Show how to run the release in GitHub workflow
Enter the new world of GitHub actions [1]/GitLab pipelines [2]. This simplifies our end of the infrastructure considerably: * No need any more to set up webhooks, all the relevant configuration is right in the workflow file. * Does not need any infrastructure on our side any more, and thus works for third-party projects. They just need to set up their own secrets. * GitHub automatically provides a temporary `GITHUB_TOKEN` with sufficient write access to the project to publish a release, so we don't need to carry around that secret. Thus if your project only releases to GitHub, there is zero secrets management. Also adjust cockpituous-release a bit (update Fedora version, fix project name copy-pasta), point to the action workflow and necessary secrets. Closes #380
This commit is contained in:
Martin Pitt
Martin Pitt
parent
499eca014b
commit
2a51e057d7
3 changed files with 53 additions and 12 deletions
35
.github/workflows/release.yml.disabled
vendored
Normal file
35
.github/workflows/release.yml.disabled
vendored
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
name: release
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
# this is a glob, not a regexp
|
||||
- '[0-9]*'
|
||||
jobs:
|
||||
cockpituous:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: docker.io/cockpit/release
|
||||
steps:
|
||||
- name: Set up configuration and secrets
|
||||
run: |
|
||||
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
|
||||
export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
|
||||
|
||||
# secrets come from https://github.com/organizations/ORGNAME/settings/secrets or https://github.com/OWNER/REPO/settings/secrets
|
||||
# see https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
|
||||
echo '${{ secrets.SSH_KNOWN_HOSTS }}' > ~/.ssh/known_hosts
|
||||
echo '${{ secrets.FEDPKG_SSH_PUBLIC }}' > ~/.ssh/id_rsa.pub
|
||||
echo '${{ secrets.FEDPKG_SSH_PRIVATE }}' > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
# FIXME: Set your Fedora user account name here
|
||||
echo 'yourfedorauser' > ~/.config/bodhi-user
|
||||
echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token
|
||||
echo '${{ secrets.COPR_TOKEN }}' > ~/.config/copr
|
||||
echo '${{ secrets.FEDORA_PASSWORD }}' > ~/.fedora-password
|
||||
|
||||
- name: Run cockpituous
|
||||
run: |
|
||||
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
|
||||
export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
|
||||
cd /build
|
||||
release-runner -r https://github.com/$GITHUB_REPOSITORY -t $(basename $GITHUB_REF) ./cockpituous-release
|
||||
Loading…
Add table
Add a link
Reference in a new issue