Add new permissions to workflow #302
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test Workflow | |
permissions: | |
id-token: write | |
issues: write | |
pull-requests: write | |
contents: write | |
on: | |
push: | |
branches: | |
- v3.x/master | |
- v3.x/staging | |
- v3.x/rc | |
pull_request: | |
types: [opened, reopened, synchronize] | |
workflow_dispatch: | |
inputs: | |
PERFORM_RELEASE: | |
description: '[Release] perform release' | |
required: false | |
default: 'false' | |
jobs: | |
check-permission: | |
runs-on: ubuntu-latest | |
steps: | |
# this action will fail the whole workflow if permission check fails | |
- name: check permission | |
uses: zowe-actions/shared-actions/permission-check@main | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
update-changelog: | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
outputs: | |
was_updated: ${{ steps.check-change.outputs.change_detected }} | |
check_commit: ${{ steps.check-changelog.outputs.check_commit }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.head_ref }} | |
fetch-depth: 0 | |
- name: Check for updated CHANGELOG.md using git | |
id: check-changelog | |
run: | | |
if git diff --name-only origin/${{ github.base_ref }} | grep -q "^CHANGELOG.md$"; then | |
echo "CHANGELOG.md has been updated." | |
echo "::set-output name=check_commit::true" | |
else | |
echo "ERROR: CHANGELOG.md has not been updated." | |
echo "::set-output name=check_commit::false" | |
fi | |
- name: Compare PR description with template | |
if: steps.check-changelog.outputs.check_commit == 'false' | |
env: | |
PR_DESCRIPTION: ${{ github.event.pull_request.body }} | |
run: | | |
# Safely print the PR description using Node.js | |
node -e "const fs=require('fs'); fs.writeFileSync('/tmp/pr_description.txt', process.env.PR_DESCRIPTION);" | |
# Use diff to compare the two files | |
if diff -wB /tmp/pr_description.txt .github/pull_request_template.md > /dev/null; then | |
echo "ERROR: PR description is identical to the template." | |
exit 1 | |
else | |
echo "PR description and template are different." | |
fi | |
- name: Check PR body against changelog | |
if: steps.check-changelog.outputs.check_commit == 'false' | |
id: extract-changelog | |
run: | | |
result=$(node .github/workflows/set-changelog.js ${{ github.event.pull_request.number }}) | |
if [ "$result" = "Success" ]; then | |
git config --global user.email "[email protected]" | |
git config --global user.name "Zowe Robot" | |
git add CHANGELOG.md | |
git commit -s -m "Update changelog with PR #${{ github.event.pull_request.number }} description" | |
git push | |
echo "Updated CHANGELOG from description" | |
else | |
echo $result | |
echo -e "No changelog and version information found in PR description. Please add them.\nExpected Format:\nVERSION:X.XX.X\nCHANGELOG:This is changelog note.\nTo re-run the action, just make a push or commit after updating the PR description or updating the changelog via a manual file changing commit." | |
exit 1 | |
fi | |
- name: check for changes | |
id: check-change | |
run: | | |
if git diff --name-only HEAD^ HEAD | grep 'changelog.md'; then | |
echo "No Changes detected, setting flag to false" | |
echo "::set-output name=change_detected::false" | |
else | |
echo "::set-output name=change_detected::true" | |
fi | |
check_changelog: | |
if: github.event_name == 'pull_request' | |
needs: update-changelog | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Verify Changelog update | |
run: | | |
if [ "${{ needs.update-changelog.outputs.was_updated }}" != "true" ]; then | |
echo "CHANGELOG.md not updated, please update CHANGELOG.md with the changes made in the pull request" | |
exit 1 | |
else | |
echo "changelog was updated successfully." | |
fi | |
build-test: | |
runs-on: ubuntu-latest | |
needs: check-permission | |
steps: | |
- name: '[Prep 1] Checkout' | |
uses: actions/checkout@v3 | |
- name: '[Dep 1] Libyaml' | |
uses: actions/checkout@v3 | |
with: | |
repository: yaml/libyaml | |
path: deps/launcher/libyaml | |
ref: '0.2.5' | |
- name: '[Dep 2] Quickjs' | |
uses: actions/checkout@v3 | |
with: | |
repository: joenemo/quickjs-portable | |
path: deps/launcher/quickjs | |
ref: 'main' | |
- name: '[Dep 3] Zowe common' | |
uses: actions/checkout@v3 | |
with: | |
repository: zowe/zowe-common-c | |
path: deps/launcher/common | |
ref: 'v3.x/staging' | |
- name: '[Prep 2] Setup jFrog CLI' | |
uses: jfrog/setup-jfrog-cli@v2 | |
env: | |
JF_ENV_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }} | |
- name: 'convert manifest' | |
run: | | |
COMMIT_HASH=$(git rev-parse --verify HEAD) | |
CURRENT_TIME=$(date +%s%3N) | |
if [ -z ${{ github.event.pull_request.number }} ] | |
then | |
CURRENT_BRANCH=${GITHUB_REF#refs/heads/} | |
else | |
CURRENT_BRANCH=PR-${{ github.event.pull_request.number }} | |
fi | |
sed -e "s|{{build\.branch}}|${CURRENT_BRANCH}|g" \ | |
-e "s|{{build\.number}}|${{ github.run_number }}|g" \ | |
-e "s|{{build\.commitHash}}|${COMMIT_HASH}|g" \ | |
-e "s|{{build\.timestamp}}|${CURRENT_TIME}|g" \ | |
manifest.yaml > manifest.yaml.tmp | |
mv manifest.yaml.tmp manifest.yaml | |
echo "Current manifest.yaml is:" | |
cat manifest.yaml | |
- name: '[Prep 3] Prepare workflow' | |
uses: zowe-actions/shared-actions/prepare-workflow@main | |
- name: '[Packaging] Make pax' | |
uses: zowe-actions/shared-actions/make-pax@main | |
with: | |
pax-name: 'launcher' | |
pax-options: '-x os390' | |
pax-ssh-username: ${{ secrets.SSH_MARIST_USERNAME }} | |
pax-ssh-password: ${{ secrets.SSH_MARIST_RACF_PASSWORD }} | |
- name: '[Publish] Publish' | |
uses: zowe-actions/shared-actions/publish@main | |
if: success() | |
with: | |
artifacts: | | |
.pax/launcher.pax | |
perform-release: ${{ github.event.inputs.PERFORM_RELEASE }} | |
- name: '[Release 1] Release (if necessary)' | |
if: ${{ success() && github.event.inputs.PERFORM_RELEASE == 'true' && env.IS_RELEASE_BRANCH == 'true' }} | |
uses: zowe-actions/shared-actions/release@main | |
- name: '[Release 2] NPM bump version (if necessary)' | |
if: ${{ success() && github.event.inputs.PERFORM_RELEASE == 'true' && env.IS_RELEASE_BRANCH == 'true' }} | |
uses: zowe-actions/shared-actions/bump-version@main | |
with: | |
version: minor | |
env: | |
GITHUB_TOKEN: ${{ secrets.ZOWE_ROBOT_TOKEN }} |