Skip to content

Fix update-gemfiles workflow permissions #5414

Fix update-gemfiles workflow permissions

Fix update-gemfiles workflow permissions #5414

Workflow file for this run

name: Build gem
on:
workflow_dispatch:
inputs:
push:
description: Push gem
required: true
type: boolean
default: true
push:
branches:
- "**"
env:
GEM_HOST: 'https://rubygems.pkg.github.com/DataDog'
jobs:
build:
strategy:
fail-fast: false
matrix:
type:
- final
- dev
runs-on: ubuntu-latest
name: Build gem (${{ matrix.type }})
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- name: Patch version
if: ${{ matrix.type != 'final' }}
run: |
# Obtain context information
gha_run_id='${{ github.run_id }}'
git_ref='${{ github.ref }}'
git_sha='${{ github.sha }}'
# Output info for CI debug
echo gha_run_id="${gha_run_id}"
echo git_ref="${git_ref}"
echo git_sha="${git_sha}"
.gitlab/patch_gem_version.sh gha $gha_run_id $git_ref $git_sha;
- name: Patch gem host
if: ${{ matrix.type != 'final' }}
run: |
# Patch in GEM_HOST
sed datadog.gemspec -i -e "s,^\([\t ]*spec\.metadata\['allowed_push_host'\]\) *= *,\1 = \'${GEM_HOST}\' # ,"
# Test result
cat datadog.gemspec | grep -e allowed_push_host
- name: Build gem
run: bundle exec rake build
- name: List gem
run: |
find pkg
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg/*.gem'
test:
strategy:
fail-fast: false
matrix:
type:
- final
- dev
runs-on: ubuntu-latest
name: Test gem
needs:
- build
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg'
- name: List gem
run: |
find pkg
- uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
- name: Install gem
run: |
gem install pkg/*.gem
push:
strategy:
fail-fast: false
matrix:
type:
- dev
runs-on: ubuntu-latest
name: Push gem
needs:
- test
if: ${{ inputs.push }}
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: 'datadog-gem-${{ matrix.type }}-gha${{ github.run_id }}-g${{ github.sha }}'
path: 'pkg'
- name: List gem
run: |
find pkg
- name: Set up GitHub Packages authentication
run: |
mkdir -p ~/.gem
cat > ~/.gem/credentials <<'CREDENTIALS'
---
:github: Bearer ${{ secrets.GITHUB_TOKEN }}
CREDENTIALS
chmod 0600 ~/.gem/credentials
- name: Push gem
run: |
find pkg -name '*.gem' | while read -r gem; do
echo "=== pushing '${gem}'"
gem push --key github --host ${{ env.GEM_HOST }} "${gem}"
done
- name: Clean up credentials
run: |
rm -rvf ~/.gem/credentials