mirror of
https://github.com/containers/podman.git
synced 2026-07-11 15:55:22 -04:00
Merge pull request #28885 from Luap99/v5.8
[v5.8] some more CI related backports
This commit is contained in:
12
.github/workflows/ci.yml
vendored
12
.github/workflows/ci.yml
vendored
@@ -46,6 +46,8 @@ jobs:
|
||||
validate-source:
|
||||
name: Validate source code changes
|
||||
runs-on: cncf-ubuntu-8-32-x86
|
||||
permissions:
|
||||
pull-requests: read # For hack/ci/pr-should-include-tests to query PR labels.
|
||||
env:
|
||||
# Base commit of this PR; used by the Makefile and the helper scripts to
|
||||
# compute the commit range (git merge-base $DEST_BRANCH HEAD).
|
||||
@@ -126,8 +128,9 @@ jobs:
|
||||
run: make swagger
|
||||
|
||||
- name: Check that the PR includes tests
|
||||
# The 'No New Tests' label lets maintainers override this check.
|
||||
if: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'No New Tests') }}
|
||||
env:
|
||||
# For hack/ci/pr-should-include-tests to query PR labels.
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
run: make tests-included
|
||||
|
||||
- name: Validate renovate config
|
||||
@@ -154,9 +157,8 @@ jobs:
|
||||
# limit enforced by hack/ci/make-and-check-size.sh.
|
||||
if: ${{ github.event_name == 'pull_request' }}
|
||||
env:
|
||||
# The 'bloat_approved' label lets a repo admin override the binary
|
||||
# size growth check in hack/ci/make-and-check-size.sh.
|
||||
BLOAT_APPROVED: ${{ contains(github.event.pull_request.labels.*.name, 'bloat_approved') }}
|
||||
# For hack/ci/make-and-check-size.sh to query PR labels.
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
# git rebase rewrites commits, so it needs a committer identity.
|
||||
git config user.name "CI"
|
||||
|
||||
74
.github/workflows/dev-bump.yml
vendored
74
.github/workflows/dev-bump.yml
vendored
@@ -15,8 +15,7 @@ jobs:
|
||||
- name: Bump
|
||||
id: bump
|
||||
run: |
|
||||
ref=${{ github.ref_name }}
|
||||
version=${ref#v}
|
||||
version=${GITHUB_REF_NAME#v}
|
||||
if [[ $version == *-rc* ]]; then
|
||||
devbump="${version%-*}-dev"
|
||||
echo "::notice:: is a rc - bumping z down to $devbump"
|
||||
@@ -27,53 +26,56 @@ jobs:
|
||||
echo "::notice:: bumping z up to $devbump"
|
||||
fi
|
||||
|
||||
sed -i "s/const RawVersion = ".*"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
|
||||
sed --sandbox -i -e "s/const RawVersion = \".*\"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
|
||||
|
||||
echo "devbump=$devbump" >> $GITHUB_OUTPUT
|
||||
- name: Push
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
run: |
|
||||
# Make committer the user who triggered the action, either through cutting a release or manual trigger
|
||||
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
|
||||
git config --local user.name ${{ github.actor }}
|
||||
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
|
||||
bumpbranch="bump-${{ steps.bump.outputs.devbump }}"
|
||||
git config --local user.name "${GITHUB_ACTOR}"
|
||||
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
|
||||
bumpbranch="bump-${DEVBUMP}"
|
||||
git checkout -b $bumpbranch
|
||||
git add version/rawversion/version.go
|
||||
git commit --signoff -m "Bump Podman to v${{ steps.bump.outputs.devbump }}"
|
||||
git commit --signoff -m "Bump Podman to v${DEVBUMP}"
|
||||
git remote add podmanbot https://github.com/podmanbot/podman
|
||||
git push -f podmanbot "$bumpbranch"
|
||||
- name: Check open PRs
|
||||
id: checkpr
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
run: |
|
||||
prs=$(gh pr list \
|
||||
--repo ${{ github.repository }} \
|
||||
--head bump-${{ steps.bump.outputs.devbump }} \
|
||||
--repo "${GITHUB_REPOSITORY}" \
|
||||
--head "bump-${DEVBUMP}" \
|
||||
--state open \
|
||||
--json title \
|
||||
--jq 'length')
|
||||
if ((prs > 0)); then
|
||||
echo "SKIPPING: PR already exists to update from ${{ github.ref_name }}."
|
||||
echo "SKIPPING: PR already exists to update from ${GITHUB_REF_NAME}."
|
||||
else
|
||||
echo "prexists=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
- name: Open PR
|
||||
if: steps.checkpr.outputs.prexists == 'false'
|
||||
id: pr
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
run: |
|
||||
bumpbranch="bump-${{ steps.bump.outputs.devbump }}"
|
||||
ref=${{ github.ref_name }}
|
||||
base=${ref%.*}
|
||||
bumpbranch="bump-${DEVBUMP}"
|
||||
base=${GITHUB_REF_NAME%.*}
|
||||
body=$(printf '```release-note\nNone\n```\n')
|
||||
gh pr create \
|
||||
--title "Bump Podman to v${{ steps.bump.outputs.devbump }}" \
|
||||
--title "Bump Podman to v${DEVBUMP}" \
|
||||
--body "$body" \
|
||||
--head "podmanbot:$bumpbranch" \
|
||||
--base "$base" \
|
||||
--repo ${{ github.repository }}
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
--repo "${GITHUB_REPOSITORY}"
|
||||
mainbump:
|
||||
name: Bump on main
|
||||
runs-on: ubuntu-latest
|
||||
@@ -88,8 +90,7 @@ jobs:
|
||||
id: check
|
||||
run: |
|
||||
mainvers=`grep -P '(?<=const RawVersion = ")(\d.\d)' -o version/rawversion/version.go`
|
||||
ref=${{ github.ref_name }}
|
||||
releasevers=${ref#v}
|
||||
releasevers=${GITHUB_REF_NAME#v}
|
||||
if echo "${mainvers},${releasevers}" | tr ',' '\n' | sort -V -C
|
||||
then
|
||||
echo "bump=true" >> $GITHUB_OUTPUT
|
||||
@@ -101,8 +102,7 @@ jobs:
|
||||
id: bump
|
||||
if: steps.check.outputs.bump == 'true'
|
||||
run: |
|
||||
ref=${{ github.ref_name }}
|
||||
releasevers=${ref#v}
|
||||
releasevers=${GITHUB_REF_NAME#v}
|
||||
|
||||
arr=($(echo "$releasevers" | tr . '\n'))
|
||||
arr[1]=$((${arr[1]}+1))
|
||||
@@ -110,49 +110,53 @@ jobs:
|
||||
devbump="$(IFS=. ; echo "${arr[*]}")-dev"
|
||||
echo "::notice:: Bumping main to: $devbump"
|
||||
|
||||
sed -i "s/const RawVersion = \".*\"/const RawVersion = \"$devbump\"/g" version/rawversion/version.go
|
||||
sed --sandbox -i -e "s/const RawVersion = \".*\"/const RawVersion = \"${devbump}\"/g" version/rawversion/version.go
|
||||
|
||||
echo "devbump=$devbump" >> $GITHUB_OUTPUT
|
||||
- name: Push
|
||||
if: steps.check.outputs.bump == 'true'
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
run: |
|
||||
# Make committer the user who triggered the action, either through cutting a release or manual trigger
|
||||
# GitHub gisves everyone a noreply email associated with their account, use that email for the sign-off
|
||||
git config --local user.name ${{ github.actor }}
|
||||
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
