[action] check for updates to dependabot actions #211
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Release & Upload Assets | ||
on: | ||
push: | ||
# Sequence of patterns matched against refs/tags | ||
tags: | ||
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 | ||
jobs: | ||
ci: | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
uses: smallstep/cli/.github/workflows/ci.yml@master | ||
secrets: inherit | ||
create_release: | ||
name: Create Release | ||
needs: ci | ||
runs-on: ubuntu-latest | ||
env: | ||
DOCKER_IMAGE: smallstep/step-cli | ||
DEBIAN_TAG: bullseye | ||
outputs: | ||
version: ${{ steps.extract-tag.outputs.VERSION }} | ||
vversion: ${{ steps.extract-tag.outputs.VVERSION }} | ||
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} | ||
docker_tags: ${{ env.DOCKER_TAGS }} | ||
docker_tags_debian: ${{ env.DOCKER_TAGS_DEBIAN }} | ||
steps: | ||
- name: Is Pre-release | ||
id: is_prerelease | ||
run: | | ||
set +e | ||
echo ${{ github.ref }} | grep "\-rc.*" | ||
OUT=$? | ||
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi | ||
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> ${GITHUB_OUTPUT} | ||
- name: Extract Tag Names | ||
id: extract-tag | ||
run: | | ||
VVERSION=${GITHUB_REF#refs/tags/} | ||
VERSION=${GITHUB_REF#refs/tags/v} | ||
echo "VVERSION=${VVERSION}" >> ${GITHUB_OUTPUT} | ||
echo "VERSION=${VERSION}" >> ${GITHUB_OUTPUT} | ||
echo "DOCKER_TAGS=${{ env.DOCKER_IMAGE }}:${VERSION}" >> ${GITHUB_ENV} | ||
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_IMAGE }}:${VERSION}-${DEBIAN_TAG}" >> ${GITHUB_ENV} | ||
- name: Add Latest Tag | ||
if: steps.is_prerelease.outputs.IS_PRERELEASE == 'false' | ||
run: | | ||
echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},${{ env.DOCKER_IMAGE }}:latest" >> ${GITHUB_ENV} | ||
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_TAGS_DEBIAN }},${{ env.DOCKER_IMAGE }}:${DEBIAN_TAG}" >> ${GITHUB_ENV} | ||
- name: Create Release | ||
id: create_release | ||
uses: actions/create-release@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
tag_name: ${{ github.ref }} | ||
release_name: Release ${{ github.ref }} | ||
draft: false | ||
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} | ||
goreleaser: | ||
needs: create_release | ||
permissions: | ||
id-token: write | ||
contents: write | ||
uses: smallstep/workflows/.github/workflows/goreleaser.yml@main | ||
secrets: inherit | ||
build_upload_docker: | ||
name: Build & Upload Docker Images | ||
needs: create_release | ||
permissions: | ||
id-token: write | ||
contents: write | ||
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main | ||
with: | ||
platforms: linux/amd64,linux/386,linux/arm,linux/arm64 | ||
tags: ${{ needs.create_release.outputs.docker_tags }} | ||
docker_image: smallstep/step-cli | ||
docker_file: docker/Dockerfile | ||
secrets: inherit | ||
build_upload_docker_debian: | ||
name: Build & Upload Docker Images using Debian | ||
needs: create_release | ||
permissions: | ||
id-token: write | ||
contents: write | ||
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main | ||
with: | ||
platforms: linux/amd64,linux/386,linux/arm,linux/arm64 | ||
tags: ${{ needs.create_release.outputs.docker_tags_debian }} | ||
docker_image: smallstep/step-cli | ||
docker_file: docker/Dockerfile.debian | ||
secrets: inherit | ||
# All jobs below this are for full releases (non release candidates e.g. *-rc.*) | ||
build_upload_aws_s3_binaries: | ||
name: Build & Upload AWS S3 Binaries | ||
runs-on: ubuntu-latest | ||
needs: create_release | ||
if: needs.create_release.outputs.is_prerelease == 'false' | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Setup Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: 'stable' | ||
