Nightly S3 (branch: develop) #575

Workflow file for this run

.github/workflows/nightly.yml at b2545a2

	name: Nightly S3 Update
	run-name: "Nightly S3 (branch: ${{ github.ref_name }})"

	on:
	workflow_dispatch: {}
	schedule:
	# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule
	- cron: '0 1 * * *' # Every day at 1AM

	jobs:

	workflow-requirements:
	name: Check Workflow Requirements
	runs-on: ubuntu-latest
	outputs:
	requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
	steps:
	- name: Check For Admin Permission
	if: ${{ github.event_name != 'schedule' }}
	uses: actions-cool/check-user-permission@v2
	with:
	require: admin
	username: ${{ github.triggering_actor }}

	- name: Check Requirements
	id: check-requirements
	run: \|
	if [ "${{ vars.RUN_SCHEDULED_BUILDS }}" = "1" ]; then
	MSG="Running workflow because RUN_SCHEDULED_BUILDS=1"
	echo "${MSG}"
	echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
	echo "requirements-met=true" >> "${GITHUB_OUTPUT}"
	elif [ "${{ github.event.repository.fork }}" = "true" ]; then
	MSG="Not running workflow because ${{ github.repository }} is a fork"
	echo "${MSG}"
	echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
	echo "requirements-met=false" >> "${GITHUB_OUTPUT}"
	else
	MSG="Running workflow because ${{ github.repository }} is not a fork"
	echo "${MSG}"
	echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
	echo "requirements-met=true" >> "${GITHUB_OUTPUT}"
	fi

	update-s3-bucket:
	name: Update S3 Bucket
	if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
	runs-on:
	- self-hosted
	- linux
	- repo-release
	needs:
	- workflow-requirements
	environment: release

	steps:
	- uses: actions/checkout@v4

	- name: Get Salt Project GitHub Actions Bot Environment
	run: \|
	TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
	SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
	echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"

	- name: Setup GnuPG
	run: \|
	sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
	GNUPGHOME="$(mktemp -d -p /run/gpg)"
	echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
	cat <<EOF > "${GNUPGHOME}/gpg.conf"
	batch
	no-tty
	pinentry-mode loopback
	EOF

	- name: Get Secrets
	id: get-secrets
	env:
	SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
	run: \|
	SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
	echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
	aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
	--query SecretString --output text \| jq .default_key -r \| base64 -d \
	\| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
	\| gpg --import -
	sync
	aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
	--query SecretString --output text\| jq .default_passphrase -r \| base64 -d \
	\| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
	sync
	rm "$SECRETS_KEY_FILE"
	echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

	- name: Install Requirements
	run: \|
	python3 -m pip install -r requirements/release.txt

	- name: Upload Develop to S3
	run: \|
	tools release s3-publish --key-id 64CBBC8173D76B3F develop

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Nightly S3 (branch: develop) #575

Workflow file

Nightly S3 (branch: develop) #575

Jobs

Run details

Workflow file for this run