|
||||
bumpbranch="bump-main-${{ steps.bump.outputs.devbump }}"
|
||||
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
|
||||
git config --local user.name "${GITHUB_ACTOR}"
|
||||
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
|
||||
bumpbranch="bump-main-${DEVBUMP}"
|
||||
git checkout -b $bumpbranch
|
||||
git add version/rawversion/version.go
|
||||
git commit --signoff -m "Bump main to v${{ steps.bump.outputs.devbump }}"
|
||||
git commit --signoff -m "Bump main to v${DEVBUMP}"
|
||||
git remote add podmanbot https://github.com/podmanbot/podman
|
||||
git push -f podmanbot "$bumpbranch"
|
||||
- name: Check open PRs
|
||||
id: checkpr
|
||||
if: steps.check.outputs.bump == 'true'
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
run: |
|
||||
prs=$(gh pr list \
|
||||
--repo ${{ github.repository }} \
|
||||
--head bump-main-${{ steps.bump.outputs.devbump }} \
|
||||
--repo "${GITHUB_REPOSITORY}" \
|
||||
--head "bump-main-${DEVBUMP}" \
|
||||
--state open \
|
||||
--json title \
|
||||
--jq 'length')
|
||||
if ((prs > 0)); then
|
||||
echo "SKIPPING: PR already exists to update to ${{ steps.bump.outputs.devbump }}."
|
||||
echo "SKIPPING: PR already exists to update to ${DEVBUMP}."
|
||||
else
|
||||
echo "prexists=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
- name: Open PR
|
||||
if: steps.check.outputs.bump == 'true' && steps.checkpr.outputs.prexists == 'false'
|
||||
env:
|
||||
DEVBUMP: ${{ steps.bump.outputs.devbump }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
run: |
|
||||
bumpbranch="bump-main-${{ steps.bump.outputs.devbump }}"
|
||||
bumpbranch="bump-main-${DEVBUMP}"
|
||||
body=$(printf '```release-note\nNone\n```\n')
|
||||
gh pr create \
|
||||
--title "Bump main to v${{ steps.bump.outputs.devbump }}" \
|
||||
--title "Bump main to v${DEVBUMP}" \
|
||||
--body "$body" \
|
||||
--head "podmanbot:$bumpbranch" \
|
||||
--base "main" \
|
||||
--repo ${{ github.repository }}
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
--repo "${GITHUB_REPOSITORY}"
|
||||
|
||||
@@ -64,15 +64,16 @@ jobs:
|
||||
# Step 3: Update the HTML file locally
|
||||
- name: Update HTML file
|
||||
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
|
||||
env:
|
||||
CONTRIBUTOR_NAME: ${{ github.event.inputs.contributor_username || github.event.pull_request.user.login }}
|
||||
PR_NUMBER: ${{ github.event.inputs.pr_number || github.event.pull_request.number }}
|
||||
run: |
|
||||
HTML_FILE="automation-repo/certificate-generator/certificate_generator.html"
|
||||
CONTRIBUTOR_NAME="${{ github.event.inputs.contributor_username || github.event.pull_request.user.login }}"
|
||||
PR_NUMBER="${{ github.event.inputs.pr_number || github.event.pull_request.number }}"
|
||||
MERGE_DATE=$(date -u +"%B %d, %Y")
|
||||
|
||||
sed -i "/id=\"contributorName\"/s/value=\"[^\"]*\"/value=\"${CONTRIBUTOR_NAME}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update contributor name."; exit 1; }
|
||||
sed -i "/id=\"prNumber\"/s/value=\"[^\"]*\"/value=\"#${PR_NUMBER}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update PR number."; exit 1; }
|
||||
sed -i "/id=\"mergeDate\"/s/value=\"[^\"]*\"/value=\"${MERGE_DATE}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update merge date."; exit 1; }
|
||||
sed --sandbox -i -e "/id=\"contributorName\"/s/value=\"[^\"]*\"/value=\"${CONTRIBUTOR_NAME}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update contributor name."; exit 1; }
|
||||
sed --sandbox -i -e "/id=\"prNumber\"/s/value=\"[^\"]*\"/value=\"#${PR_NUMBER}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update PR number."; exit 1; }
|
||||
sed --sandbox -i -e "/id=\"mergeDate\"/s/value=\"[^\"]*\"/value=\"${MERGE_DATE}\"/" ${HTML_FILE} || { echo "ERROR: Failed to update merge date."; exit 1; }
|
||||
|
||||
# Step 4: Setup Node.js environment
|
||||
- name: Setup Node.js
|
||||
@@ -119,6 +120,10 @@ jobs:
|
||||
- name: Upload certificate to separate repository
|
||||
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
|
||||
uses: actions/github-script@v8
|
||||
env:
|
||||
CONTRIBUTOR_USERNAME: ${{ github.event.inputs.contributor_username }}
|
||||
USER_LOGIN: ${{ github.event.pull_request.user.login }}
|
||||
PR_NUMBER: ${{ github.event.inputs.pr_number }}
|
||||
with:
|
||||
github-token: ${{ secrets.CERTIFICATES_REPO_TOKEN }}
|
||||
script: |
|
||||
@@ -156,10 +161,10 @@ jobs:
|
||||
// Create a unique filename with timestamp
|
||||
const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
|
||||
const contributorName = context.eventName === 'workflow_dispatch'
|
||||
? '${{ github.event.inputs.contributor_username }}'
|
||||
: '${{ github.event.pull_request.user.login }}';
|
||||
? process.env.CONTRIBUTOR_USERNAME
|
||||
: process.env.USER_LOGIN;
|
||||
const prNumber = context.eventName === 'workflow_dispatch'
|
||||
? '${{ github.event.inputs.pr_number }}'
|
||||
? process.env.PR_NUMBER
|
||||
: context.issue.number;
|
||||
|
||||
const filename = `certificates/${contributorName}-${prNumber}-${timestamp}.png`;
|
||||
@@ -218,6 +223,10 @@ jobs:
|
||||
- name: Comment with embedded certificate image
|
||||
if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
|
||||
uses: actions/github-script@v8
|
||||
env:
|
||||
CONTRIBUTOR_USERNAME: ${{ github.event.inputs.contributor_username }}
|
||||
USER_LOGIN: ${{ github.event.pull_request.user.login }}
|
||||
PR_NUMBER: ${{ github.event.inputs.pr_number }}
|
||||
with:
|
||||
script: |
|
||||
try {
|
||||
@@ -239,17 +248,17 @@ jobs:
|
||||
|
||||
if (context.eventName === 'workflow_dispatch') {
|
||||
// Manual trigger case
|
||||
const contributorName = '${{ github.event.inputs.contributor_username }}';
|
||||
const prNumber = '${{ github.event.inputs.pr_number }}';
|
||||
const contributorName = process.env.CONTRIBUTOR_USERNAME;
|
||||
const prNumber = process.env.PR_NUMBER;
|
||||
body = `📜 Certificate preview generated for @${contributorName} (PR #${prNumber}):\n\n${body}`;
|
||||
} else {
|
||||
// Auto trigger case for first-time contributors
|
||||
const username = '${{ github.event.pull_request.user.login }}';
|
||||
const username = process.env.USER_LOGIN;
|
||||
body = `🎉 Congratulations on your first merged pull request, @${username}! Thank you for your contribution.\n\nHere's a preview of your certificate:\n\n${body}`;
|
||||
}
|
||||
|
||||
const issueNumber = context.eventName === 'workflow_dispatch' ?
