Skip to content
Keyfactor Bootstrap Workflow

v1.6.0 #700

Sign in to view logs

v1.6.0

v1.6.0 #700

Workflow file for this run

.github/workflows/keyfactor-bootstrap-workflow.yml at 131b7be
name: Keyfactor Bootstrap Workflow
on:
workflow_dispatch:
pull_request:
types: [ opened, closed, synchronize, edited, reopened ]
push:
create:
branches:
- 'release-*.*'
jobs:
get-versions:
runs-on: ubuntu-latest
outputs:
PR_BASE_REF: ${{ steps.set-outputs.outputs.PR_BASE_REF }}
PR_COMMIT_SHA: ${{ steps.set-outputs.outputs.PR_COMMIT_SHA }}
GITHUB_SHA: ${{ steps.set-outputs.outputs.GITHUB_SHA }}
PR_BASE_TAG: ${{ steps.set-outputs.outputs.PR_BASE_TAG }}
IS_FULL_RELEASE: ${{ steps.set-outputs.outputs.IS_FULL_RELEASE }}
IS_PRE_RELEASE: ${{ steps.set-outputs.outputs.IS_PRE_RELEASE }}
INC_LEVEL: ${{ steps.set-outputs.outputs.INC_LEVEL }}
IS_RELEASE_BRANCH: ${{ steps.set-outputs.outputs.IS_RELEASE_BRANCH }}
IS_HOTFIX: ${{ steps.set-outputs.outputs.IS_HOTFIX }}
LATEST_TAG: ${{ steps.set-outputs.outputs.LATEST_TAG }}
NEXT_VERSION: ${{ steps.set-outputs.outputs.NEW_PKG_VERSION }}
steps:
- name: Check out the code
uses: actions/checkout@v3
with:
token: ${{ secrets.V2BUILDTOKEN}}
- name: Display base.ref from Pull Request
if: github.event_name == 'pull_request'
id: display-from-pr
run: |
echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
echo "Event Action: ${{ github.event.action }}" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_BASE_REF=${{ github.event.pull_request.base.ref }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_STATE=${{ github.event.pull_request.state }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_MERGED=${{ github.event.pull_request.merged }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "PR_COMMIT_SHA=${{ github.event.pull_request.merge_commit_sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
echo "GITHUB_SHA=${{ github.sha }}" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
baseref="${{ github.event.pull_request.base.ref }}"
basetag="${baseref#release-}"
echo "PR_BASE_TAG=$basetag" | tee -a "$GITHUB_ENV" | tee -a $GITHUB_STEP_SUMMARY
- name: Display base_ref from Push Event
if: github.event_name == 'push'
id: display-from-push
run: |
echo "Branch Ref: ${{ github.ref }}" | tee -a $GITHUB_STEP_SUMMARY
echo "Event: ${{ github.event_name }}" | tee -a $GITHUB_STEP_SUMMARY
echo "github.sha: ${{ github.sha }}" | tee -a $GITHUB_STEP_SUMMARY
- name: Find Latest Tag
if: github.event_name == 'pull_request'
id: find-latest-tag
run: |
prbasetag="${{env.PR_BASE_TAG}}"
git fetch --tags
if [[ -n `git tag` ]]; then
echo "Setting vars"
allBranchTags=`git tag --sort=-v:refname | grep "^$prbasetag" || echo ""`
allRepoTags=`git tag --sort=-v:refname`
branchTagBase=`git tag --sort=-v:refname | grep "^$prbasetag" | grep -o '^[0-9.]*' | head -n 1 || echo ""`
latestTagBase=`git tag --sort=-v:refname | grep -o '^[0-9.]*' | head -n 1`
latestBranchTag=`git tag --sort=-v:refname | grep "^$prbasetag" | grep "^$branchTagBase" | head -n 1 || echo ""`
latestReleasedTag=`git tag --sort=-v:refname | grep "^$prbasetag" | grep "^$branchTagBase$" | head -n 1 || echo ""`
# If the *TagBase values are not found in the list of tags, it means no final release was produced, and the latest*Tag vars will be empty
if [[ -z "$latestReleasedTag" ]]; then
latestTag="$latestBranchTag"
else
latestTag="$latestReleasedTag"
fi
echo "LATEST_TAG=${latestTag}" | tee -a "$GITHUB_ENV"
if [[ "$latestTagBase" == *"$branchTagBase" ]]; then
hf="False"
else
hf="True"
fi
# The intention is to use this to set the make_latest:false property when
# dispatching the create-release action, but it is not *yet* a configurable option
echo "IS_HOTFIX=$hf" | tee -a "$GITHUB_ENV"
else
echo "No tags exist in this repo"
echo "LATEST_TAG=" | tee -a "$GITHUB_ENV"
fi
- name: Set Outputs
id: set-outputs
run: |
echo "PR_BASE_REF=${{ env.PR_BASE_REF }}" | tee -a "$GITHUB_OUTPUT"
echo "PR_STATE=${{ env.PR_STATE }}"
echo "PR_MERGED=${{ env.PR_MERGED }}"
if [[ "${{ env.PR_STATE }}" == "closed" && "${{ env.PR_MERGED }}" == "true" && "${{ env.PR_COMMIT_SHA }}" == "${{ env.GITHUB_SHA }}" ]]; then
echo "IS_FULL_RELEASE=True" | tee -a "$GITHUB_OUTPUT"
echo "INC_LEVEL=patch" | tee -a "$GITHUB_OUTPUT"
fi
if [[ "${{ env.PR_STATE }}" == "open" ]]; then
echo "IS_PRE_RELEASE=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
echo "INC_LEVEL=prerelease" | tee -a "$GITHUB_OUTPUT"
fi
if [[ "${{ env.PR_BASE_REF }}" == "release-"* ]]; then
echo "IS_RELEASE_BRANCH=True" | tee -a "$GITHUB_OUTPUT" | tee -a "$GITHUB_ENV"
fi
echo "PR_COMMIT_SHA=${{ env.PR_COMMIT_SHA }}" | tee -a "$GITHUB_OUTPUT"
echo "GITHUB_SHA=${{ env.GITHUB_SHA }}" | tee -a "$GITHUB_OUTPUT"
echo "PR_BASE_TAG=${{ env.PR_BASE_TAG }}" | tee -a "$GITHUB_OUTPUT"
echo "IS_HOTFIX=${{ env.IS_HOTFIX }}" | tee -a "$GITHUB_OUTPUT"
echo "LATEST_TAG=${{ env.LATEST_TAG }}" | tee -a "$GITHUB_OUTPUT"
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v3
needs: get-versions
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
scan_token: ${{ secrets.SAST_TOKEN }}
# Tester Install Script
Test_Install_Script:
runs-on: kfutil-runner-set
needs:
- get-versions
# - call-starter-workflow
steps:
- name: Test Quick Install Script
env:
VERSION: ${{ needs.get-versions.outputs.NEXT_VERSION }}
run: |
echo "Testing Install Script for version: $VERSION"
sudo apt update && sudo apt upgrade -y && sudo apt install -y curl wget unzip jq openssl && sudo apt clean
echo curl -s "https://raw.githubusercontent.com/Keyfactor/kfutil/${GITHUB_REF_NAME}/install.sh"
GITHUB_REF_NAME_ENCODED=$(echo -n "${GITHUB_REF_NAME}" | jq -sRr @uri)
VERIFY_CHECKSUM=0
bash <(curl -s "https://raw.githubusercontent.com/Keyfactor/kfutil/${GITHUB_REF_NAME_ENCODED}/install.sh")
which kfutil
kfutil version
rm $(which kfutil)