saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 01:30:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some workflow fixes

Browse source 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
This commit is contained in:
Pedro Algarvio 2023-02-11 07:50:48 +00:00 committed by Pedro Algarvio
parent f9e24f6caa
commit bfc77d0c66
14 changed files with 76 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build-deb-repo.yml vendored
View file

@ -99,9 +99,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-macos-repo.yml vendored
View file

@ -66,9 +66,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-onedir-repo.yml vendored
View file

@ -102,9 +102,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-rpm-repo.yml vendored
View file

@ -96,9 +96,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-src-repo.yml vendored
View file

@ -66,9 +66,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-windows-repo.yml vendored
View file

@ -72,9 +72,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

18
.github/workflows/ci.yml vendored
View file

@ -139,44 +139,44 @@ jobs:
- name: Process Changed Files - name: Process Changed Files
id: process-changed-files id: process-changed-files
run: run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files - name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
run: run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types - name: Define Runner Types
id: runner-types id: runner-types
run: run: |
tools ci runner-types ${{ github.event_name }} tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners - name: Check Defined Runners
run: run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs - name: Define Jobs
id: define-jobs id: define-jobs
run: run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs - name: Check Defined Jobs
run: run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun - name: Define Testrun
id: define-testrun id: define-testrun
run: run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run - name: Check Defined Test Run
run: run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt - name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run: run: |
cat testrun-changed-files.txt || true cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt - name: Upload testrun-changed-files.txt

18
.github/workflows/nightly.yml vendored
View file

@ -137,44 +137,44 @@ jobs:
- name: Process Changed Files - name: Process Changed Files
id: process-changed-files id: process-changed-files
run: run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files - name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
run: run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types - name: Define Runner Types
id: runner-types id: runner-types
run: run: |
tools ci runner-types ${{ github.event_name }} tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners - name: Check Defined Runners
run: run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs - name: Define Jobs
id: define-jobs id: define-jobs
run: run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs - name: Check Defined Jobs
run: run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun - name: Define Testrun
id: define-testrun id: define-testrun
run: run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run - name: Check Defined Test Run
run: run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt - name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run: run: |
cat testrun-changed-files.txt || true cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt - name: Upload testrun-changed-files.txt

16
.github/workflows/release.yml vendored
View file

@ -91,7 +91,6 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
ssh-key: ${{ secrets.GHA_SSH_KEY }} ssh-key: ${{ secrets.GHA_SSH_KEY }}
fetch-depth: 0 # Full clone to also get the tags
- name: Setup Python Tools Scripts - name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts uses: ./.github/actions/setup-python-tools-scripts
@ -117,24 +116,27 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git - name: Configure Git
shell: bash shell: bash
run: | run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging" git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com git config --global user.email saltproject-packaging@vmware.com
git config --global user.signingkey 64CBBC8173D76B3F git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true git config --global commit.gpgsign true
- name: Setup Salt Release - name: Prepare Release
id: release id: prepare-release
run: | run: |
tools pkg repo publish release ${{ needs.prepare-workflow.outputs.salt-version }} tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch - name: Apply The Release Patch
run: | run: |
@ -156,11 +158,11 @@ jobs:
uses: ncipollo/release-action@v1.12.0 uses: ncipollo/release-action@v1.12.0
with: with:
artifactErrorsFailBuild: true artifactErrorsFailBuild: true
artifacts: ${{ steps.release.outputs.release-artifacts }} artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
bodyFile: ${{ steps.release.outputs.release-messsage-file }} bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }}
draft: false draft: false
generateReleaseNotes: false generateReleaseNotes: false
makeLatest: ${{ steps.release.outputs.make-latest }} makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }})
name: v${{ needs.prepare-workflow.outputs.salt-version }} name: v${{ needs.prepare-workflow.outputs.salt-version }}
prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }} prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }}
removeArtifacts: true removeArtifacts: true

18
.github/workflows/scheduled.yml vendored
View file

@ -137,44 +137,44 @@ jobs:
- name: Process Changed Files - name: Process Changed Files
id: process-changed-files id: process-changed-files
run: run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files - name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
run: run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types - name: Define Runner Types
id: runner-types id: runner-types
run: run: |
tools ci runner-types ${{ github.event_name }} tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners - name: Check Defined Runners
run: run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs - name: Define Jobs
id: define-jobs id: define-jobs
run: run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs - name: Check Defined Jobs
run: run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun - name: Define Testrun
id: define-testrun id: define-testrun
run: run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run - name: Check Defined Test Run
run: run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt - name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run: run: |
cat testrun-changed-files.txt || true cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt - name: Upload testrun-changed-files.txt

