
run: |
gem install pkg/*.gem
push:
strategy:
fail-fast: false
matrix:
type:
- dev
runs-on: ubuntu-latest
name: Push gem
needs:
- test
if: ${{ inputs.push }}
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: 'datadog-ci-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg'
- name: List gem
run: |
find pkg
- name: Set up GitHub Packages authentication
run: |
mkdir -p ~/.gem
cat > ~/.gem/credentials <<'CREDENTIALS'
---
:github: Bearer ${{ secrets.GITHUB_TOKEN }}
CREDENTIALS
chmod 0600 ~/.gem/credentials
- name: Push gem
run: |
find pkg -name '*.gem' | while read -r gem; do
echo "=== pushing '${gem}'"
gem push --key github --host ${{ env.GEM_HOST }} "${gem}"
done
- name: Clean up credentials
run: |
rm -rvf ~/.gem/credentials