|
||||
parseInt('${{ github.event.inputs.pr_number }}') :
|
||||
parseInt(process.env.PR_NUMBER) :
|
||||
context.issue.number;
|
||||
|
||||
await github.rest.issues.createComment({
|
||||
|
||||
30
.github/workflows/mac-pkg.yml
vendored
30
.github/workflows/mac-pkg.yml
vendored
@@ -36,33 +36,42 @@ jobs:
|
||||
steps:
|
||||
- name: Consolidate dryrun setting to always be true or false
|
||||
id: actual_dryrun
|
||||
env:
|
||||
INPUT_DRYRUN: ${{ inputs.dryrun }}
|
||||
run: |
|
||||
# The 'release' trigger will not have a 'dryrun' input set. Handle
|
||||
# this case in a readable/maintainable way.
|
||||
if [[ -z "${{ inputs.dryrun }}" ]]
|
||||
if [[ -z "${INPUT_DRYRUN}" ]]
|
||||
then
|
||||
echo "dryrun=false" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "dryrun=${{ inputs.dryrun }}" >> $GITHUB_OUTPUT
|
||||
echo "dryrun=${INPUT_DRYRUN}" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
- name: Dry Run Status
|
||||
env:
|
||||
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
|
||||
run: |
|
||||
echo "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
|
||||
echo "::notice::This workflow execution will be a dry-run: ${DRYRUN}"
|
||||
- name: Determine Version
|
||||
id: getversion
|
||||
env:
|
||||
INPUT_VERSION: ${{ inputs.version }}
|
||||
TAG_NAME: ${{ github.event.release.tag_name }}
|
||||
run: |
|
||||
if [[ -z "${{ inputs.version }}" ]]
|
||||
if [[ -z "${INPUT_VERSION}" ]]
|
||||
then
|
||||
VERSION=${{ github.event.release.tag_name }}
|
||||
VERSION=${TAG_NAME}
|
||||
else
|
||||
VERSION=${{ inputs.version }}
|
||||
VERSION=${INPUT_VERSION}
|
||||
fi
|
||||
echo
|
||||
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
||||
- name: Check uploads
|
||||
id: check
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}"
|
||||
URI="https://github.com/containers/podman/releases/download/${VERSION}"
|
||||
ARM_FILE="podman-installer-macos-arm64.pkg"
|
||||
AMD_FILE="podman-installer-macos-amd64.pkg"
|
||||
UNIVERSAL_FILE="podman-installer-macos-universal.pkg"
|
||||
@@ -165,8 +174,9 @@ jobs:
|
||||
steps.check.outputs.builduniversal == 'true' )
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
(gh release download ${{steps.getversion.outputs.version}} -p "shasums" || exit 0)
|
||||
(gh release download "${VERSION}" -p "shasums" || exit 0)
|
||||
cat contrib/pkginstaller/out/shasums >> shasums
|
||||
gh release upload ${{steps.getversion.outputs.version}} contrib/pkginstaller/out/podman-installer-macos-*.pkg
|
||||
gh release upload ${{steps.getversion.outputs.version}} --clobber shasums
|
||||
gh release upload "${VERSION}" contrib/pkginstaller/out/podman-installer-macos-*.pkg
|
||||
gh release upload "${VERSION}" --clobber shasums
|
||||
|
||||
62
.github/workflows/machine-os-pr.yml
vendored
62
.github/workflows/machine-os-pr.yml
vendored
@@ -20,8 +20,8 @@ jobs:
|
||||
pull-requests: write
|
||||
env:
|
||||
SHA: ${{github.event.pull_request.head.sha}}
|
||||
UPSTREAM_MACHINE_OS: "containers/podman-machine-os"
|
||||
PODMAN_REPO: "containers/podman"
|
||||
UPSTREAM_MACHINE_OS: "podman-container-tools/podman-machine-os"
|
||||
PODMAN_REPO: "podman-container-tools/podman"
|
||||
steps:
|
||||
|
||||
- name: Get version
|
||||
@@ -34,9 +34,9 @@ jobs:
|
||||
exit 1
|
||||
elif [[ $VERSION == *-dev ]] ; then
|
||||
echo "::warning:: SKIPPING: dev bump"
|
||||
elif [[ ${{github.base_ref}} == "main" ]] ; then
|
||||
elif [[ "${GITHUB_BASE_REF}" == "main" ]] ; then
|
||||
echo "::warning:: SKIPPING: main branch"
|
||||
elif [[ ${{github.base_ref}} == *-rhel ]] ; then
|
||||
elif [[ "${GITHUB_BASE_REF}" == *-rhel ]] ; then
|
||||
echo "::warning:: SKIPPING: rhel branch"
|
||||
else
|
||||
echo "update=true" >> "$GITHUB_OUTPUT"
|
||||
@@ -46,7 +46,7 @@ jobs:
|
||||
- name: Check machine-os-branch
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
run: |
|
||||
if ! (curl -s https://api.github.com/repos/$UPSTREAM_MACHINE_OS/branches| jq -e --arg branch "${{github.base_ref}}" '.[] | select(.name==$branch)') ; then
|
||||
if ! curl -s "https://api.github.com/repos/$UPSTREAM_MACHINE_OS/branches" | jq -e --arg branch "${GITHUB_BASE_REF}" '.[] | select(.name==$branch)'; then
|
||||
echo "::error:: Release branch does not exist."
