rancher
/
terraform-provider-file
mirror of https://github.com/rancher/terraform-provider-file.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: only pull credentials after the release (#68) 

* fix: only pull credentials after the release
* fix: correct secret path, titles, and assignees
---------

Signed-off-by: matttrach <matt.trachier@suse.com>
This commit is contained in:
Matt Trachier 2025-08-25 17:42:03 -05:00 committed by GitHub
parent c4c615ade0
commit 7afdc3da82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 52 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/terraform-maintainers vendored Normal file
View File

@ -0,0 +1,3 @@
matttrach
jiaqiluo
HarrisonWAffel

28
.github/workflows/backport.yml vendored
View File

@ -18,16 +18,38 @@ jobs:
const parentIssueNumber = parentIssue.number;
const repo = context.repo.repo;
const owner = context.repo.owner;
const parentIssueBody = parentIssue.body;
const fs = require('fs'); // Import the Node.js file system module
const fileContent = fs.readFileSync('.github/terraform-maintainers', 'utf8');
const assignees = fileContent.split('\n').map(u => u.trim()).filter(Boolean);
if (assignees.length === 0) {
console.log('No assignees found in the team file.');
return;
}
if (!parentIssueBody) {
core.setFailed('Issue body is empty.');
return;
}
const regex = /https:\/\/github\.com\/[^/]+\/[^/]+\/pull\/(\d+)/;
const match = parentIssueBody.match(regex);
if (!match) {
core.setFailed('Could not find a PR link in the issue body.');
return;
}
const prNumber = match[1];
console.log(`Found PR Number: ${prNumber}`);
// Note: can't get terraform-maintainers team, the default token can't access org level objects
// Create the sub-issue
const newIssue = await github.rest.issues.create({
owner: owner,
repo: repo,
title: "Backport #" + parentIssueNumber + " to release/v0",
body: "Backport #" + parentIssueNumber + " to release/v0",
title: `Backport #${prNumber} to release/v0`,
body: `Backport #${prNumber} to release/v0 for #${parentIssueNumber}`,
labels: ['release/v0'],
assignees: ['matttrach']
assignees: assignees
});
const subIssueId = newIssue.data.id;

18
.github/workflows/main-issue.yml vendored
View File

@ -24,6 +24,14 @@ jobs:
const versionLabel = releaseLabel.name.replace('release/', 'version/');
newLabels.push(versionLabel);
}
const fs = require('fs'); // Import the Node.js file system module
const fileContent = fs.readFileSync('.github/terraform-maintainers', 'utf8');
const assignees = fileContent.split('\n').map(u => u.trim()).filter(Boolean);
if (assignees.length === 0) {
console.log('No assignees found in the team file.');
return;
}
// Note: can't get terraform-maintainers team, the default token can't access org level objects
// Create the main issue
// https://docs.github.com/en/rest/issues/issues?apiVersion=2022-11-28#create-an-issue
@ -37,10 +45,10 @@ jobs:
"Please add comments for user issues which this issue addresses. \n\n" +
"Description copied from PR: \n" + pr.body,
labels: newLabels,
assignees: ['matttrach']
assignees: assignees
});
if (releaseLabel) {
// if version label detected, then add appropriate sub-issues
// if release label detected, then add appropriate sub-issues
const parentIssue = newIssue.data;
const parentIssueTitle = parentIssue.title;
const parentIssueNumber = parentIssue.number;
@ -49,10 +57,10 @@ jobs:
const newSubIssue = await github.rest.issues.create({
owner: owner,
repo: repo,
title: "Backport #" + parentIssueNumber + " to release/v0",
body: "Backport #" + parentIssueNumber + " to release/v0",
title: `Backport #${pr.number} to release/v0`,
body: `Backport #${pr.number} to release/v0 for #${parentIssueNumber}`,
labels: ['release/v0'],
assignees: ['matttrach']
assignees: assignees
});
const subIssueId = newSubIssue.data.id;
// Attach the sub-issue to the parent using API request

13
.github/workflows/release.yml vendored
View File

@ -90,9 +90,9 @@ jobs:
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
- name: import_gpg_key
if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success')
env:
@ -134,12 +134,13 @@ jobs:
go-version-file: 'go.mod'
cache: true
- name: retrieve GPG Credentials
if: steps.release-please.outputs.version
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/rancher/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
- name: import_gpg_key
if: steps.release-please.outputs.version
env:

1
aspell_custom.txt
View File

@ -15,3 +15,4 @@ pr
assignees
backport
url
gpg

6
flake.lock
View File

@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1755577059,
"narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=",
"lastModified": 1756035328,
"narHash": "sha256-vC7SslUBCtdT3T37ZH3PLIWYmTkSeppL5BJJByUjYCM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "97eb7ee0da337d385ab015a23e15022c865be75c",
"rev": "6b0b1559e918d4f7d1df398ee1d33aeac586d4d6",
"type": "github"
},
"original": {