-
Notifications
You must be signed in to change notification settings - Fork 546
142 lines (129 loc) · 5.72 KB
/
publish_plugin_to_hub_fips.yml
File metadata and controls
142 lines (129 loc) · 5.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Publish plugin to hub FIPS
on:
push:
tags:
- "plugins-source-test-v*.*.*"
- "plugins-destination-bigquery-v*.*.*"
- "plugins-destination-kafka-v*.*.*"
- "plugins-destination-postgresql-v*.*.*"
permissions:
contents: read
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
plugin_name: ${{ steps.split.outputs.plugin_name }}
plugin_kind: ${{ steps.split.outputs.plugin_kind }}
plugin_version: ${{ steps.split.outputs.plugin_version }}-fips
plugin_dir: ${{ steps.split.outputs.plugin_dir }}
prerelease: ${{ steps.semver_parser.outputs.prerelease }}
steps:
- name: Split tag
id: split
run: |
tag=${{ github.ref_name }}
plugin_kind=$(echo $tag | cut -d- -f2)
plugin_name=$(echo $tag | cut -d- -f3)
plugin_version=$(echo $tag | cut -d- -f4-)
# perform looping till either the plugin version passes our semver test or is empty
until [[ $plugin_version =~ ^v?[0-9]+\.[0-9]+ ]] || [[ $(echo $plugin_version | wc -c) -eq 0 ]] ; do
echo "${plugin_version} is not a valid version"
plugin_name="$plugin_name-$(echo $plugin_version | cut -d- -f1)"
plugin_version=$(echo $plugin_version | cut -d- -f2-)
done
echo "plugin_name=${plugin_name}" >> $GITHUB_OUTPUT
echo "plugin_kind=${plugin_kind}" >> $GITHUB_OUTPUT
echo "plugin_version=${plugin_version}" >> $GITHUB_OUTPUT
echo "plugin_dir=plugins/${plugin_kind}/${plugin_name}" >> $GITHUB_OUTPUT
# Fail if not a valid SemVer string
- name: Parse semver string
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3
id: semver_parser
with:
input_string: ${{steps.split.outputs.plugin_version}}
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
publish-plugin-to-hub-fips:
timeout-minutes: 60
runs-on: ubuntu-latest
needs:
- prepare
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
- name: Set up Go 1.x
id: setup-go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
with:
go-version-file: ${{ needs.prepare.outputs.plugin_dir }}/go.mod
cache: false
- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ steps.setup-go.outputs.go-version }}-publish-plugin-to-hub-fips-cache-plugins-${{ needs.prepare.outputs.plugin_kind }}-${{ needs.prepare.outputs.plugin_name }}-${{ hashFiles(format('{0}/{1}', needs.prepare.outputs.plugin_dir, 'go.sum')) }}
restore-keys: |
${{ runner.os }}-go-${{ steps.setup-go.outputs.go-version }}-publish-plugin-to-hub-fips-cache-plugins-${{ needs.prepare.outputs.plugin_kind }}-${{ needs.prepare.outputs.plugin_name }}-
# Needed for shell escape
- name: Use Node.js LTS
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: "lts/*"
- name: Install shell escape
run: |
npm install shell-escape@0.2.0
- name: Get Release Notes
id: release-notes
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
PRERELEASE: ${{ needs.prepare.outputs.prerelease }}
with:
result-encoding: string
script: |
const shellescape = require('shell-escape');
const { PRERELEASE } = process.env;
if (PRERELEASE) {
return shellescape(["This is a pre-release version of the plugin and should be used for testing purposes only"])
}
const { data } = await github.rest.repos.getReleaseByTag({
owner: "cloudquery",
repo: context.repo.repo,
tag: context.ref.replace('refs/tags/', ''),
});
return shellescape([data.body]);
- name: Find and Replace
uses: jacobtomlinson/gha-find-replace@b19bfcb2a015af55fd6e160d1d1987e887f8c163
with:
find: "(?i)version_${{ needs.prepare.outputs.plugin_kind }}_${{ needs.prepare.outputs.plugin_name }}"
replace: ${{ needs.prepare.outputs.plugin_version }}
include: ${{ needs.prepare.outputs.plugin_dir }}/docs/*.md
- name: Run package command
working-directory: ${{ needs.prepare.outputs.plugin_dir }}
env:
GOFLAGS: "-tags=fipsEnabled"
run: |
rm -rf docs/tables.md
go run main_fips.go package -m ${{ steps.release-notes.outputs.result }} ${{ needs.prepare.outputs.plugin_version }} .
- name: Setup CloudQuery
uses: cloudquery/setup-cloudquery@4a3af61f7d8c362d8d152a4a17053ed2aaa7180d # v4
with:
version: v6.35.7
- name: Publish plugin to hub
working-directory: ${{ needs.prepare.outputs.plugin_dir }}
env:
CLOUDQUERY_API_KEY: ${{ secrets.CLOUDQUERY_API_KEY }}
run: |
cloudquery plugin publish --finalize
- name: Slack Notify
uses: ravsamhq/notify-slack-action@d0190712a54cd89d2e57a5847f06a78de127711a
if: always()
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: 'Failed to publish to hub ${{ needs.prepare.outputs.plugin_kind }}-${{ needs.prepare.outputs.plugin_name }}@${{ needs.prepare.outputs.plugin_version }}'
footer: '<{repo_url}|{repo}>'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ALERTS_INTEGRATIONS_SLACK_WEBHOOK_URL }}