-
Notifications
You must be signed in to change notification settings - Fork 141
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add script and workflow to generate TA variants
This adds a script to regenerate the Trusted Artifact variant Tasks and a GitHub Workflow to check if files need regenerating.
- Loading branch information
Showing
2 changed files
with
71 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| name: Validate PR - Trusted Artifact variants | ||
| 'on': | ||
| pull_request: | ||
| branches: [main] | ||
| jobs: | ||
| go: | ||
| name: Check Trusted Artifact variants | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v4 | ||
| - name: Check Trusted Artifact variants | ||
| run: hack/generate-ta-tasks.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -o errexit | ||
| set -o nounset | ||
| set -o pipefail | ||
| set -o posix | ||
|
|
||
| shopt -s globstar nullglob | ||
|
|
||
| HACK_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")" | ||
| TASK_DIR="$(realpath "${HACK_DIR}/../task")" | ||
|
|
||
| if ! command -v tash &> /dev/null; then | ||
| echo INFO: tash command is not available will download and use the latest version | ||
| tash_dir="$(mktemp -d)" | ||
| trap 'rm -rf ${tash_dir}' EXIT | ||
| tash_url=https://github.com/enterprise-contract/hacks/releases/download/latest/tash | ||
| echo INFO: downloading from ${tash_url} to "${tash_dir}" | ||
| curl --no-progress-meter --location --output "${tash_dir}/tash" "${tash_url}" | ||
| echo INFO: SHA256: "$(sha256sum "${tash_dir}/tash")" | ||
| chmod +x "${tash_dir}/tash" | ||
| tash() { | ||
| "${tash_dir}/tash" "$@" | ||
| } | ||
| fi | ||
|
|
||
| declare -i changes=0 | ||
| emit() { | ||
| if [ "${GITHUB_ACTIONS:-false}" == "true" ]; then | ||
| printf "::error file=%s,line=1,col=0::%s\n" "$1" "$2" | ||
| else | ||
| printf "INFO: \033[1m%s\033[0m %s\n" "$1" "$2" | ||
| fi | ||
| changes=$((changes + 1)) | ||
| } | ||
|
|
||
|
|
||
| cd "${TASK_DIR}" | ||
| for recipe_path in **/recipe.yaml; do | ||
| task_path="${recipe_path%/recipe.yaml}/$(basename "${recipe_path%/*/*}").yaml" | ||
| tash "${recipe_path}" > "${task_path}" | ||
| readme_path="${recipe_path%/recipe.yaml}/README.md" | ||
| "${HACK_DIR}/generate-readme.sh" "${task_path}" > "${readme_path}" | ||
| if ! git diff --quiet HEAD "${task_path}"; then | ||
| emit "task/${task_path}" "file is out of date and has been updated" | ||
| fi | ||
| if ! git diff --quiet HEAD "${readme_path}"; then | ||
| emit "task/${readme_path}" "file is out of date and has been updated" | ||
| fi | ||
| done | ||
|
|
||
| if [[ ${changes} -gt 0 ]]; then | ||
| if [ "${GITHUB_ACTIONS:-false}" == "true" ]; then | ||
| exit 1 | ||
| else | ||
| printf "INFO: \033[1mMake sure to include the regenerated files in your changeset\033[0m\n" | ||
| fi | ||
| fi |