-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
230 lines (207 loc) · 10.9 KB
/
action.yml
File metadata and controls
230 lines (207 loc) · 10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
name: 'Private Packagist Conductor'
description: 'GitHub Action to integrate Private Packagist Conductor with your CI'
author: Packagist Conductors GmbH <contact@packagist.com>
inputs:
file_pattern:
description: The file pattern used for `git add`. For example `composer.*`
default: '.'
required: false
skip_git_hooks:
description: Skip any git hooks that get installed as part of the GitHub Action e.g. during composer install or update.
default: 'false'
required: false
packagist_url:
description: Base URL of the Private Packagist instance that dispatches this action. Webhook URLs in the payload must be under this prefix. Requests to any other host are refused. Override this for Self-Hosted installations.
default: 'https://packagist.com'
required: false
runs:
using: "composite"
steps:
# Set local environment variables using jq instead of passing the values via env: to not leak secrets before masking them
- name: Mask Composer authentication token
shell: bash
run: |
CONDUCTOR_TOKEN=$(jq -r '.client_payload.composerAuthentication.token' $GITHUB_EVENT_PATH)
echo "::add-mask::$CONDUCTOR_TOKEN"
if: ${{ github.event.client_payload.composerAuthentication.type != 'none' }}
- name: Mask webhook authentication token
shell: bash
run: |
WEBHOOK_AUTHENTICATION_PASSWORD=$(jq -r '.client_payload.webhook.authentication.password' $GITHUB_EVENT_PATH)
echo "::add-mask::$WEBHOOK_AUTHENTICATION_PASSWORD"
# This is the version that needs to be increased for each release of the GitHub Action
- name: Set Conductor version
shell: bash
run: echo "CONDUCTOR_ACTION_VERSION=1.6.0" >> $GITHUB_ENV
- name: Validate Conductor branch name
shell: bash
run: '"${GITHUB_ACTION_PATH}/bin/branch_name_check.sh" "${BRANCH}"'
env:
BRANCH: ${{ github.event.client_payload.branch }}
- name: "Validate GitHub action version"
shell: bash
run: "${GITHUB_ACTION_PATH}/bin/ci_version_check.sh ${MINIMUM_CI_ACTION_VERSION} $CONDUCTOR_ACTION_VERSION"
env:
MINIMUM_CI_ACTION_VERSION: ${{ github.event.client_payload.requirements.minimumCiActionVersion }}
- name: "Validate PHP version"
shell: bash
run: "${GITHUB_ACTION_PATH}/bin/php_version_check.sh ${MINIMUM_PHP_VERSION}"
env:
MINIMUM_PHP_VERSION: ${{ github.event.client_payload.requirements.minimumPhpVersion }}
- name: "Validate Composer version"
shell: bash
run: "${GITHUB_ACTION_PATH}/bin/composer_version_check.sh ${MINIMUM_COMPOSER_VERSION}"
env:
MINIMUM_COMPOSER_VERSION: ${{ github.event.client_payload.requirements.minimumComposerVersion }}
# Temporary workaround to make sure you can set up Conductor for
# the first time. The CI verification job runs "composer update nothing"
# which fails if your composer.lock contains any versions with
# known security issues in Composer >=2.9.0
- name: Set security blocking environment variable
shell: bash
run: |
if [[ "${BRANCH}" == "conductor-nothing" ]]; then
echo "COMPOSER_NO_SECURITY_BLOCKING=1" >> "$GITHUB_ENV"
else
echo "COMPOSER_NO_SECURITY_BLOCKING=0" >> "$GITHUB_ENV"
fi
env:
BRANCH: ${{ github.event.client_payload.branch }}
- name: Store base commit info
shell: bash
id: base_commit_info
run: |
git log -1 --format="HASH=%H" >> $GITHUB_OUTPUT
git log -1 --format="AUTHOR=%an" >> $GITHUB_OUTPUT
git log -1 --format="MESSAGE=%s" >> $GITHUB_OUTPUT
- name: Install dependencies
uses: ramsey/composer-install@a8d0d959dab41457692a5e2041bd9b757a119e3f # 3.2.1
env:
COMPOSER_AUTH: ${{ github.event.client_payload.composerAuthentication.type == 'environment' && github.event.client_payload.composerAuthentication.environment || env.COMPOSER_AUTH }}
with:
working-directory: "${{ github.event.client_payload.workingDirectory }}"
composer-options: "${{ github.event.client_payload.settings.debug == true && '-vvv' || '' }}"
- name: Modify requirements in the composer.json
if: ${{ github.event.client_payload.requireCommand }}
shell: bash
run: '"${GITHUB_ACTION_PATH}/bin/run_composer_command.sh" require'
working-directory: "${{ github.event.client_payload.workingDirectory }}"
env:
COMPOSER_COMMAND_STRING: ${{ github.event.client_payload.settings.debug == true && github.event.client_payload.requireCommand.debug || github.event.client_payload.requireCommand.plain }}
COMPOSER_AUTH: ${{ github.event.client_payload.composerAuthentication.type == 'environment' && github.event.client_payload.composerAuthentication.environment || env.COMPOSER_AUTH }}
