[release-v2.10] 3rd batch release 2.10.2 #793
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generate-Regsync-Config action will run for every PR into release-v2.9 branch only after an approval is given | |
# It will run make target to generate regsync file and add a commit to the PR updating the regsync file. | |
# It will then install and run regsync client and do the prime image mirroring. | |
name: Generate-Regsync-Config | |
on: | |
pull_request: | |
types: | |
- labeled | |
jobs: | |
onLabelAndApproval: | |
if: github.event.label.name == 'regsync-ready' && startsWith(github.event.pull_request.base.ref, 'release-v') | |
runs-on: ubuntu-latest | |
outputs: | |
is_approved: ${{ steps.check-approval.outputs.approved }} | |
steps: | |
- name: Check if PR is approved | |
id: check-approval | |
run: | | |
IS_APPROVED=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews --jq '[.[] | select(.state == "APPROVED")] | length') | |
if [[ "$IS_APPROVED" -gt 0 ]]; then | |
echo "::set-output name=approved::true" | |
else | |
echo "::set-output name=approved::false" | |
fi | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build: | |
needs: onLabelAndApproval | |
if: needs.onLabelAndApproval.outputs.is_approved == 'true' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
steps: | |
- name: Read App Secrets | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ; | |
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY | |
- name: Create App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ env.APP_ID }} | |
private-key: ${{ env.PRIVATE_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ steps.app-token.outputs.token }} | |
- name: Set-up Ruby 3.2 | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.2' # Not needed with a .ruby-version file | |
- name: Generate RegSync | |
env: | |
GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
run: | | |
gh pr checkout ${{ github.event.pull_request.number }} | |
git config --global user.email "${{ secrets.USER_GITHUB }}" | |
git config --global user.name "rancherbot" | |
make pull-scripts | |
make regsync | |
- name: Check for modifications in regsync.yaml | |
id: check_changes | |
run: | | |
git diff --quiet regsync.yaml || echo "::set-output name=changed::true" | |
- name: Commit files | |
if: steps.check_changes.outputs.changed == 'true' | |
run: | | |
git add regsync.yaml | |
git commit -m "Updating resync.yaml" | |
git push | |
- name: No changes in regsync.yaml | |
if: steps.check_changes.outputs.changed != 'true' | |
run: | | |
echo "regsync.yaml is the same" | |
- name: Install Regsync | |
run: | | |
curl --silent --fail --location --output regsync https://github.com/regclient/regclient/releases/download/v0.5.1/regsync-linux-amd64 | |
chmod +x regsync | |
- name: Sync Images to Registry | |
run: | | |
export PATH=$PATH:$(pwd) | |
head regsync.yaml | |
ruby ./scripts/regsync-split.rb | |
tree ./split-regsync | |
time find split-regsync -type f -name split-regsync.yaml -print -exec time regsync once --config '{}' ';' | |
env: | |
REGISTRY_ENDPOINT: ${{ secrets.REGISTRY_ENDPOINT }} | |
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} | |
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} |