Skip to content

Commit

Permalink
NEW Create action
Browse files Browse the repository at this point in the history
  • Loading branch information
emteknetnz committed Jun 1, 2022
1 parent da6ec18 commit c4b0a11
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 68 deletions.
6 changes: 2 additions & 4 deletions .github/workflows/auto-tag.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
name: Auto-tag
on:
push:
tags:
Expand All @@ -8,7 +9,4 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Auto-tag
uses: silverstripe/gha-auto-tag@main
with:
ref: ${{ github.ref }}
sha: ${{ github.sha }}
uses: emteknetnz/gha-auto-tag@main
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
# GitHub Actions - Tag release

Create a tag and an optional release

Note: this ctions seems to have issues creating tags and releases on forked repos, though it's fine on non-forked repos
92 changes: 30 additions & 62 deletions action.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
name: Tag and release
description: GitHub Action to create a tag and an optional release
inputs:
sha:
type: string
required: true
# Note: there is an explicit reason why there is no sha input parameter - see the readme
tag:
type: string
required: true
Expand All @@ -19,25 +17,16 @@ inputs:
type: string
required: false
default: ''
github_token:
description: "GitHub secret token"
required: true
runs:
using: composite
steps:

- name: Validate inputs
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
BODY: ${{ inputs.body }}
run: |
if ! [[ "$SHA" =~ ^[0-9a-f]{40}$ ]]; then
echo "Invalid sha"
exit 1
fi
if [[ "$TAG" =~ [^a-z0-9\.\-] ]]; then
if [[ "$TAG" =~ [^0-9A-Za-z\.\-] ]]; then
echo "Invalid tag"
exit 1
fi
Expand All @@ -46,6 +35,8 @@ runs:
if: ${{ inputs.release == 'true' && inputs.delete_existing == 'true' }}
shell: bash
env:
# Add string inputs to memory instead of using string substitution in shell script
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAG: ${{ inputs.tag }}
run: |
echo "Deleting old release for $TAG if it exists"
Expand All @@ -61,85 +52,63 @@ runs:
-H "Authorization: token ${{ github.token }}"
echo "Deleted existing release $RELEASE_ID for tag $TAG"
else
echo "Could not find an existing release for tag $TAG"
echo "Did not find an existing release for tag $TAG"
fi
# This fails "Resource not accessible by integration" - even with token passed in
# Note the use of ${{ inputs.github_token }} instead of ${{ github.token }}
- name: Delete existing tag if one exists
if: ${{ inputs.delete_existing == 'true' }}
shell: bash
# Add string inputs to memory instead of using string substitution in shell script
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
env:
TAG: ${{ inputs.tag }}
run: |
echo "Deleting old $TAG tag if it exists"
# Delete tag via GitHub API
# https://docs.github.com/en/rest/reference/git#delete-a-reference
curl -s \
-X DELETE https://api.github.com/repos/${{ github.repository }}/git/refs/tags/$TAG \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ inputs.github_token }}"
# - name: Checkout code
# if: ${{ inputs.release == 'false' }}
# uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # @v2
# with:
# fetch-depth: 50

# This fails
# ! [remote rejected] mytag -> mytag (refusing to allow a GitHub App to create or update workflow `.github/workflows/test.yml` without `workflows` permission)
# - name: Create tag
# if: ${{ inputs.release == 'false' }}
# shell: bash
# env:
# SHA: ${{ inputs.sha }}
# TAG: ${{ inputs.tag }}
# run: |
# # debug
# git log
# # Use raw git commands, otherwise we get "Resource not accessible by integration"
# # and the tag is not created, even if parent job is run with permission: write-all
# # This is despite the fact we can create a release via the API which generates a tag
# git checkout "$SHA"
# git tag "$TAG"
# git push origin "$TAG"
# echo "New tag $TAG created for sha $SHA"
-X GET https://api.github.com/repos/${{ github.repository }}/git/refs/tags \
-H "Accept: application/vnd.github.v3+json" > __.json
FOUND=0
# Check there are any tags so we can use jq array selector later
if [[ $(jq 'map(type)' __.json) =~ object ]]; then
if [ $(jq '.[].ref == "refs/tags/${{ inputs.tag }}"' __.json) == "true" ]; then
FOUND=1
fi
fi
if [ $FOUND == 1 ]; then
# Delete tag via GitHub API
# https://docs.github.com/en/rest/reference/git#delete-a-reference
curl -s \
-X DELETE https://api.github.com/repos/${{ github.repository }}/git/refs/tags/$TAG \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ github.token }}"
echo "Deleted existing tag $TAG"
else
echo "Did not find an existing tag for $TAG"
fi
# Note the use of ${{ inputs.github_token }} instead of ${{ github.token }}
- name: Create tag
# Creating a release will also create a tag, so only create explicitly create tag if not creating release
if: ${{ inputs.release == 'false' }}
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
run: |
# TODO: remove
# SHA=${{ github.sha }}
echo "SHA is $SHA"
echo "TAG is $TAG"
echo "url is https://api.github.com/repos/${{ github.repository }}/git/refs"
# Create new tag via GitHub API
# https://docs.github.com/en/rest/reference/git#create-a-reference
curl -s \
-X POST https://api.github.com/repos/${{ github.repository }}/git/refs \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ inputs.github_token }}" \
-H "Authorization: token ${{ github.token }}" \
-d @- << EOF
{
"sha": "$SHA",
"sha": "${{ github.sha }}",
"ref": "refs/tags/$TAG"
}
EOF
echo "New tag $TAG created for sha $SHA"
echo "New tag $TAG created for sha ${{ github.sha }}"
# Creating a release will also create a tag
- name: Create release
if: ${{ inputs.release == 'true' }}
shell: bash
env:
SHA: ${{ inputs.sha }}
TAG: ${{ inputs.tag }}
BODY: ${{ inputs.body }}
run: |
Expand All @@ -154,12 +123,11 @@ runs:
-d @- << EOF
{
"tag_name": "$TAG",
"target_commitish": "$SHA",
"target_commitish": "${{ github.sha }}",
"name": "$TAG",
"body": "$BODY",
"draft": false,
"prerelease": false
}
EOF
echo "New release $TAG created"
# ^ todo: test inputs.body with a single double quote in it

0 comments on commit c4b0a11

Please sign in to comment.