|
||||
echo "::error:: Please push $branch to $UPSTREAM_MACHINE_OS, then re-run this task."
|
||||
exit 1
|
||||
@@ -57,8 +57,9 @@ jobs:
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GH_REPO: ${{ github.repository }}
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
run: |
|
||||
gh pr edit --add-label do-not-merge/wait-machine-os-build ${{github.event.number}}
|
||||
gh pr edit --add-label do-not-merge/wait-machine-os-build "${EVENT_NUMBER}"
|
||||
|
||||
- name: Install wait-for-copr
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
@@ -69,51 +70,60 @@ jobs:
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
id: checkout
|
||||
with:
|
||||
repository: containers/podman-machine-os
|
||||
repository: podman-container-tools/podman-machine-os
|
||||
ref: ${{github.base_ref}}
|
||||
token: ${{secrets.PODMANBOT_TOKEN}}
|
||||
|
||||
- name: Bump version
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
env:
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
VERS: ${{steps.getversion.outputs.version}}
|
||||
run: |
|
||||
update=$(printf 's/export PODMAN_VERSION=".*"/export PODMAN_VERSION="%s"/g\n' "$VERS")
|
||||
sed -i "$update" podman-rpm-info-vars.sh
|
||||
sed -i 's/export PODMAN_PR_NUM=".*"/export PODMAN_PR_NUM="${{github.event.number}}"/g' podman-rpm-info-vars.sh
|
||||
sed --sandbox -i -e "$update" podman-rpm-info-vars.sh
|
||||
sed --sandbox -i -e "s/export PODMAN_PR_NUM=\".*\"/export PODMAN_PR_NUM=\"${EVENT_NUMBER}\"/g" podman-rpm-info-vars.sh
|
||||
echo "Updated file:"
|
||||
cat podman-rpm-info-vars.sh
|
||||
|
||||
- name: Wait for COPR build
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
env:
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
run: |
|
||||
wait-for-copr \
|
||||
--owner packit \
|
||||
--project containers-podman-${{github.event.number}} \
|
||||
--project "podman-container-tools-podman-${EVENT_NUMBER}" \
|
||||
podman \
|
||||
${SHA::9}
|
||||
|
||||
- name: Push
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
env:
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
# Make committer the user who triggered the action, either through cutting a release or manual trigger
|
||||
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
|
||||
git config --local user.name ${{ github.actor }}
|
||||
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
|
||||
bumpbranch="pr${{github.event.number}}"
|
||||
git checkout -b $bumpbranch
|
||||
git config --local user.name "${GITHUB_ACTOR}"
|
||||
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
|
||||
bumpbranch="pr${EVENT_NUMBER}"
|
||||
git checkout -b "$bumpbranch"
|
||||
git add podman-rpm-info-vars.sh
|
||||
git commit --signoff -m "Bump Podman to v${{ steps.getversion.outputs.version }}"
|
||||
git commit --signoff -m "Bump Podman to v${VERSION}"
|
||||
git remote add podmanbot https://github.com/podmanbot/podman-machine-os
|
||||
git push -f podmanbot "$bumpbranch"
|
||||
|
||||
- name: Check open PRs
|
||||
id: checkpr
|
||||
if: steps.getversion.outputs.update == 'true'
|
||||
env:
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
run: |
|
||||
prs=$(gh pr list \
|
||||
--repo $UPSTREAM_MACHINE_OS \
|
||||
--head "pr${{github.event.number}}" \
|
||||
--repo "$UPSTREAM_MACHINE_OS" \
|
||||
--head "pr${EVENT_NUMBER}" \
|
||||
--state open \
|
||||
--json title \
|
||||
--jq 'length')
|
||||
@@ -122,25 +132,25 @@ jobs:
|
||||
else
|
||||
echo "openpr=true" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
|
||||
- name: Open PR
|
||||
if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'
|
||||
id: pr
|
||||
env:
|
||||
EVENT_NUMBER: ${{ github.event.number }}
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
bumpbranch="pr${{github.event.number}}"
|
||||
bumpbranch="pr${EVENT_NUMBER}"
|
||||
body=$(printf 'Triggered by https://github.com/%s/pull/%s\n\n```release-note\nRelease v%s\n```\n' \
|
||||
"$PODMAN_REPO" "${{github.event.number}}" "${{ steps.getversion.outputs.version }}")
|
||||
"$PODMAN_REPO" "${EVENT_NUMBER}" "${VERSION}")
|
||||
uri=`gh pr create \
|
||||
--title "Bump Podman to v${{ steps.getversion.outputs.version }}" \
|
||||
--title "Bump Podman to v${VERSION}" \
|
||||
--body "$body" \
|
||||
--head "podmanbot:$bumpbranch" \
|
||||
--base "${{github.base_ref}}" \
|
||||
--repo $UPSTREAM_MACHINE_OS`
|
||||
--base "${GITHUB_BASE_REF}" \
|
||||
--repo "$UPSTREAM_MACHINE_OS"`
|
||||
echo "uri=$uri" >> "$GITHUB_OUTPUT"
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
|
||||
- name: Comment PR link
|
||||
if: steps.getversion.outputs.update == 'true' && steps.checkpr.outputs.openpr == 'true'
|
||||
|
||||
43
.github/workflows/release-artifacts.yml
vendored
43
.github/workflows/release-artifacts.yml
vendored
@@ -27,17 +27,20 @@ jobs:
|
||||
- name: Provide github event JSON for examination
|
||||
run: |
|
||||
echo "::group::Event JSON"
|
||||
jq --color-output "." "${{ github.event_path }}"
|
||||
jq --color-output "." "${GITHUB_EVENT_PATH}"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Determine Version
|
||||
id: getversion
|
||||
env:
|
||||
INPUT_VERSION: ${{ inputs.version }}
|
||||
TAG_NAME: ${{ github.event.release.tag_name }}
|
||||
run: |
|
||||
if [[ -z "${{ inputs.version }}" ]]
|
||||
if [[ -z "${INPUT_VERSION}" ]]
|
||||
then
|
||||
VERSION=${{ github.event.release.tag_name }}
|
||||
VERSION=${TAG_NAME}
|
||||
else
|
||||
VERSION=${{ inputs.version }}
|
||||
VERSION=${INPUT_VERSION}
|
||||
fi
|
||||
|
||||
if ! grep -Eq 'v[0-9]+(\.[0-9]+(\.[0-9]+(-.+)?)?)?$' <<<"$VERSION"
|
||||
@@ -57,24 +60,30 @@ jobs:
|
||||
|
||||
- name: Consolidate dryrun setting to always be true or false
|
||||
id: actual_dryrun
|
||||
env:
|
||||
INPUT_DRYRUN: ${{ inputs.dryrun }}
|
||||
run: |
|
||||
# The 'release' trigger will not have a 'dryrun' input set. Handle
|
||||
# this case in a readable/maintainable way.
|
||||
if [[ -z "${{ inputs.dryrun }}" ]]
|
||||
if [[ -z "${INPUT_DRYRUN}" ]]
|
||||
then
|
||||
echo "dryrun=false" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "dryrun=${{ inputs.dryrun }}" >> $GITHUB_OUTPUT
|
||||
echo "dryrun=${INPUT_DRYRUN}" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Dry Run Status
|
||||
env:
|
||||
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
|
||||
run: |
|
||||
echo "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
|
||||
echo "::notice::This workflow execution will be a dry-run: ${DRYRUN}"
|
||||
|
||||
- name: Check uploads
|
||||
id: check
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
URI="https://github.com/containers/podman/releases/download/${{steps.getversion.outputs.version}}"
|
||||
URI="https://github.com/containers/podman/releases/download/${VERSION}"
|
||||
for artifact in "podman-remote-release-darwin_amd64.zip darwin_amd" \
|
||||
'podman-remote-release-darwin_arm64.zip darwin_arm' \
|
||||
'podman-remote-release-windows_amd64.zip windows_amd' \
|
||||
@@ -186,11 +195,12 @@ jobs:
|
||||
steps.actual_dryrun.outputs.dryrun == 'false'
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
(gh release download ${{steps.getversion.outputs.version}} -p "shasums" || exit 0)
|
||||
(gh release download "${VERSION}" -p "shasums" || exit 0)
|
||||
cat release/shasums >> shasums
|
||||
gh release upload ${{steps.getversion.outputs.version}} release/*.zip release/*.tar.gz
|
||||
gh release upload ${{steps.getversion.outputs.version}} --clobber shasums
|
||||
gh release upload "${VERSION}" release/*.zip release/*.tar.gz
|
||||
gh release upload "${VERSION}" --clobber shasums
|
||||
|
||||
# WARNING: This should only be set when 'notification' job should be triggered
|
||||
echo "complete=true" >> $GITHUB_OUTPUT
|
||||
@@ -206,6 +216,7 @@ jobs:
|
||||
- name: Format release email
|
||||
id: format
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
VERSION: ${{ needs.build.outputs.version }}
|
||||
run: |
|
||||
if grep -Eq '.+-rc' <<<"$VERSION"
|
||||
@@ -215,19 +226,19 @@ jobs:
|
||||
|
||||
echo "mail_subj=Podman ${RC_PREFIX}${VERSION} Released" >> $GITHUB_OUTPUT
|
||||
|
||||
cat <<EOF>email_body.txt
|
||||
cat <<EOF > email_body.txt
|
||||
Hi all,
|
||||
|
||||
Podman ${RC_PREFIX}${VERSION} is now available. You may view the full details at
|
||||
https://github.com/${{ github.repository }}/releases/tag/$VERSION
|
||||
https://github.com/${GITHUB_REPOSITORY}/releases/tag/$VERSION
|
||||
|
||||
Release ${RC_PREFIX}Notes:
|
||||
--------------
|
||||
EOF
|
||||
|
||||
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
|
||||
gh release view $VERSION \
|
||||
--repo ${{ github.repository }} --json=body --jq '.body' >> email_body.txt
|
||||
echo "${GITHUB_TOKEN}" | gh auth login --with-token
|
||||
gh release view "$VERSION" \
|
||||
--repo "${GITHUB_REPOSITORY}" --json=body --jq '.body' >> email_body.txt
|
||||
|
||||
# If job fails, permit operator to observe contents in case helpful.
|
||||
- name: Provide release e-mail contents for examination
|
||||
|
||||
71
.github/workflows/release.yml
vendored
71
.github/workflows/release.yml
vendored
@@ -23,12 +23,14 @@ jobs:
|
||||
steps:
|
||||
- name: Determine Version
|
||||
id: getversion
|
||||
env:
|
||||
INPUT_VERSION: ${{ inputs.version }}
|
||||
run: |
|
||||
if [[ -z "${{ inputs.version }}" ]]
|
||||
if [[ -z "${INPUT_VERSION}" ]]
|
||||
then
|
||||
VERSION=${{ github.ref_name }}
|
||||
VERSION=${GITHUB_REF_NAME}
|
||||
else
|
||||
VERSION=${{ inputs.version }}
|
||||
VERSION=${INPUT_VERSION}
|
||||
fi
|
||||
if ! grep -Eq 'v[0-9]+(\.[0-9]+(\.[0-9]+(-.+)?)?)?$' <<<"$VERSION"
|
||||
then
|
||||
@@ -45,14 +47,16 @@ jobs:
|
||||
echo "::notice::Building $VERSION"
|
||||
- name: Determine release
|
||||
id: buildonly
|
||||
env:
|
||||
INPUT_BUILDONLY: ${{ inputs.buildonly }}
|
||||
run: |
|
||||
# The 'tag' trigger will not have a 'buildonly' input set. Handle
|
||||
# this case in a readable/maintainable way.
|
||||
if [[ -z "${{ inputs.buildonly }}" ]]
|
||||
if [[ -z "${INPUT_BUILDONLY}" ]]
|
||||
then
|
||||
BUILDONLY=false
|
||||
else
|
||||
BUILDONLY=${{ inputs.buildonly }}
|
||||
BUILDONLY=${INPUT_BUILDONLY}
|
||||
fi
|
||||
echo "buildonly=$BUILDONLY" >> $GITHUB_OUTPUT
|
||||
echo "::notice::This will be build-only: $BUILDONLY"
|
||||
@@ -154,8 +158,10 @@ jobs:
|
||||
steps:
|
||||
- name: Determine version
|
||||
id: getversion
|
||||
env:
|
||||
VERSION: ${{needs.check.outputs.version}}
|
||||
run: |
|
||||
$version = "${{ needs.check.outputs.version }}"
|
||||
$version = "${env:VERSION}"
|
||||
if ($version[0] -eq "v") {
|
||||
$version = $version.Substring(1)
|
||||
}
|
||||
@@ -174,13 +180,19 @@ jobs:
|
||||
- name: Set up WiX
|
||||
run: dotnet tool install --global wix --version 5.0.2
|
||||
- name: Setup Signature Tooling
|
||||
env:
|
||||
AZ_CERT_NAME: ${{ secrets.AZ_CERT_NAME }}
|
||||
AZ_VAULT_ID: ${{ secrets.AZ_VAULT_ID }}
|
||||
AZ_APP_ID: ${{ secrets.AZ_APP_ID }}
|
||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||
AZ_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
|
||||
run: |
|
||||
dotnet tool install --global AzureSignTool --version 3.0.0
|
||||
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CERT_NAME=${env:AZ_CERT_NAME}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "VAULT_ID=${env:AZ_VAULT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "APP_ID=${env:AZ_APP_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "TENANT_ID=${env:AZ_TENANT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CLIENT_SECRET=${env:AZ_CLIENT_SECRET}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
- name: Pandoc Setup
|
||||
uses: r-lib/actions/setup-pandoc@v2
|
||||
with:
|
||||
@@ -193,17 +205,23 @@ jobs:
|
||||
# to judge.
|
||||
- name: Build the MSI
|
||||
id: build
|
||||
env:
|
||||
PODMAN_ARCH: ${{ matrix.arch }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
contrib\win-installer\build.ps1 `
|
||||
-Version ${{steps.getversion.outputs.version}} `
|
||||
-LocalReleaseDirPath ${{ github.workspace }}\release-artifacts `
|
||||
-Architecture ${{ matrix.arch }}
|
||||
-Version "${env:VERSION}" `
|
||||
-LocalReleaseDirPath "${env:GITHUB_WORKSPACE}\release-artifacts" `
|
||||
-Architecture "${env:PODMAN_ARCH}"
|
||||
Exit $LASTEXITCODE
|
||||
- name: Build the bundle (legacy)
|
||||
id: build-legacy
|
||||
env:
|
||||
PODMAN_ARCH: ${{ matrix.arch }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer-legacy
|
||||
.\build.ps1 ${{steps.getversion.outputs.version}} prod ${{ github.workspace }}\release-artifacts
|
||||
.\build.ps1 "${env:VERSION}" prod "${env:GITHUB_WORKSPACE}\release-artifacts"
|
||||
$code = $LASTEXITCODE
|
||||
if ($code -eq 2) {
|
||||
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
@@ -212,8 +230,6 @@ jobs:
|
||||
}
|
||||
Pop-Location
|
||||
Exit $code
|
||||
env:
|
||||
PODMAN_ARCH: ${{ matrix.arch }}
|
||||
- name: Display structure of built files
|
||||
run: |
|
||||
Push-Location contrib\win-installer
|
||||
@@ -223,14 +239,20 @@ jobs:
|
||||
Get-ChildItem
|
||||
Pop-Location
|
||||
- name: Rename the MSI
|
||||
env:
|
||||
PODMAN_ARCH: ${{ matrix.arch }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer
|
||||
Copy-Item -Path podman-${{steps.getversion.outputs.version}}.msi -Destination podman-installer-windows-${{ matrix.arch }}.msi
|
||||
Copy-Item -Path "podman-${env:VERSION}.msi" -Destination "podman-installer-windows-${env:PODMAN_ARCH}.msi"
|
||||
Pop-Location
|
||||
- name: Rename the bundle (legacy)
|
||||
env:
|
||||
PODMAN_ARCH: ${{ matrix.arch }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer-legacy
|
||||
Copy-Item -Path podman-${{steps.getversion.outputs.version}}-setup.exe -Destination podman-installer-windows-${{ matrix.arch }}.exe
|
||||
Copy-Item -Path "podman-${env:VERSION}-setup.exe" -Destination "podman-installer-windows-${env:PODMAN_ARCH}.exe"
|
||||
Pop-Location
|
||||
- name: Upload the MSI
|
||||
uses: actions/upload-artifact@v4
|
||||
@@ -306,7 +328,7 @@ jobs:
|
||||
title="${title/rc/"RC"}"
|
||||
else
|
||||
# check if this version should not be marked latest
|
||||
prevrelease=$(curl --retry 3 --silent -m 10 --connect-timeout 5 "https://api.github.com/repos/${{ github.repository }}/releases/latest")
|
||||
prevrelease=$(curl --retry 3 --silent -m 10 --connect-timeout 5 "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest")
|
||||
prevvers=$(echo "$prevrelease" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed -e "s/^v//")
|
||||
vers=${VERSION#"v"}
|
||||
echo "${prevvers},${vers}"
|
||||
@@ -334,6 +356,7 @@ jobs:
|
||||
- name: Format release email
|
||||
id: format
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
VERSION: ${{ needs.check.outputs.version }}
|
||||
run: |
|
||||
if grep -Eq '.+-rc' <<<"$VERSION"
|
||||
@@ -347,15 +370,15 @@ jobs:
|
||||
Hi all,
|
||||
|
||||
Podman ${RC_PREFIX}${VERSION} is now available. You may view the full details at
|
||||
https://github.com/${{ github.repository }}/releases/tag/$VERSION
|
||||
https://github.com/${GITHUB_REPOSITORY}/releases/tag/$VERSION
|
||||
|
||||
Release ${RC_PREFIX}Notes:
|
||||
--------------
|
||||
EOF
|
||||
|
||||
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
|
||||
gh release view $VERSION \
|
||||
--repo ${{ github.repository }} --json=body --jq '.body' >> email_body.txt
|
||||
echo "${GITHUB_TOKEN}" | gh auth login --with-token
|
||||
gh release view "$VERSION" \
|
||||
--repo "${GITHUB_REPOSITORY}" --json=body --jq '.body' >> email_body.txt
|
||||
|
||||
# If job fails, permit operator to observe contents in case helpful.
|
||||
- name: Provide release e-mail contents for examination
|
||||
|
||||
46
.github/workflows/update-podmanio.yml
vendored
46
.github/workflows/update-podmanio.yml
vendored
@@ -25,13 +25,15 @@ jobs:
|
||||
steps:
|
||||
- name: Get version
|
||||
id: getversion
|
||||
env:
|
||||
INPUT_VERSION: ${{ inputs.version }}
|
||||
TAG_NAME: ${{ github.event.release.tag_name }}
|
||||
run: |
|
||||
|
||||
if [[ -z "${{ inputs.version }}" ]]
|
||||
if [[ -z "${INPUT_VERSION}" ]]
|
||||
then
|
||||
VERSION=${{ github.event.release.tag_name }}
|
||||
VERSION=${TAG_NAME}
|
||||
else
|
||||
VERSION=${{ inputs.version }}
|
||||
VERSION=${INPUT_VERSION}
|
||||
fi
|
||||
|
||||
# strip out the prefix v if it's there
|
||||
@@ -50,20 +52,21 @@ jobs:
|
||||
- name: Check open PRs
|
||||
if: steps.getversion.outputs.notRC == 'true'
|
||||
id: checkpr
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
prs=$(gh pr list \
|
||||
--repo containers/podman.io \
|
||||
--head bump-podmanv${{ steps.getversion.outputs.version }} \
|
||||
--head "bump-podmanv${VERSION}" \
|
||||
--state open \
|
||||
--json title \
|
||||
--jq 'length')
|
||||
if ((prs > 0)); then
|
||||
echo "SKIPPING: PR already exists to update to v${{ steps.getversion.outputs.version }}."
