diff --git a/.github/workflows/approve-publish.yaml b/.github/workflows/approve-publish.yaml new file mode 100644 index 00000000..eedff91d --- /dev/null +++ b/.github/workflows/approve-publish.yaml @@ -0,0 +1,21 @@ +name: PR Checks + +on: + pull_request: + branches: + - main + - features/* + - release/* + +jobs: + pr-checks: + name: "PR Checks" + runs-on: ubuntu-latest + environment: publish-bicep + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Add your steps here that do not require secrets + - name: Run tests + run: echo "Running tests..." \ No newline at end of file diff --git a/.github/workflows/publish-bicep.yaml b/.github/workflows/publish-bicep.yaml index 441d6de0..28133f10 100644 --- a/.github/workflows/publish-bicep.yaml +++ b/.github/workflows/publish-bicep.yaml @@ -21,140 +21,107 @@ on: - main tags: - v* - pull_request: - branches: - - main - workflow_dispatch: - inputs: {} + # pull_request: + # branches: + # - main + workflow_run: + workflows: ["PR Checks"] + types: + - completed permissions: id-token: write contents: read + checks: write # Required for creating a check run env: # bicep-types ACR url for uploading AWS Bicep types - BICEP_TYPES_REGISTRY: 'biceptypes.azurecr.io' + BICEP_TYPES_REGISTRY: 'shruku.azurecr.io' AWS_REGION: us-west-2 CI_PUBLISH_RELEASE: ${{ github.repository == 'radius-project/bicep-types-aws' && startsWith(github.ref, 'refs/tags/v') && github.event_name == 'push' }} CI_PUBLISH_LATEST: ${{ github.repository == 'radius-project/bicep-types-aws' && github.ref == 'refs/heads/main' && github.event_name == 'push' }} jobs: - build-and-push-bicep-types: - name: Publish Radius bicep types to ACR + approve-publish: + name: "Approve Publish" runs-on: ubuntu-latest - environment: publish-bicep - steps: - - name: Check out code - uses: actions/checkout@v4 - - name: Parse release version and set environment variables - run: python ./.github/scripts/get_release_version.py - - name: Set up Go ${{ env.GOVER }} - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOVER }} - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - name: 'Build aws-type-downloader' - env: - GOPROXY: "https://proxy.golang.org" - working-directory: 'src/aws-type-downloader' - run: go build . - - name: Download AWS specs from CloudControl - run: | - cd src/aws-type-downloader && go run main.go --output ../../artifacts/types --clean - - name: 'Initialize submodule' - run: | - git submodule update --init --recursive - npm --prefix bicep-types/src/bicep-types ci && npm --prefix bicep-types/src/bicep-types run build; \ - - name: Generate Bicep extensibility types for AWS - env: - VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }} - run: | - npm --prefix ./src/aws-type-generator install - npm run --prefix ./src/aws-type-generator start -- --input ../../artifacts/types --output ../../artifacts/bicep --release-version ${{ env.VERSION }} - - name: Upload AWS Bicep types artifacts - uses: actions/upload-artifact@v4 - with: - name: aws-bicep-types - path: ./artifacts/bicep - if-no-files-found: error - - name: 'Login via Azure CLI' - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} - uses: azure/login@v2 - with: - client-id: ${{ secrets.BICEPTYPES_CLIENT_ID }} - tenant-id: ${{ secrets.BICEPTYPES_TENANT_ID }} - subscription-id: ${{ secrets.BICEPTYPES_SUBSCRIPTION_ID }} - - name: Setup and verify bicep CLI - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} - run: | - curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 - chmod +x ./bicep - sudo mv ./bicep /usr/local/bin/bicep - bicep --version - - name: Publish bicep types - if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} - env: - VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }} - run: | - bicep publish-extension ./artifacts/bicep/index.json --target br:${{ env.BICEP_TYPES_REGISTRY }}/aws:${{ env.VERSION }} --force - update-types: - if: github.event_name == 'pull_request' && github.base_ref == 'main' - name: Update Bicep extensibility provider types - runs-on: ubuntu-latest - timeout-minutes: 10 - env: - GOVER: '^1.18' - GOPROXY: https://proxy.golang.org + if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - - uses: actions/checkout@v4 - - - id: