Skip to content

OpenTofu Private Registry Creation #28

OpenTofu Private Registry Creation

OpenTofu Private Registry Creation #28

Workflow file for this run

name: Issue Submission to Pull Request
on:
issues:
types:
[opened, edited]
jobs:
submit-provider:
if: contains(github.event.issue.labels.*.name, 'provider') && contains(github.event.issue.labels.*.name, 'submission')
runs-on: ubuntu-latest
permissions:
issues: write
contents: write
pull-requests: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: './src/go.mod'
- name: Validate Provider and Create PR
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.issue.number }}
URL: ${{ github.event.issue.url }}
TITLE: ${{ github.event.issue.title }}
BODY: ${{ github.event.issue.body }}
working-directory: ./src
run: |
set +e
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)"
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "DCO must be signed to submit this repository"
exit 1
fi
set -e
repository=$(echo "$BODY" | grep "### Provider Repository" -A2 | tail -n1 | sed -e 's/[\r\n]//g')
set +e
go run ./cmd/add-provider -repository="$repository" -output=./output.json
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.validation')"
exit 1
fi
set -e
namespace=$(cat ./output.json | jq -r '.namespace')
name=$(cat ./output.json | jq -r '.name')
jsonfile=$(cat ./output.json | jq -r '.file')
# Create Branch
branch=provider-submission_${namespace}_${name}
set +e
git checkout -b $branch
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this provider '$branch'"
exit 1
fi
set -e
# Add result
git add $jsonfile
# Commit and push result
git config --global user.email "no-reply@opentofu.org"
git config --global user.name "OpenTofu Automation"
git commit -s -m "Create provider $namespace/$name"
git push -u origin $branch
# Create pull request and update issue
pr=$(gh pr create --title "$TITLE" --body "Created $(echo $jsonfile | sed -e 's/../src/') for provider $namespace/$name. Closes #$NUMBER.") #--assignee opentofu/core-engineers)
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked."
gh issue lock $NUMBER -r resolved
submit-module:
if: contains(github.event.issue.labels.*.name, 'module') && contains(github.event.issue.labels.*.name, 'submission')
runs-on: ubuntu-latest
permissions:
issues: write
contents: write
pull-requests: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: './src/go.mod'
- name: Validate Module and Create PR
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.issue.number }}
URL: ${{ github.event.issue.url }}
TITLE: ${{ github.event.issue.title }}
BODY: ${{ github.event.issue.body }}
working-directory: ./src
run: |
set +e
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)"
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "DCO must be signed to submit this repository"
exit 1
fi
set -e
repository=$(echo "$BODY" | grep "### Module Repository" -A2 | tail -n1 | sed -e 's/[\r\n]//g')
set +e
go run ./cmd/add-module -repository="$repository" -output=./output.json
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.validation')"
exit 1
fi
set -e
namespace=$(cat ./output.json | jq -r '.namespace')
name=$(cat ./output.json | jq -r '.name')
target=$(cat ./output.json | jq -r '.target')
jsonfile=$(cat ./output.json | jq -r '.file')
# Create Branch
branch=module-submission_${namespace}_${name}_${target}
set +e
git checkout -b $branch
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this module '$branch'"
exit 1
fi
set -e
# Add result
git add $jsonfile
# Commit and push result
git config --global user.email "no-reply@opentofu.org"
git config --global user.name "OpenTofu Automation"
git commit -s -m "Create module $namespace/$name/$target"
git push -u origin $branch
# Create pull request and update issue
pr=$(gh pr create --title "$TITLE" --body "Created $(echo $jsonfile | sed -e 's/../src/') for module $namespace/$name/$target. Closes #$NUMBER.") #--assignee opentofu/core-engineers)
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked."
gh issue lock $NUMBER -r resolved
submit-provider-key:
if: contains(github.event.issue.labels.*.name, 'provider-key') && contains(github.event.issue.labels.*.name, 'submission')
runs-on: ubuntu-latest
permissions:
issues: write
contents: write
pull-requests: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: './src/go.mod'
- name: Validate Provider and Create PR
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
GH_USER: ${{ github.event.issue.user.login }}
NUMBER: ${{ github.event.issue.number }}
URL: ${{ github.event.issue.url }}
TITLE: ${{ github.event.issue.title }}
BODY: ${{ github.event.issue.body }}
working-directory: ./src
run: |
set +e
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)"
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "DCO must be signed to submit this repository"
exit 1
fi
set -e
namespace=$(echo "$BODY" | grep "### Provider Namespace" -A2 | tail -n1 | tr "[:upper:]" "[:lower:]" | sed -e 's/[\r\n]//g')
keydata=$(echo "$BODY" | grep -A 1000 "BEGIN PGP PUBLIC KEY BLOCK" | grep -B 1000 "END PGP PUBLIC KEY BLOCK")
echo "$keydata" > tmp.key
set +e
go run ./cmd/verify-gpg-key -org "$namespace" -username "$GH_USER" -key-file=tmp.key -output=./output.json
verification=$?
set -e
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.')"
if [[ "$verification" != 0 ]]; then
exit 1
fi
keyfile="../keys/${namespace:0:1}/$namespace/provider.asc"
if [ -d $(dirname $keyfile) ]; then
msg=Updated
git rm $(dirname $keyfile)/*
else
msg=Created
fi
mkdir -p $(dirname $keyfile)
mv tmp.key $keyfile
# Create Branch
branch=provider-key-submission_${namespace}
set +e
git checkout -b $branch
if [[ "$?" != 0 ]]; then
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this provider '$branch'"
exit 1
fi
set -e
# Add result
git add $keyfile
# Commit and push result
git config --global user.email "no-reply@opentofu.org"
git config --global user.name "OpenTofu Automation"
git commit -s -m "Create provider key $namespace/$name"
git push -u origin $branch
# Create pull request and update issue
pr=$(gh pr create --title "$TITLE" --body "$msg $(echo $keyfile | sed -e 's/.././') for provider $namespace. Closes #$NUMBER.") #--assignee opentofu/core-engineers)
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked."
gh issue lock $NUMBER -r resolved