Skip to content

Fix permissions for github release #41

Fix permissions for github release

Fix permissions for github release #41

Workflow file for this run

name: Release drafter
# Push events to every tag not containing "/"
on:
push:
tags:
- "*"
# Temp addition to allow testing in PR for docker change
pull_request:
env:
java-version: '11'
gradle-version: '8.0.2'
permissions:
id-token: write
contents: read
issues: write
jobs:
draft-a-release:
name: Draft a release
if: github.repository == 'opensearch-project/opensearch-migrations'
runs-on: ubuntu-latest
outputs:
dockerhub-password: ${{ steps.retrieve-values.outputs.dockerhub-password }}
steps:
- uses: actions/setup-java@v4
with:
java-version: ${{ env.java-version }}
distribution: 'corretto'
- uses: gradle/actions/setup-gradle@v3
with:
gradle-version: ${{ env.gradle-version }}
- uses: actions/checkout@v4
- id: get_data
run: |
echo "approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '*\n ' | sed 's/@/,/g' | sed 's/,//1')" >> $GITHUB_OUTPUT
echo "version=1.0.11" >> $GITHUB_OUTPUT
# - uses: trstringer/manual-approval@v1
# with:
# secret: ${{ github.TOKEN }}
# approvers: ${{ steps.get_data.outputs.approvers }}
# minimum-approvals: 2
# issue-title: 'Release opensearch-migrations version ${{ steps.get_data.outputs.version }}'
# issue-body: "This release requires approval from at least two reviewers. Please approve or deny the release of opensearch-migrations **TAG**: ${{ github.ref_name }} **COMMIT**: ${{ github.sha }} **VERSION**: ${{ steps.get_data.outputs.version }}. The published TrafficCapture version will be 0.${{ steps.get_data.outputs.version }}."
# exclude-workflow-initiator-as-approver: true
# - name: Download Repo Tar
# # Preface Traffic Capture version with 0. to signal interface immaturity
# run: |
# wget https://github.com/opensearch-project/opensearch-migrations/archive/refs/tags/${{ steps.get_data.outputs.version }}.tar.gz -O artifacts.tar.gz
# ./gradlew publishMavenJavaPublicationToMavenRepository -Dbuild.snapshot=false -Dbuild.version=0.${{ steps.get_data.outputs.version }} && tar -C build -cvf traffic-capture-artifacts.tar.gz repository
# - name: Build Docker Images
# run: |
# ./deployment/cdk/opensearch-service-migration/buildDockerImages.sh
# - name: Tag Docker image
# run: |
# docker tag migrations/migration_console:latest opensearchstaging/opensearch-migrations-console:${{ steps.get_data.outputs.version }}
# docker tag migrations/traffic_replayer:latest opensearchstaging/opensearch-migrations-traffic-replayer:${{ steps.get_data.outputs.version }}
# docker tag migrations/capture_proxy:latest opensearchstaging/opensearch-migrations-traffic-capture-proxy:${{ steps.get_data.outputs.version }}
# docker tag migrations/reindex_from_snapshot:latest opensearchstaging/opensearch-migrations-reindex-from-snapshot:${{ steps.get_data.outputs.version }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@main
with:
role-to-assume: ${{ secrets.MIGRATIONS_DOCKER_ROLE }}
aws-region: us-east-1
- name: Retrieve Values
id: retrieve-values
run: |
DOCKERHUB_PASSWORD=`aws secretsmanager get-secret-value --secret-id jenkins-staging-dockerhub-credential --query SecretString --output text`
echo "::add-mask::$DOCKERHUB_PASSWORD"
echo "dockerhub-password=$DOCKERHUB_PASSWORD" >> $GITHUB_OUTPUT
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.MIGRATIONS_DOCKER_USERNAME }}
password: ${{ steps.retrieve-values.outputs.dockerhub-password }}
- name: Push Docker image to Docker Hub
run: |
docker push opensearchstaging/opensearch-migrations-console:${{ steps.get_data.outputs.version }}
docker push opensearchstaging/opensearch-migrations-console:latest
docker push opensearchstaging/opensearch-migrations-traffic-replayer:${{ steps.get_data.outputs.version }}
docker push opensearchstaging/opensearch-migrations-traffic-replayer:latest
docker push opensearchstaging/opensearch-migrations-traffic-capture-proxy:${{ steps.get_data.outputs.version }}
docker push opensearchstaging/opensearch-migrations-traffic-capture-proxy:latest
docker push opensearchstaging/opensearch-migrations-reindex-from-snapshot:${{ steps.get_data.outputs.version }}
docker push opensearchstaging/opensearch-migrations-reindex-from-snapshot:latest
- name: Logout to DockerHub
if: always()
run: docker logout
- name: Draft a release
uses: softprops/action-gh-release@v2
with:
draft: true
generate_release_notes: true
files: |
artifacts.tar.gz
traffic-capture-artifacts.tar.gz