|
||||
echo "SKIPPING: PR already exists to update to v${VERSION}."
|
||||
else
|
||||
echo "prexists=false" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
|
||||
- uses: actions/checkout@v5
|
||||
if: >-
|
||||
@@ -79,13 +82,15 @@ jobs:
|
||||
steps.getversion.outputs.notRC == 'true' &&
|
||||
steps.checkpr.outputs.prexists == 'false'
|
||||
id: checkversion
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
# Check if version is actually higher than one on podman.io
|
||||
prevversion=`grep -P "(?<=export const LATEST_VERSION = ')(\d.\d.\d)" -o static/data/global.ts`
|
||||
echo "Version currently on site: ${prevversion}"
|
||||
echo "Version to update to: ${{ steps.getversion.outputs.version }}"
|
||||
echo "Version to update to: ${VERSION}"
|
||||
# sort -V -C returns 0 if args are ascending version order
|
||||
if echo "${prevversion},${{ steps.getversion.outputs.version }}" | tr ',' '\n' | sort -V -C && [[ ${prevversion} != ${{ steps.getversion.outputs.version }} ]]
|
||||
if echo "${prevversion},${VERSION}" | tr ',' '\n' | sort -V -C && [[ "${prevversion}" != "${version}" ]]
|
||||
then
|
||||
echo "needsUpdate=true" >> $GITHUB_OUTPUT
|
||||
echo "This release is a higher version, so we need to update podman.io"
|
||||
@@ -98,9 +103,11 @@ jobs:
|
||||
steps.getversion.outputs.notRC == 'true' &&
|
||||
steps.checkversion.outputs.needsUpdate == 'true' &&
|
||||
steps.checkpr.outputs.prexists == 'false'
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
# Replace the version in static/data/global.ts file
|
||||
sed -i "s/export const LATEST_VERSION = '.*';/export const LATEST_VERSION = '${{ steps.getversion.outputs.version }}';/g" static/data/global.ts
|
||||
sed --sandbox -i -e "s/export const LATEST_VERSION = '.*';/export const LATEST_VERSION = '${VERSION}';/g" static/data/global.ts
|
||||
echo "Updated file:"
|
||||
cat static/data/global.ts
|
||||
|
||||
@@ -109,22 +116,23 @@ jobs:
|
||||
steps.getversion.outputs.notRC == 'true' &&
|
||||
steps.checkversion.outputs.needsUpdate == 'true' &&
|
||||
steps.checkpr.outputs.prexists == 'false'
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
# Make committer the user who triggered the action, either through cutting a release or manual trigger
|
||||
# GitHub gives everyone a noreply email associated with their account, use that email for the sign-off
|
||||
git config --local user.name ${{ github.actor }}
|
||||
git config --local user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
|
||||
bumpbranch="bump-podmanv${{ steps.getversion.outputs.version }}"
|
||||
git config --local user.name "${GITHUB_ACTOR}"
|
||||
git config --local user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
|
||||
bumpbranch="bump-podmanv${VERSION}"
|
||||
git checkout -b $bumpbranch
|
||||
git add static/data/global.ts
|
||||
git commit --signoff -m "Bump Podman to v${{ steps.getversion.outputs.version }}"
|
||||
git commit --signoff -m "Bump Podman to v${VERSION}"
|
||||
git remote -v
|
||||
git remote add podmanbot https://github.com/podmanbot/podman.io
|
||||
git push podmanbot "+$bumpbranch"
|
||||
gh pr create \
|
||||
--title "Bump Podman to v${{ steps.getversion.outputs.version }}" \
|
||||
--body "Bump Podman to v${{ steps.getversion.outputs.version }}" \
|
||||
--title "Bump Podman to v${VERSION}" \
|
||||
--body "Bump Podman to v${VERSION}" \
|
||||
--head "podmanbot:$bumpbranch" \
|
||||
--base "main" -R "containers/podman.io"
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
|
||||
|
||||
55
.github/workflows/upload-win-installer.yml
vendored
55
.github/workflows/upload-win-installer.yml
vendored
@@ -26,24 +26,31 @@ jobs:
|
||||
steps:
|
||||
- name: Consolidate dryrun setting to always be true or false
|
||||
id: actual_dryrun
|
||||
env:
|
||||
INPUT_DRYRUN: ${{ inputs.dryrun }}
|
||||
run: |
|
||||
# The 'release' trigger will not have a 'dryrun' input set. Handle
|
||||
# this case in a readable/maintainable way.
|
||||
$inputs_dryrun = "${{ inputs.dryrun }}"
|
||||
$inputs_dryrun = "${env:INPUT_DRYRUN}"
|
||||
if ($inputs_dryrun.Length -lt 1) {
|
||||
Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
} else {
|
||||
Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
Write-Output "dryrun=${env:INPUT_DRYRUN}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
}
|
||||
- name: Dry Run Status
|
||||
env:
|
||||
DRYRUN: ${{ steps.actual_dryrun.outputs.dryrun }}
|
||||
run: |
|
||||
Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
|
||||
Write-Output "::notice::This workflow execution will be a dry-run: ${env:DRYRUN}"
|
||||
- name: Determine version
|
||||
id: getversion
|
||||
env:
|
||||
INPUT_VERSION: ${{ inputs.version }}
|
||||
TAG_NAME: ${{ github.event.release.tag_name }}
|
||||
run: |
|
||||
$version = "${{ inputs.version }}"
|
||||
$version = "${env:INPUT_VERSION}"
|
||||
if ($version.Length -lt 1) {
|
||||
$version = "${{ github.event.release.tag_name }}"
|
||||
$version = "${env:TAG_NAME}"
|
||||
if ($version.Length -lt 1) {
|
||||
Write-Host "::error::Could not determine version!"
