Deploy Module #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Deploy Module' | |
| on: | |
| workflow_call: | |
| secrets: | |
| PUSH_TO_OTHER_REPOS_TOKEN: | |
| required: true | |
| workflow_dispatch: | |
| # release:? [published] | |
| # push: | |
| # branches: | |
| # - '*' | |
| permissions: | |
| contents: read | |
| jobs: | |
| copy_module_to_new_repo: | |
| name: 'Export module' | |
| runs-on: ubuntu-latest | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - source_module: "aws/sonar-upgrader" | |
| destination_repo: "terraform-aws-dsf-sonar-upgrader" | |
| env: | |
| source_module: ${{ matrix.source_module }} | |
| destination_repo: ${{ matrix.destination_repo }} | |
| hidden_submodules: ${{ matrix.hidden_submodules }} | |
| public_submodule: ${{ matrix.public_submodule }} | |
| outputs: | |
| module_github_repo: ${{ format('https://github.com/imperva/{0}', matrix.destination_repo) }} | |
| steps: | |
| # Checkout the repository to the GitHub Actions runner | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: '0' | |
| ref: 'deploy-upgrade-module' | |
| - name: Filter branch | |
| run: | | |
| set -x | |
| git branch | |
| if [ -n "${hidden_submodules}" ]; then | |
| cmd="" | |
| for i in ${hidden_submodules}; do | |
| target_dir=_modules/$i | |
| cmd="$cmd mkdir -p $(dirname modules/${source_module}/$target_dir); mv modules/$i modules/${source_module}/$target_dir;" | |
| cmd="$cmd sed -i \"s/\/modules\//\/_modules\//g\" modules/${source_module}/${target_dir}/*.tf;" | |
| done | |
| cmd="$cmd sed -i \"s/..\/..\/..\/modules/.\/_modules/g\" modules/${source_module}/*.tf;" | |
| cmd="$cmd true;" | |
| git filter-branch -f --prune-empty --tree-filter "$cmd" --tag-name-filter cat -- --all HEAD | |
| fi | |
| if [ -n "${public_submodule}" ]; then | |
| for m in ${public_submodule}; do | |
| git filter-branch -f --prune-empty --tree-filter 'mkdir -p modules/'${source_module}'/modules; mv modules/'${m}' modules/'${source_module}'/modules/; true;' --tag-name-filter cat -- --all HEAD | |
| done | |
| fi | |
| - name: Push to module repo | |
| env: | |
| github_token: ${{ secrets.PUSH_TO_OTHER_REPOS_TOKEN }} | |
| run: | | |
| find . | grep -v ".git/" | |
| echo "Running git config" | |
| git config --unset-all http.https://github.com/.extraheader # override github_action own authentication method | |
| echo "Running git remote set-url" | |
| git remote set-url origin https://${github_token}@github.com/imperva/${destination_repo}.git | |
| echo "Running git branch" | |
| git branch -m main | |
| echo "Running git ls-remote" | |
| refs=$(git ls-remote --tags 2>/dev/null | awk '{print $NF}') | |
| echo "Running if git push origin" | |
| if [ -n "$refs" ]; then | |
| echo "Running git push origin" | |
| git push origin --delete $(git ls-remote --tags 2>/dev/null | awk '{print $NF}') | |
| fi | |
| echo "Running git tag" | |
| latest_tag=$(git tag -l | sort -V | tail -n 1) | |
| # push all repo but latest tag | |
| echo "Running git tag -d" | |
| git tag -d ${latest_tag} | |
| echo "Running git push -f" | |
| git push -f origin HEAD:main --tags | |
| # push latest tag (to trigger terraform registery latest release discovery) | |
| echo "Running git tag latest" | |
| git tag ${latest_tag} | |
| echo "Running git push -f again" | |
| git push -f origin HEAD:main --tags |