forked from Azure/bicep-registry-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
73 lines (65 loc) · 2.35 KB
/
publish-module.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: Publish module
on:
workflow_call:
inputs:
tag:
description: "The git tag of the module to publish."
required: true
type: string
secrets:
# Secrets must be passed from the caller workflow explicitly.
PUBLISH_CLIENT_ID:
required: true
PUBLISH_TENANT_ID:
required: true
PUBLISH_SUBSCRIPTION_ID:
required: true
PUBLISH_REGISTRY_SERVER:
required: true
workflow_dispatch:
inputs:
tag:
description: "The git tag of the module to publish."
required: true
type: string
permissions:
id-token: write
contents: read
jobs:
main:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Parse tag
id: parse-tag
uses: actions/github-script@v6
with:
result-encoding: string
script: |
const script = require("./scripts/github-actions/parse-tag.js")
const tag = "${{ github.event.inputs.tag || inputs.tag }}"
script({ core, tag })
- name: Checkout tag
uses: actions/checkout@v2
with:
# Input contexts for workflow_dispatch and workflow_call are inconsistent.
# For workflow_dispatch, use ${{ github.event.inputs.<variable_name> }}
# For workflow_call, use ${{ inputs.<variable_name> }}
ref: ${{ github.event.inputs.tag || inputs.tag }}
- name: Log in to Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.PUBLISH_CLIENT_ID }}
tenant-id: ${{ secrets.PUBLISH_TENANT_ID }}
subscription-id: ${{ secrets.PUBLISH_SUBSCRIPTION_ID }}
# Adding a step to explicitly install the latest Bicep CLI because there is
# always a delay in updating Bicep CLI in the job runner environments.
- name: Install the latest Bicep CLI
run: |
curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
chmod +x ./bicep
sudo mv ./bicep /usr/local/bin/bicep
bicep --version
- name: Publish module
run: bicep publish "modules/${{ steps.parse-tag.outputs.module_path }}/main.json" --target "br:${{ secrets.PUBLISH_REGISTRY_SERVER }}/public/bicep/${{ steps.parse-tag.outputs.module_path }}:${{ steps.parse-tag.outputs.version }}"