|
||||
Exit 1
|
||||
@@ -63,16 +70,18 @@ jobs:
|
||||
# to judge w/n (i.e. in some extreme case) it should be uploaded to the release page.
|
||||
- name: Check
|
||||
id: check
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer-legacy
|
||||
.\check.ps1 ${{steps.getversion.outputs.version}}
|
||||
.\check.ps1 "${env:VERSION}"
|
||||
$code = $LASTEXITCODE
|
||||
if ($code -eq 2) {
|
||||
Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
Pop-Location
|
||||
Exit 0
|
||||
}
|
||||
Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
Write-Output "upload_asset_name=${env:UPLOAD_ASSET_NAME}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
Pop-Location
|
||||
Exit $code
|
||||
# The podman release process requires a cross-compile of the windows binaries be uploaded to
|
||||
@@ -80,8 +89,10 @@ jobs:
|
||||
# non-obvious ways with a non-obvious error message. Address that here.
|
||||
- name: Confirm upload_asset_name is non-empty
|
||||
if: steps.check.outputs.upload_asset_name == ''
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}."
|
||||
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${env:VERSION}."
|
||||
Exit 1
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v6
|
||||
@@ -93,13 +104,19 @@ jobs:
|
||||
run: dotnet tool install --global wix
|
||||
- name: Setup Signature Tooling
|
||||
if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
env:
|
||||
AZ_CERT_NAME: ${{ secrets.AZ_CERT_NAME }}
|
||||
AZ_VAULT_ID: ${{ secrets.AZ_VAULT_ID }}
|
||||
AZ_APP_ID: ${{ secrets.AZ_APP_ID }}
|
||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||
AZ_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
|
||||
run: |
|
||||
dotnet tool install --global AzureSignTool --version 3.0.0
|
||||
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CERT_NAME=${env:AZ_CERT_NAME}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "VAULT_ID=${env:AZ_VAULT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "APP_ID=${env:AZ_APP_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "TENANT_ID=${env:AZ_TENANT_ID}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
echo "CLIENT_SECRET=${env:AZ_CLIENT_SECRET}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
||||
- name: Pandoc Setup
|
||||
uses: r-lib/actions/setup-pandoc@v2
|
||||
with:
|
||||
@@ -107,9 +124,11 @@ jobs:
|
||||
- name: Build
|
||||
id: build
|
||||
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
||||
env:
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer-legacy
|
||||
.\build.ps1 ${{steps.getversion.outputs.version}} prod
|
||||
.\build.ps1 "${env:VERSION}" prod
|
||||
$code = $LASTEXITCODE
|
||||
if ($code -eq 2) {
|
||||
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
||||
@@ -132,14 +151,16 @@ jobs:
|
||||
steps.check.outputs.already-exists != 'true' &&
|
||||
steps.build.outputs.artifact-missing != 'true'
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
UPLOAD_ASSET_NAME: ${{ steps.check.outputs.upload_asset_name }}
|
||||
VERSION: ${{ steps.getversion.outputs.version }}
|
||||
run: |
|
||||
Push-Location contrib\win-installer-legacy
|
||||
$version = "${{ steps.getversion.outputs.version }}"
|
||||
$version = "${env:VERSION}"
|
||||
if ($version[0] -ne "v") {
|
||||
$version = "v$version"
|
||||
}
|
||||
gh release upload $version ${{ steps.check.outputs.upload_asset_name }}
|
||||
gh release upload $version "${env:UPLOAD_ASSET_NAME}"
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
.\check.ps1 $version
|
||||
if ($LASTEXITCODE -eq 2) {
|
||||
|
||||
@@ -16,7 +16,7 @@ function Get-Podman-Setup-From-GitHub {
|
||||
)
|
||||
|
||||
Write-Host "Downloading the $arch $version Podman windows setup from GitHub..."
|
||||
$apiUrl = "https://api.github.com/repos/containers/podman/releases/$version"
|
||||
$apiUrl = "https://api.github.com/repos/podman-container-tools/podman/releases/$version"
|
||||
$headers = @{"User-Agent"="PowerShell"}
|
||||
if ($env:GITHUB_TOKEN) {
|
||||
$headers["Authorization"] = "Bearer $env:GITHUB_TOKEN"
|
||||
|
||||
@@ -53,9 +53,21 @@ function bloat_approved() {
|
||||
# requiring a MAX_BIN_GROWTH=nnn statement in github comments.
|
||||
local actual_growth="$1"
|
||||
|
||||
# The validate-source GitHub Actions workflow sets BLOAT_APPROVED=true when
|
||||
# the PR carries the '$OVERRIDE_LABEL' label.
|
||||
[[ "$BLOAT_APPROVED" == "true" ]]
|
||||
local var
|
||||
for var in PR_NUMBER GITHUB_TOKEN GITHUB_REPOSITORY; do
|
||||
if [[ -z "${!var}" ]]; then
|
||||
echo "$ME: cannot query github: \$$var is undefined" >&2
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
|
||||
labels=$(curl --fail -s \
|
||||
-H "Authorization: bearer $GITHUB_TOKEN" \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
"https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/$PR_NUMBER" |
|
||||
jq -r '.labels[].name')
|
||||
|
||||
grep -F -x -q "$OVERRIDE_LABEL" <<< "$labels"
|
||||
}
|
||||
|
||||
# ACTUAL CODE BEGINS HERE
|
||||
|
||||
@@ -46,9 +46,30 @@ if [[ -z "$filtered_changes" ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# This PR touches non-test files but adds no tests. Fail loudly.
|
||||
# The '$OVERRIDE_LABEL' label can be used to override this check; that is
|
||||
# handled by the CI workflow, not here.
|
||||
# This PR touches non-test files but adds no tests. Only allow it if the
|
||||
# '$OVERRIDE_LABEL' github label is set.
|
||||
if [[ -n "$PR_NUMBER" ]]; then
|
||||
for var in GITHUB_TOKEN GITHUB_REPOSITORY; do
|
||||
if [[ -z "${!var}" ]]; then
|
||||
echo "$ME: cannot query github: \$$var is undefined" >&2
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
|
||||
labels=$(curl --fail -s \
|
||||
-H "Authorization: bearer $GITHUB_TOKEN" \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
"https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/$PR_NUMBER" |
|
||||
jq -r '.labels[].name')
|
||||
|
||||
if grep -F -x -q "$OVERRIDE_LABEL" <<< "$labels"; then
|
||||
echo "$ME: \"$OVERRIDE_LABEL\" label found, ignoring test requirements"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
# This PR touches non-test files but adds no tests, and
|
||||
# the '$OVERRIDE_LABEL' is not set. Fail loudly.
|
||||
cat <<EOF
|
||||
$ME: PR does not include changes in the 'tests' directory
|
||||
|
||||
|
||||
Reference in New Issue
Block a user