check-latest: true | ||
- name: Build | ||
id: build | ||
run: | | ||
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin | ||
make -j1 binary-linux-amd64 binary-linux-arm64 binary-darwin-amd64 binary-windows-amd64 | ||
mkdir -p ./.releases | ||
cp ./output/binary/linux-amd64/bin/step ./.releases/step_${{ needs.create_release.outputs.version }}_linux_amd64 | ||
cp ./output/binary/linux-amd64/bin/step ./.releases/step_latest_linux_amd64 | ||
cp ./output/binary/linux-arm64/bin/step ./.releases/step_${{ needs.create_release.outputs.version }}_linux_arm64 | ||
cp ./output/binary/linux-arm64/bin/step ./.releases/step_latest_linux_arm64 | ||
cp ./output/binary/darwin-amd64/bin/step ./.releases/step_${{ needs.create_release.outputs.version }}_darwin_amd64 | ||
cp ./output/binary/darwin-amd64/bin/step ./.releases/step_latest_darwin_amd64 | ||
cp ./output/binary/windows-amd64/bin/step ./.releases/step_${{ needs.create_release.outputs.version }}_windows.exe | ||
cp ./output/binary/windows-amd64/bin/step ./.releases/step_latest_windows.exe | ||
- name: Upload s3 id: upload-s3 uses: jakejarvis/s3-sync-action@v0.5.1 | ||
with: | ||
args: --acl public-read --follow-symlinks | ||
env: | ||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
AWS_REGION: us-east-1 | ||
SOURCE_DIR: ./.releases | ||
update_reference_docs: | ||
name: Update Reference Docs | ||
runs-on: ubuntu-latest | ||
needs: create_release | ||
if: needs.create_release.outputs.is_prerelease == 'false' | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Setup Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: 'stable' | ||
check-latest: true | ||
- name: Build | ||
id: build | ||
run: V=1 make build | ||
- name: Checkout Docs | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: smallstep/docs | ||
token: ${{ secrets.DOCS_PAT }} | ||
path: './docs' | ||
- name: Setup bot SSH signing key | ||
uses: webfactory/ssh-agent@v0.7.0 | ||
env: | ||
HAS_SSH_PRIVATE_KEY: ${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY != '' }} | ||
if: ${{ env.HAS_SSH_PRIVATE_KEY == 'true' }} | ||
with: | ||
ssh-private-key: | | ||
${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY }} | ||
- name: Update Reference | ||
id: update_reference | ||
run: | | ||
cd ./docs | ||
git config user.email "eng+ci@smallstep.com" | ||
git config user.name "step-travis-ci" | ||
# Configure GH commit signing key. | ||
git config --global commit.gpgsign true | ||
git config --global gpg.format ssh | ||
git config --global user.signingkey "${{ secrets.STEP_TRAVIS_CI_GH_PUBLIC_SIGNING_KEY }}" | ||
# Remove old docs | ||
git rm -rf ./step-cli/reference | ||
# Build fresh docs | ||
../bin/step help --markdown ./step-cli/reference | ||
# Generate new route manifest for the docs | ||
find step-cli/reference -mindepth 2 -type f | jq -R -s '[ | ||
split("\n")[:-1][] | ||
| {hideFromSidebar: true, | ||
title: "", | ||
path: ("/" + .)} | ||
]' > $RUNNER_TEMP/reference-routes.json | ||
# Replace old route manifest with new | ||
jq --argfile newRoutes $RUNNER_TEMP/reference-routes.json 'walk( | ||
if type == "object" and .isStepReference == true then | ||
.routes = $newRoutes | ||
else . end | ||
)' < manifest.json > manifest.json.new | ||
mv manifest.json.new manifest.json | ||
git add . && git commit -a -m "step-cli ${{ needs.create_release.outputs.vversion }} reference update" | ||
- name: Push changes | ||
uses: ad-m/github-push-action@v0.6.0 | ||
with: | ||
github_token: ${{ secrets.DOCS_PAT }} | ||
branch: 'main' | ||
directory: './docs' | ||
repository: 'smallstep/docs' |