- name: Composer update
shell: bash
run: '"${GITHUB_ACTION_PATH}/bin/run_composer_command.sh" update'
working-directory: "${{ github.event.client_payload.workingDirectory }}"
env:
COMPOSER_COMMAND_STRING: ${{ github.event.client_payload.settings.debug == true && github.event.client_payload.updateCommand.debug || github.event.client_payload.updateCommand.plain }}
COMPOSER_AUTH: ${{ github.event.client_payload.composerAuthentication.type == 'environment' && github.event.client_payload.composerAuthentication.environment || env.COMPOSER_AUTH }}
- name: Uninstall git hooks
shell: bash
if: ${{ inputs.skip_git_hooks != 'false' }}
run: "rm -rf .git/hooks"
- name: Create branch
shell: bash
run: git checkout -b $BRANCH
env:
BRANCH: ${{ github.event.client_payload.branch }}
- name: Add files
shell: bash
run: |
read -r -a PATTERN_EXPANDED <<< "$FILE_PATTERN";
git add ${FILE_PATTERN:+"${PATTERN_EXPANDED[@]}"};
env:
FILE_PATTERN: ${{ inputs.file_pattern }}
- name: Commit
uses: qoomon/actions--create-commit@dfef4d264de752be6d6195a4d61a2f3d3262d406 # v1.2.3
with:
message: ${{ github.event.client_payload.commitMessage }}
skip-empty: true
- name: Store number of changed files
shell: bash
id: number_of_changed_files
run: echo "COUNT=$(git --no-pager diff --name-only $GITHUB_SHA | wc -l | tr -d ' ')" >> $GITHUB_OUTPUT
- name: Store Conductor commit info
shell: bash
id: conductor_commit_info
run: |
git log -1 --format="HASH=%H" >> $GITHUB_OUTPUT
git log -1 --format="AUTHOR=%an" >> $GITHUB_OUTPUT
git log -1 --format="MESSAGE=%s" >> $GITHUB_OUTPUT
- name: Push branch
shell: bash
run: git push origin $BRANCH --force
if: ${{ steps.number_of_changed_files.outputs.COUNT != 0 }}
env:
BRANCH: ${{ github.event.client_payload.branch }}
- name: Call webhook from Private Packagist to create the pull request
shell: bash
run: |
"${GITHUB_ACTION_PATH}/bin/webhook_url_check.sh" "${PACKAGIST_URL}" "${WEBHOOK_EXECUTEDURL}"
jq -n '{
"runId": env.RUN_ID,
"numberOfChangedFiles": env.CHANGED_FILES,
"gitInfo": {
"baseCommit": {
"hash": env.BASE_COMMIT_HASH,
"author": env.BASE_COMMIT_AUTHOR,
"message": env.BASE_COMMIT_MESSAGE
},
"conductorCommit": {
"hash": env.CONDUCTOR_COMMIT_HASH,
"author": env.CONDUCTOR_COMMIT_AUTHOR,
"message": env.CONDUCTOR_COMMIT_MESSAGE
}
},
"versions": {
"ciScriptVersion": env.CONDUCTOR_ACTION_VERSION
}
}' | curl -fsSL -X POST \
-u "${WEBHOOK_AUTHENTICATION_USERNAME}:${WEBHOOK_AUTHENTICATION_PASSWORD}" \
--header "Content-Type: application/json" \
--data @- \
"${WEBHOOK_EXECUTEDURL}"
env:
RUN_ID: ${{ github.run_id }}
CHANGED_FILES: ${{ steps.number_of_changed_files.outputs.COUNT }}
BASE_COMMIT_HASH: ${{ steps.base_commit_info.outputs.HASH }}
BASE_COMMIT_AUTHOR: ${{ steps.base_commit_info.outputs.AUTHOR }}
BASE_COMMIT_MESSAGE: ${{ steps.base_commit_info.outputs.MESSAGE }}
CONDUCTOR_COMMIT_HASH: ${{ steps.conductor_commit_info.outputs.HASH }}
CONDUCTOR_COMMIT_AUTHOR: ${{ steps.conductor_commit_info.outputs.AUTHOR }}
CONDUCTOR_COMMIT_MESSAGE: ${{ steps.conductor_commit_info.outputs.MESSAGE }}
WEBHOOK_AUTHENTICATION_USERNAME: ${{ github.event.client_payload.webhook.authentication.username }}
WEBHOOK_AUTHENTICATION_PASSWORD: ${{ github.event.client_payload.webhook.authentication.password }}
WEBHOOK_EXECUTEDURL: ${{ github.event.client_payload.webhook.executedUrl }}
PACKAGIST_URL: ${{ inputs.packagist_url }}
- name: Call webhook from Private Packagist to notify about build failure
shell: bash
if: ${{ failure() }}
run: |
"${GITHUB_ACTION_PATH}/bin/webhook_url_check.sh" "${PACKAGIST_URL}" "${WEBHOOK_ERRORURL}"
jq -n '{
"runId": env.RUN_ID,
"gitInfo": {
"baseCommit": {
"hash": env.BASE_COMMIT_HASH,
"author": env.BASE_COMMIT_AUTHOR,
"message": env.BASE_COMMIT_MESSAGE
}
},
"versions": {
"ciScriptVersion": env.CONDUCTOR_ACTION_VERSION
}
}' | curl -fsSL -X POST \
-u "${WEBHOOK_AUTHENTICATION_USERNAME}:${WEBHOOK_AUTHENTICATION_PASSWORD}" \
--header "Content-Type: application/json" \
--data @- \
"${WEBHOOK_ERRORURL}"
env:
RUN_ID: ${{ github.run_id }}
BASE_COMMIT_HASH: ${{ steps.base_commit_info.outputs.HASH }}
BASE_COMMIT_AUTHOR: ${{ steps.base_commit_info.outputs.AUTHOR }}
BASE_COMMIT_MESSAGE: ${{ steps.base_commit_info.outputs.MESSAGE }}
WEBHOOK_AUTHENTICATION_USERNAME: ${{ github.event.client_payload.webhook.authentication.username }}
WEBHOOK_AUTHENTICATION_PASSWORD: ${{ github.event.client_payload.webhook.authentication.password }}
WEBHOOK_ERRORURL: ${{ github.event.client_payload.webhook.errorUrl }}
PACKAGIST_URL: ${{ inputs.packagist_url }}