Fix update-gemfiles workflow permissions #5414
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build gem | |
on: | |
workflow_dispatch: | |
inputs: | |
push: | |
description: Push gem | |
required: true | |
type: boolean | |
default: true | |
push: | |
branches: | |
- "**" | |
env: | |
GEM_HOST: 'https://rubygems.pkg.github.com/DataDog' | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- final | |
- dev | |
runs-on: ubuntu-latest | |
name: Build gem (${{ matrix.type }}) | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.2' | |
bundler-cache: true # runs 'bundle install' and caches installed gems automatically | |
- name: Patch version | |
if: ${{ matrix.type != 'final' }} | |
run: | | |
# Obtain context information | |
gha_run_id='${{ github.run_id }}' | |
git_ref='${{ github.ref }}' | |
git_sha='${{ github.sha }}' | |
# Output info for CI debug | |
echo gha_run_id="${gha_run_id}" | |
echo git_ref="${git_ref}" | |
echo git_sha="${git_sha}" | |
.gitlab/patch_gem_version.sh gha $gha_run_id $git_ref $git_sha; | |
- name: Patch gem host | |
if: ${{ matrix.type != 'final' }} | |
run: | | |
# Patch in GEM_HOST | |
sed datadog.gemspec -i -e "s,^\([\t ]*spec\.metadata\['allowed_push_host'\]\) *= *,\1 = \'${GEM_HOST}\' # ," | |
# Test result | |
cat datadog.gemspec | grep -e allowed_push_host | |
- name: Build gem | |
run: bundle exec rake build | |
- name: List gem | |
run: | | |
find pkg | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg/*.gem' | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- final | |
- dev | |
runs-on: ubuntu-latest | |
name: Test gem | |
needs: | |
- build | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg' | |
- name: List gem | |
run: | | |
find pkg | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.2' | |
- name: Install gem | |
run: | | |
gem install pkg/*.gem | |
push: | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- dev | |
runs-on: ubuntu-latest | |
name: Push gem | |
needs: | |
- test | |
if: ${{ inputs.push }} | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}' | |
path: 'pkg' | |
- name: List gem | |
run: | | |
find pkg | |
- name: Set up GitHub Packages authentication | |
run: | | |
mkdir -p ~/.gem | |
cat > ~/.gem/credentials <<'CREDENTIALS' | |
--- | |
:github: Bearer ${{ secrets.GITHUB_TOKEN }} | |
CREDENTIALS | |
chmod 0600 ~/.gem/credentials | |
- name: Push gem | |
run: | | |
find pkg -name '*.gem' | while read -r gem; do | |
echo "=== pushing '${gem}'" | |
gem push --key github --host ${{ env.GEM_HOST }} "${gem}" | |
done | |
- name: Clean up credentials | |
run: | | |
rm -rvf ~/.gem/credentials |