get_commit_hash - name: Get commit hash (radius-project/bicep-types-aws) - run: | - echo "commit_hash_short=$(git rev-parse HEAD --short)" >> $GITHUB_OUTPUT - echo "gh_uri=https://github.com/radius-project/bicep-types-aws/tree/$(git rev-parse HEAD)/artifacts/bicep" >> $GITHUB_OUTPUT - - - name: Clone https://github.com/radius-project/bicep + - name: Checkout repository uses: actions/checkout@v4 - with: - token: ${{ secrets.GH_RAD_CI_BOT_PAT }} - repository: radius-project/bicep - path: workflow-temp/bicep - ref: bicep-extensibility - - name: Copy generated files to radius-project/bicep repo + # Steps that require secrets + - name: Verify Secret Availability run: | - mkdir -p workflow-temp/bicep/src/Bicep.Types.Aws/generated - cp -R artifacts/bicep/* workflow-temp/bicep/src/Bicep.Types.Aws/generated - - - name: Create Pull Request in radius-project/bicep repo - uses: peter-evans/create-pull-request@v7 - with: - path: workflow-temp/bicep - token: ${{ secrets.GH_RAD_CI_BOT_PAT }} - committer: rad-ci-bot - author: rad-ci-bot - signoff: true - branch: aws-types/patch-${{ github.event.pull_request.number }} - delete-branch: true - title: | - Update AWS extensibility provider for Bicep - body: | - ## Autogenerated Report - - Updates Bicep extensibility type definitions generated from [radius-project/bicep-types-aws](${{ steps.get_commit_hash.outputs.gh_uri }}) - commit-message: | - update generated types from ${{ steps.get_commit_hash.outputs.gh_uri }} - labels: | - autogenerated - github_actions - aws-types - draft: false \ No newline at end of file + if [ -z "${{ secrets.MY_SECRET }}" ]; then + echo "MY_SECRET is not set." + exit 1 + else + echo "MY_SECRET is available." + fi + # build-and-push-bicep-types: + # name: Publish Radius bicep types to ACR + # runs-on: ubuntu-latest + # steps: + # - name: Check out code + # uses: actions/checkout@v4 + # - name: Parse release version and set environment variables + # run: python ./.github/scripts/get_release_version.py + # - name: Set up Go ${{ env.GOVER }} + # uses: actions/setup-go@v5 + # with: + # go-version: ${{ env.GOVER }} + # - name: Setup Node.js + # uses: actions/setup-node@v4 + # with: + # node-version: '18' + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # aws-region: ${{ env.AWS_REGION }} + # - name: 'Build aws-type-downloader' + # env: + # GOPROXY: "https://proxy.golang.org" + # working-directory: 'src/aws-type-downloader' + # run: go build . + # - name: Download AWS specs from CloudControl + # run: | + # cd src/aws-type-downloader && go run main.go --output ../../artifacts/types --clean + # - name: 'Initialize submodule' + # run: | + # git submodule update --init --recursive + # npm --prefix bicep-types/src/bicep-types ci && npm --prefix bicep-types/src/bicep-types run build; \ + # - name: Generate Bicep extensibility types for AWS + # env: + # VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }} + # run: | + # npm --prefix ./src/aws-type-generator install + # npm run --prefix ./src/aws-type-generator start -- --input ../../artifacts/types --output ../../artifacts/bicep --release-version ${{ env.VERSION }} + # - name: Upload AWS Bicep types artifacts + # uses: actions/upload-artifact@v4 + # with: + # name: aws-bicep-types + # path: ./artifacts/bicep + # if-no-files-found: error + # - name: 'Login via Azure CLI' + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # uses: azure/login@v2 + # with: + # client-id: ${{ secrets.BICEPTYPES_CLIENT_ID }} + # tenant-id: ${{ secrets.BICEPTYPES_TENANT_ID }} + # subscription-id: ${{ secrets.BICEPTYPES_SUBSCRIPTION_ID }} + # - name: Setup and verify bicep CLI + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # run: | + # curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 + # chmod +x ./bicep + # sudo mv ./bicep /usr/local/bin/bicep + # bicep --version + # - name: Publish bicep types + # if: ${{ env.CI_PUBLISH_LATEST == 'true' || env.CI_PUBLISH_RELEASE == 'true' }} + # env: + # VERSION: ${{ env.REL_CHANNEL == 'edge' && 'latest' || env.REL_CHANNEL }} + # run: | + # bicep publish-extension ./artifacts/bicep/index.json --target br:${{ env.BICEP_TYPES_REGISTRY }}/aws:${{ env.VERSION }} --force \ No newline at end of file