-
Notifications
You must be signed in to change notification settings - Fork 9
97 lines (83 loc) · 3.27 KB
/
deploy_module.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: 'Deploy Module'
on:
workflow_call:
secrets:
PUSH_TO_OTHER_REPOS_TOKEN_linda:
required: true
workflow_dispatch:
# release:? [published]
# push:
# branches:
# - '*'
permissions:
contents: read
jobs:
copy_module_to_new_repo:
name: 'Export module'
runs-on: ubuntu-latest
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
include:
- source_module: "aws/sonar-upgrader"
destination_repo: "terraform-aws-dsf-sonar-upgrader"
env:
source_module: ${{ matrix.source_module }}
destination_repo: ${{ matrix.destination_repo }}
hidden_submodules: ${{ matrix.hidden_submodules }}
public_submodule: ${{ matrix.public_submodule }}
outputs:
module_github_repo: ${{ format('https://github.com/imperva/{0}', matrix.destination_repo) }}
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: '0'
ref: 'deploy-upgrade-module'
- name: Filter branch
run: |
set -x
git branch
if [ -n "${hidden_submodules}" ]; then
cmd=""
for i in ${hidden_submodules}; do
target_dir=_modules/$i
cmd="$cmd mkdir -p $(dirname modules/${source_module}/$target_dir); mv modules/$i modules/${source_module}/$target_dir;"
cmd="$cmd sed -i \"s/\/modules\//\/_modules\//g\" modules/${source_module}/${target_dir}/*.tf;"
done
cmd="$cmd sed -i \"s/..\/..\/..\/modules/.\/_modules/g\" modules/${source_module}/*.tf;"
cmd="$cmd true;"
git filter-branch -f --prune-empty --tree-filter "$cmd" --tag-name-filter cat -- --all HEAD
fi
if [ -n "${public_submodule}" ]; then
for m in ${public_submodule}; do
git filter-branch -f --prune-empty --tree-filter 'mkdir -p modules/'${source_module}'/modules; mv modules/'${m}' modules/'${source_module}'/modules/; true;' --tag-name-filter cat -- --all HEAD
done
fi
- name: Push to module repo
env:
github_token: ${{ secrets.PUSH_TO_OTHER_REPOS_TOKEN_linda }}
run: |
set -x
git branch
pwd
find . | grep -v ".git/"
git config --unset-all http.https://github.com/.extraheader # override github_action own authentication method
git remote set-url origin https://${github_token}@github.com/imperva/${destination_repo}.git
git branch -m main
refs=$(git ls-remote --tags 2>/dev/null | awk '{print $NF}')
if [ -n "$refs" ]; then
git push origin --delete $(git ls-remote --tags 2>/dev/null | awk '{print $NF}')
fi
latest_tag=$(git tag -l | sort -V | tail -n 1)
# push all repo but latest tag
git tag -d ${latest_tag}
git push -f origin HEAD:main --tags
# push latest tag (to trigger terraform registery latest release discovery)
git tag ${latest_tag}
git push -f origin HEAD:main --tags