-
-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathexternal_trigger.yml.j2
More file actions
229 lines (225 loc) · 16.9 KB
/
external_trigger.yml.j2
File metadata and controls
229 lines (225 loc) · 16.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
{#- Create a real object from repo_vars -#}
{%- set better_vars={} -%}
{%- for i in repo_vars -%}
{%- set i=(i | replace(' = ', '=', 1) | replace('=', '¯\_(ツ)_/¯', 1) | replace("'", "")).split('¯\_(ツ)_/¯') -%}
{%- set x=(better_vars.__setitem__(i[0], i[1])) -%}
{%- endfor -%}
{#- Create a real object from repo_vars -#}
name: External Trigger Main
on:
workflow_dispatch:
permissions:
contents: read
jobs:
external-trigger-{{ ls_branch|regex_replace('[^a-zA-Z0-9-]','-') }}:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: External Trigger
if: github.ref == 'refs/heads/{{ ls_branch }}'
env:
SKIP_EXTERNAL_TRIGGER: ${{ '{{' }} vars.SKIP_EXTERNAL_TRIGGER {{ '}}' }}
run: |
printf "# External trigger for {{ project_repo_name }}\n\n" >> $GITHUB_STEP_SUMMARY
{% if custom_version_command is defined or external_type != "os" %}
if grep -q "^{{ project_name }}_{{ ls_branch }}_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`{{ project_name }}_{{ ls_branch }}_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
elif grep -q "^{{ project_name }}_{{ ls_branch }}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`{{ project_name }}_{{ ls_branch }}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
echo "> External trigger running off of {{ ls_branch }} branch. To disable this trigger, add \`{{ project_name }}_{{ ls_branch }}\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
{% endif %}
{% if custom_version_command is defined and 'api.github.com' in custom_version_command %}
EXT_RELEASE=$({{ custom_version_command|replace('\\\\','\\')|replace('curl', 'curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }}') }})
echo "Type is \`custom_version_command\`" >> $GITHUB_STEP_SUMMARY
{% elif custom_version_command is defined %}
EXT_RELEASE=$({{ custom_version_command|replace('\\\\','\\') }})
echo "Type is \`custom_version_command\`" >> $GITHUB_STEP_SUMMARY
{% endif %}
{% if external_type == "github_devel" %}
EXT_RELEASE=$(curl -u "${{ '{{' }} secrets.CR_USER {{ '}}' }}:${{ '{{' }} secrets.CR_PAT {{ '}}' }}" -sX GET "https://api.github.com/repos/{{ better_vars.EXT_USER }}/{{ better_vars.EXT_REPO }}/releases" | jq -r '.[0] | .tag_name')
echo "Type is \`github_devel\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "github_stable" %}
EXT_RELEASE=$(curl -u "${{ '{{' }} secrets.CR_USER {{ '}}' }}:${{ '{{' }} secrets.CR_PAT {{ '}}' }}" -sX GET "https://api.github.com/repos/{{ better_vars.EXT_USER }}/{{ better_vars.EXT_REPO }}/releases/latest" | jq -r '. | .tag_name')
echo "Type is \`github_stable\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "alpine_repo" %}
EXT_RELEASE=$(curl -sL "{{ better_vars.DIST_REPO }}x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
&& awk '/^P:'"{{ better_vars.DIST_REPO_PACKAGES }}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
echo "Type is \`alpine_repo\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "custom_json" %}
{% if 'api.github.com' in better_vars.JSON_URL %}
EXT_RELEASE=$(curl -u "${{ '{{' }} secrets.CR_USER {{ '}}' }}:${{ '{{' }} secrets.CR_PAT {{ '}}' }}" -sX GET "{{ better_vars.JSON_URL }}" | jq -r '. | {{ better_vars.JSON_PATH }}')
echo "Type is \`custom_json\`" >> $GITHUB_STEP_SUMMARY
{% else %}
EXT_RELEASE=$(curl -s "{{ better_vars.JSON_URL }}" | jq -r '. | {{ better_vars.JSON_PATH }}')
echo "Type is \`custom_json\`" >> $GITHUB_STEP_SUMMARY
{% endif %}
{% elif external_type == "deb_repo" %}
EXT_RELEASE=$(docker run --rm "{{ better_vars.DIST_IMAGE }}":"{{ better_vars.DIST_TAG }}" bash -c \
'echo -e "'"{{ better_vars.DIST_REPO }}"'" > /etc/apt/sources.list.d/check.list \