18
.github/workflows/staging.yml vendored
View file

@ -162,44 +162,44 @@ jobs:
- name: Process Changed Files - name: Process Changed Files
id: process-changed-files id: process-changed-files
run: run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files - name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
run: run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types - name: Define Runner Types
id: runner-types id: runner-types
run: run: |
tools ci runner-types ${{ github.event_name }} tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners - name: Check Defined Runners
run: run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs - name: Define Jobs
id: define-jobs id: define-jobs
run: run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs - name: Check Defined Jobs
run: run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun - name: Define Testrun
id: define-testrun id: define-testrun
run: run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run - name: Check Defined Test Run
run: run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt - name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run: run: |
cat testrun-changed-files.txt || true cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt - name: Upload testrun-changed-files.txt

18
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -176,44 +176,44 @@ jobs:
- name: Process Changed Files - name: Process Changed Files
id: process-changed-files id: process-changed-files
run: run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files - name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }} if: ${{ github.event_name == 'pull_request' }}
run: run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types - name: Define Runner Types
id: runner-types id: runner-types
run: run: |
tools ci runner-types ${{ github.event_name }} tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners - name: Check Defined Runners
run: run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs - name: Define Jobs
id: define-jobs id: define-jobs
run: run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs - name: Check Defined Jobs
run: run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun - name: Define Testrun
id: define-testrun id: define-testrun
run: run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run - name: Check Defined Test Run
run: run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt - name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run: run: |
cat testrun-changed-files.txt || true cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt - name: Upload testrun-changed-files.txt

16
.github/workflows/templates/release.yml.jinja vendored
View file

@ -122,7 +122,6 @@ permissions:
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
ssh-key: ${{ secrets.GHA_SSH_KEY }} ssh-key: ${{ secrets.GHA_SSH_KEY }}
fetch-depth: 0 # Full clone to also get the tags
- name: Setup Python Tools Scripts - name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts uses: ./.github/actions/setup-python-tools-scripts
@ -148,24 +147,27 @@ permissions:
--query SecretString --output text | jq .default_key -r | base64 -d \ --query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import - | gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \ --query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE" rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git - name: Configure Git
shell: bash shell: bash
run: | run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging" git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com git config --global user.email saltproject-packaging@vmware.com
git config --global user.signingkey 64CBBC8173D76B3F git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true git config --global commit.gpgsign true
- name: Setup Salt Release - name: Prepare Release
id: release id: prepare-release
run: | run: |
tools pkg repo publish release ${{ needs.prepare-workflow.outputs.salt-version }} tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch - name: Apply The Release Patch
run: | run: |
@ -187,11 +189,11 @@ permissions:
uses: ncipollo/release-action@v1.12.0 uses: ncipollo/release-action@v1.12.0
with: with:
artifactErrorsFailBuild: true artifactErrorsFailBuild: true
artifacts: ${{ steps.release.outputs.release-artifacts }} artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
bodyFile: ${{ steps.release.outputs.release-messsage-file }} bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }}
draft: false draft: false
generateReleaseNotes: false generateReleaseNotes: false
makeLatest: ${{ steps.release.outputs.make-latest }} makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }})
name: v${{ needs.prepare-workflow.outputs.salt-version }} name: v${{ needs.prepare-workflow.outputs.salt-version }}
prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }} prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }}
removeArtifacts: true removeArtifacts: true

2
tools/changelog.py
View file

@ -252,7 +252,7 @@ def update_rpm(ctx: Context, salt_version: str, draft: bool = False):
if salt_version is None: if salt_version is None:
salt_version = _get_salt_version(ctx) salt_version = _get_salt_version(ctx)
changes = _get_pkg_changelog_contents(ctx, salt_version) changes = _get_pkg_changelog_contents(ctx, salt_version)
ctx.info("Salt version is %s", salt_version) ctx.info(f"Salt version is {salt_version}")
orig = ctx.run( orig = ctx.run(
"sed", "sed",
f"s/Version: .*/Version: {salt_version}/g", f"s/Version: .*/Version: {salt_version}/g",