-
Notifications
You must be signed in to change notification settings - Fork 9
113 lines (97 loc) · 4.07 KB
/
deploy_module.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: 'Deploy Module'
on:
workflow_call:
secrets:
PUSH_TO_OTHER_REPOS_TOKEN_ADMIN:
required: true
workflow_dispatch:
# release:? [published]
# push:
# branches:
# - '*'
permissions:
contents: read
jobs:
copy_module_to_new_repo:
name: 'Export module'
runs-on: ubuntu-latest
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
include:
- source_module: "aws/sonar-upgrader"
destination_repo: "terraform-aws-dsf-sonar-upgrader"
begin_tag: "1.5.4"
env:
source_module: ${{ matrix.source_module }}
destination_repo: ${{ matrix.destination_repo }}
hidden_submodules: ${{ matrix.hidden_submodules }}
public_submodule: ${{ matrix.public_submodule }}
outputs:
module_github_repo: ${{ format('https://github.com/imperva/{0}', matrix.destination_repo) }}
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: '0'
ref: 'deploy-upgrade-module'
- name: Filter branch
run: |
set -x
set -e
git branch
if [ -n "${hidden_submodules}" ]; then
cmd=""
for i in ${hidden_submodules}; do
target_dir=_modules/$i
cmd="$cmd mkdir -p $(dirname modules/${source_module}/$target_dir); mv modules/$i modules/${source_module}/$target_dir;"
cmd="$cmd sed -i \"s/\/modules\//\/_modules\//g\" modules/${source_module}/${target_dir}/*.tf;"
done
cmd="$cmd sed -i \"s/..\/..\/..\/modules/.\/_modules/g\" modules/${source_module}/*.tf;"
cmd="$cmd true;"
git filter-branch -f --prune-empty --tree-filter "$cmd" --tag-name-filter cat -- --all HEAD
fi
if [ -n "${public_submodule}" ]; then
for m in ${public_submodule}; do
git filter-branch -f --prune-empty --tree-filter 'mkdir -p modules/'${source_module}'/modules; mv modules/'${m}' modules/'${source_module}'/modules/; true;' --tag-name-filter cat -- --all HEAD
done
fi
all_tags=$(git tag)
filtered_tags=()
# Loop through each tag and filter if greater than or equal to begin_tag
for tag in $all_tags; do
if [[ "$tag" == "$begin_tag" || "$tag" > "$begin_tag" ]]; then
filtered_tags+=("$tag")
fi
done
for tag in $filtered_tags; do
git filter-branch -f --prune-empty --tree-filter 'mv LICENSE.md modules/'${source_module}'/ 2>/dev/null || true' --tag-name-filter "if [ \$GIT_TAG = $tag ]; then echo \$GIT_TAG; fi" -- --all HEAD
git filter-branch -f --prune-empty --subdirectory-filter modules/${source_module}/ --tag-name-filter "if [ \$GIT_TAG = $tag ]; then echo \$GIT_TAG; fi" -- --all HEAD
done
- name: Push to module repo
env:
github_token: ${{ secrets.PUSH_TO_OTHER_REPOS_TOKEN_ADMIN }}
run: |
set -x
git branch
pwd
find . | grep -v ".git/"
git config --unset-all http.https://github.com/.extraheader # override github_action own authentication method
git remote set-url origin https://${github_token}@github.com/imperva/${destination_repo}.git
git branch -m main
refs=$(git ls-remote --tags 2>/dev/null | awk '{print $NF}')
if [ -n "$refs" ]; then
git push origin --delete $(git ls-remote --tags 2>/dev/null | awk '{print $NF}')
fi
latest_tag=$(git tag -l | sort -V | tail -n 1)
# push all repo but latest tag
git tag -d ${latest_tag}
git push -f origin HEAD:main --tags
# push latest tag (to trigger terraform registery latest release discovery)
git tag ${latest_tag}
git push -f origin HEAD:main --tags