Extend permissions to make update-pr work #47
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CBMC viewer release | |
| # A new release is triggered by a new tag of the form viewer-VERSION | |
| on: | |
| push: | |
| tags: | |
| - viewer-* | |
| env: | |
| AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader | |
| AWS_REGION: us-west-2 | |
| jobs: | |
| Release: | |
| name: CBMC viewer release | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Get version | |
| run: | | |
| # The environment variable GITHUB_REF is refs/tags/viewer-* | |
| echo "SETUP_VERSION=$(python3 -c "import configparser; config = configparser.ConfigParser(); config.read('setup.cfg'); print(config['metadata']['version'])")" >> $GITHUB_ENV | |
| echo "SOURCE_VERSION=$(python3 -c "import src.cbmc_viewer.version; print(src.cbmc_viewer.version.NUMBER)")" >> $GITHUB_ENV | |
| echo "TAG_VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3 | cut -d "-" -f 2)" >> $GITHUB_ENV | |
| - name: Version Check | |
| run: | | |
| if [[ ${{ env.SETUP_VERSION }} != ${{ env.TAG_VERSION }} ]] || [[ ${{ env.SOURCE_VERSION }} != ${{ env.TAG_VERSION }} ]]; then | |
| echo "Setup and source versions ${{env.SETUP_VERSION}} and ${{env.SOURCE_VERSION}} did not match tag version ${{env.TAG_VERSION}}" | |
| exit 1 | |
| fi | |
| - name: Authenticate GitHub workflow to AWS | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.AWS_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Fetch secrets | |
| run: | | |
| echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV | |
| - name: Create release | |
| uses: actions/create-release@v1 | |
| with: | |
| tag_name: viewer-${{ env.TAG_VERSION }} | |
| release_name: viewer-${{ env.TAG_VERSION }} | |
| body: | | |
| This is CBMC Viewer version ${{ env.TAG_VERSION }}. | |
| On MacOS, you can install with brew: | |
| ``` | |
| brew install aws/tap/cbmc-viewer | |
| ``` | |
| The prefix `aws/tap` refers to the AWS repository with the brew package. | |
| On all machines, you can install with pip: | |
| ``` | |
| python3 -m pip install cbmc-viewer | |
| ``` | |
| For best results, install [universal ctags](https://github.com/universal-ctags/ctags) or [exuberant ctags](https://github.com/universal-ctags/ctags) with | |
| * MacOS: `brew install universal-ctags` or `brew install ctags` | |
| * Ubuntu: `sudo apt install universal-ctags` or `sudo apt install ctags` | |
| * Windows: Follow the installation instructions in the [universal-ctags](https://github.com/universal-ctags/ctags) or [exuberant ctags](http://ctags.sourceforge.net/) repository. | |
| The installation of ctags is optional, but without ctags, `cbmc-viewer` will fail to link some symbols appearing in error traces to their definitions in the source code. The ctags tool has a long history. The original ctags was replaced by exhuberant ctags which was replaced by universal ctags. They all claim to be backwards compatible. We recommend universal ctags. | |
| draft: false | |
| prerelease: false |