OpenTofu Private Registry Creation #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Issue Submission to Pull Request | |
on: | |
issues: | |
types: | |
[opened, edited] | |
jobs: | |
submit-provider: | |
if: contains(github.event.issue.labels.*.name, 'provider') && contains(github.event.issue.labels.*.name, 'submission') | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: './src/go.mod' | |
- name: Validate Provider and Create PR | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
NUMBER: ${{ github.event.issue.number }} | |
URL: ${{ github.event.issue.url }} | |
TITLE: ${{ github.event.issue.title }} | |
BODY: ${{ github.event.issue.body }} | |
working-directory: ./src | |
run: | | |
set +e | |
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)" | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "DCO must be signed to submit this repository" | |
exit 1 | |
fi | |
set -e | |
repository=$(echo "$BODY" | grep "### Provider Repository" -A2 | tail -n1 | sed -e 's/[\r\n]//g') | |
set +e | |
go run ./cmd/add-provider -repository="$repository" -output=./output.json | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.validation')" | |
exit 1 | |
fi | |
set -e | |
namespace=$(cat ./output.json | jq -r '.namespace') | |
name=$(cat ./output.json | jq -r '.name') | |
jsonfile=$(cat ./output.json | jq -r '.file') | |
# Create Branch | |
branch=provider-submission_${namespace}_${name} | |
set +e | |
git checkout -b $branch | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this provider '$branch'" | |
exit 1 | |
fi | |
set -e | |
# Add result | |
git add $jsonfile | |
# Commit and push result | |
git config --global user.email "no-reply@opentofu.org" | |
git config --global user.name "OpenTofu Automation" | |
git commit -s -m "Create provider $namespace/$name" | |
git push -u origin $branch | |
# Create pull request and update issue | |
pr=$(gh pr create --title "$TITLE" --body "Created $(echo $jsonfile | sed -e 's/../src/') for provider $namespace/$name. Closes #$NUMBER.") #--assignee opentofu/core-engineers) | |
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked." | |
gh issue lock $NUMBER -r resolved | |
submit-module: | |
if: contains(github.event.issue.labels.*.name, 'module') && contains(github.event.issue.labels.*.name, 'submission') | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: './src/go.mod' | |
- name: Validate Module and Create PR | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
NUMBER: ${{ github.event.issue.number }} | |
URL: ${{ github.event.issue.url }} | |
TITLE: ${{ github.event.issue.title }} | |
BODY: ${{ github.event.issue.body }} | |
working-directory: ./src | |
run: | | |
set +e | |
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)" | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "DCO must be signed to submit this repository" | |
exit 1 | |
fi | |
set -e | |
repository=$(echo "$BODY" | grep "### Module Repository" -A2 | tail -n1 | sed -e 's/[\r\n]//g') | |
set +e | |
go run ./cmd/add-module -repository="$repository" -output=./output.json | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.validation')" | |
exit 1 | |
fi | |
set -e | |
namespace=$(cat ./output.json | jq -r '.namespace') | |
name=$(cat ./output.json | jq -r '.name') | |
target=$(cat ./output.json | jq -r '.target') | |
jsonfile=$(cat ./output.json | jq -r '.file') | |
# Create Branch | |
branch=module-submission_${namespace}_${name}_${target} | |
set +e | |
git checkout -b $branch | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this module '$branch'" | |
exit 1 | |
fi | |
set -e | |
# Add result | |
git add $jsonfile | |
# Commit and push result | |
git config --global user.email "no-reply@opentofu.org" | |
git config --global user.name "OpenTofu Automation" | |
git commit -s -m "Create module $namespace/$name/$target" | |
git push -u origin $branch | |
# Create pull request and update issue | |
pr=$(gh pr create --title "$TITLE" --body "Created $(echo $jsonfile | sed -e 's/../src/') for module $namespace/$name/$target. Closes #$NUMBER.") #--assignee opentofu/core-engineers) | |
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked." | |
gh issue lock $NUMBER -r resolved | |
submit-provider-key: | |
if: contains(github.event.issue.labels.*.name, 'provider-key') && contains(github.event.issue.labels.*.name, 'submission') | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: './src/go.mod' | |
- name: Validate Provider and Create PR | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
GH_USER: ${{ github.event.issue.user.login }} | |
NUMBER: ${{ github.event.issue.number }} | |
URL: ${{ github.event.issue.url }} | |
TITLE: ${{ github.event.issue.title }} | |
BODY: ${{ github.event.issue.body }} | |
working-directory: ./src | |
run: | | |
set +e | |
echo "$BODY" | grep "\- \[[xX]\] I sign this project's \[DCO\](https://developercertificate.org/)" | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "DCO must be signed to submit this repository" | |
exit 1 | |
fi | |
set -e | |
namespace=$(echo "$BODY" | grep "### Provider Namespace" -A2 | tail -n1 | tr "[:upper:]" "[:lower:]" | sed -e 's/[\r\n]//g') | |
keydata=$(echo "$BODY" | grep -A 1000 "BEGIN PGP PUBLIC KEY BLOCK" | grep -B 1000 "END PGP PUBLIC KEY BLOCK") | |
echo "$keydata" > tmp.key | |
set +e | |
go run ./cmd/verify-gpg-key -org "$namespace" -username "$GH_USER" -key-file=tmp.key -output=./output.json | |
verification=$? | |
set -e | |
gh issue comment $NUMBER -b "$(cat ./output.json | jq -r '.')" | |
if [[ "$verification" != 0 ]]; then | |
exit 1 | |
fi | |
keyfile="../keys/${namespace:0:1}/$namespace/provider.asc" | |
if [ -d $(dirname $keyfile) ]; then | |
msg=Updated | |
git rm $(dirname $keyfile)/* | |
else | |
msg=Created | |
fi | |
mkdir -p $(dirname $keyfile) | |
mv tmp.key $keyfile | |
# Create Branch | |
branch=provider-key-submission_${namespace} | |
set +e | |
git checkout -b $branch | |
if [[ "$?" != 0 ]]; then | |
gh issue comment $NUMBER -b "Failed validation: A branch already exists for this provider '$branch'" | |
exit 1 | |
fi | |
set -e | |
# Add result | |
git add $keyfile | |
# Commit and push result | |
git config --global user.email "no-reply@opentofu.org" | |
git config --global user.name "OpenTofu Automation" | |
git commit -s -m "Create provider key $namespace/$name" | |
git push -u origin $branch | |
# Create pull request and update issue | |
pr=$(gh pr create --title "$TITLE" --body "$msg $(echo $keyfile | sed -e 's/.././') for provider $namespace. Closes #$NUMBER.") #--assignee opentofu/core-engineers) | |
gh issue comment $NUMBER -b "Your submission has been validated and has moved on to the pull request phase ($pr). This issue has been locked." | |
gh issue lock $NUMBER -r resolved |