&& apt-get --allow-unauthenticated update -qq >/dev/null 2>&1\
&& apt-cache --no-all-versions show '"{{ better_vars.DIST_REPO_PACKAGES }}"' | md5sum | cut -c1-8')
echo "Type is \`custom_json\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "external_blob" %}
EXT_RELEASE=$(#! /bin/bash
if [ $(curl -I -sL -w "%{http_code}" "{{ better_vars.EXT_BLOB }}" -o /dev/null) == 200 ]; then
curl -s -L "{{ better_vars.EXT_BLOB }}" | md5sum | cut -c1-8
else
exit 1
fi)
echo "Type is \`external_blob\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "github_commit" %}
EXT_RELEASE=$(curl -u "${{ '{{' }} secrets.CR_USER {{ '}}' }}:${{ '{{' }} secrets.CR_PAT {{ '}}' }}" -sX GET "https://api.github.com/repos/{{ better_vars.EXT_USER }}/{{ better_vars.EXT_REPO }}/commits/{{ better_vars.EXT_GIT_BRANCH }}" | jq -r '. | .sha' | cut -c1-8)
echo "Type is \`github_commit\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "gitlab_commit" %}
EXT_RELEASE=$(curl -s "https://gitlab.com/api/v4/projects/{{ better_vars.EXT_GITLAB_ID }}/repository/commits/{{ better_vars.EXT_GIT_BRANCH }}" | jq -r '. | .id' | cut -c1-8)
echo "Type is \`gitlab_commit\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "npm_version" %}
EXT_RELEASE=$(curl -sL "https://replicate.npmjs.com/registry/{{ better_vars.EXT_NPM }}" |jq -r '. | .["dist-tags"].latest')
echo "Type is \`npm_version\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "pip_version" %}
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/{{ better_vars.EXT_PIP }}/json" |jq -r '. | .info.version')
echo "Type is \`pip_version\`" >> $GITHUB_STEP_SUMMARY
{% elif external_type == "os" %}
echo "Type is \`os\`" >> $GITHUB_STEP_SUMMARY
echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
{% endif %}
if grep -q "^{{ project_name }}_{{ ls_branch }}_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
{% if custom_version_command is defined or external_type != "os" %}
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve external version for {{ project_name }} branch {{ ls_branch }}"
GHA_TRIGGER_URL="{{ project_github_repo_url }}/actions/runs/${{ '{{' }} github.run_id {{ '}}' }}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}],
"username": "Github Actions"}' ${{ '{{' }} secrets.DISCORD_WEBHOOK {{ '}}' }}
exit 1
fi
EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY
echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
image="{{ better_vars.LS_USER }}/{{ project_name }}"
tag="{{ release_tag }}"
token=$(curl -sX GET \
"https://ghcr.io/token?scope=repository%3A{{ better_vars.LS_USER }}%2F{{ project_name }}%3Apull" \
| jq -r '.token')
multidigest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${tag}")
if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
# If there's a layer element it's a single-arch manifest so just get that digest
digest=$(jq -r '.config.digest' <<< "${multidigest}")
else
# Otherwise it's multi-arch or has manifest annotations
if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
# Check for manifest annotations and delete if found
multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
fi
if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
# If there's still more than one digest, it's multi-arch
multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
else
# Otherwise it's single arch
multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
fi
if digest=$(curl -s \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
digest=$(jq -r '.config.digest' <<< "${digest}");
fi
fi
image_info=$(curl -sL \
--header "Authorization: Bearer ${token}" \
"https://ghcr.io/v2/${image}/blobs/${digest}")
if [[ $(echo $image_info | jq -r '.container_config') == "null" ]]; then
image_info=$(echo $image_info | jq -r '.config')
else
image_info=$(echo $image_info | jq -r '.container_config')
fi
IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
if [ -z "${IMAGE_VERSION}" ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="Can't retrieve last pushed version for {{ project_name }} tag {{ release_tag }}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ '{{' }} secrets.DISCORD_WEBHOOK {{ '}}' }}
exit 1
fi
echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then
echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
{% if external_type == "alpine_repo" and better_vars.MULTIARCH == 'true' %}
elif [[ $(curl -sL "{{ better_vars.DIST_REPO }}aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"{{ better_vars.DIST_REPO_PACKAGES }}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]{% if build_armhf %} || [[ $(curl -sL "{{ better_vars.DIST_REPO }}armv7/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"{{ better_vars.DIST_REPO_PACKAGES }}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]{% endif %}{% if build_riscv64 %} || [[ $(curl -sL "{{ better_vars.DIST_REPO }}riscv64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"{{ better_vars.DIST_REPO_PACKAGES }}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]{% endif %}; then
echo "New version \`${EXT_RELEASE}\` found; but not all arch repos updated yet; exiting" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for {{ project_name }} tag {{ release_tag }} is detected, however not all arch repos are updated yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ '{{' }} secrets.DISCORD_WEBHOOK {{ '}}' }}
exit 0
{% endif %}
elif [ $(curl -s {{ lsio_ci_url }}/job/Docker-Pipeline-Builders/job/{{ project_repo_name }}/job/{{ ls_branch }}/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0
{% if external_trigger_delay_hours > 0 %}
elif [[ $(( $(date +%s%3N) - $(curl -s {{ lsio_ci_url }}/job/Docker-Pipeline-Builders/job/{{ project_repo_name }}/job/{{ ls_branch }}/lastBuild/api/json | jq -r '.timestamp') )) -lt $(( {{ external_trigger_delay_hours }} * 3600000 )) ]]; then
echo "New version \`${EXT_RELEASE}\` found; but the last build was less than {{ external_trigger_delay_hours }} hours ago; skipping trigger" >> $GITHUB_STEP_SUMMARY
exit 0
{% endif %}
else
{% if external_artifact_check is defined %}
{{ external_artifact_check | indent(12) }}
{%- endif %}
if [[ "${artifacts_found}" == "false" ]]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
FAILURE_REASON="New version ${EXT_RELEASE} for {{ project_name }} tag {{ release_tag }} is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
"username": "Github Actions"}' ${{ '{{' }} secrets.DISCORD_WEBHOOK {{ '}}' }}
else
printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
if [[ "${artifacts_found}" == "true" ]]; then
echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
fi
response=$(curl -iX POST \
{{ lsio_ci_url }}/job/Docker-Pipeline-Builders/job/{{ project_repo_name }}/job/{{ ls_branch }}/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ '{{' }} secrets.JENKINS_USER {{ '}}' }}:${{ '{{' }} secrets.JENKINS_TOKEN {{ '}}' }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
sleep 10
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
"${buildurl}submitDescription" \
--user ${{ '{{' }} secrets.JENKINS_USER {{ '}}' }}:${{ '{{' }} secrets.JENKINS_TOKEN {{ '}}' }} \
--data-urlencode "description=GHA external trigger https://github.com/${{ '{{' }} github.repository {{ '}}' }}/actions/runs/${{ '{{' }} github.run_id {{ '}}' }}" \
--data-urlencode "Submit=Submit"
echo "**** Notifying Discord ****"
TRIGGER_REASON="A version change was detected for {{ project_name }} tag {{ release_tag }}. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}"
curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
"description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
"username": "Github Actions"}' ${{ '{{' }} secrets.DISCORD_WEBHOOK {{ '}}' }}
fi
fi
{% endif %}