Skip to content

Commit c49930a

Browse files
sanbottosanbotto
authored
Merge pull request #21 from project-aethermesh/fix/use-the-right-token-for-wf
fix: Use the right token for the workflow
2 parents 29aab3d + 1ace2b6 commit c49930a

2 files changed

Lines changed: 90 additions & 26 deletions

File tree

.github/workflows/build-and-push-images.yaml

Lines changed: 60 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -75,11 +75,11 @@ jobs:
7575
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
7676
run: |
7777
if [ ! -f "VERSION" ]; then
78-
echo "VERSION file not found in repository root"
78+
echo "VERSION file not found in repository root"
7979
echo "Please create a VERSION file with a semantic version (e.g., v1.0.0)"
8080
exit 1
8181
fi
82-
echo "VERSION file exists"
82+
echo "VERSION file exists"
8383
8484
- name: Check VERSION file updated and greater
8585
id: check_version_file_updated_and_greater
@@ -91,7 +91,7 @@ jobs:
9191
9292
# Check if versions are the same
9393
if [ "$PR_VERSION" == "$MAIN_VERSION" ]; then
94-
echo "VERSION file has not been updated"
94+
echo "VERSION file has not been updated"
9595
echo "Current VERSION: $PR_VERSION"
9696
echo "Main branch VERSION: $MAIN_VERSION"
9797
echo "Please update the VERSION file with a new semantic version"
@@ -101,7 +101,7 @@ jobs:
101101
echo "PR_VERSION=$PR_VERSION" >> "$GITHUB_OUTPUT"
102102
echo "MAIN_VERSION=$MAIN_VERSION" >> "$GITHUB_OUTPUT"
103103
else
104-
echo "VERSION file is new (not present in main branch)"
104+
echo "VERSION file is new (not present in main branch)"
105105
fi
106106
107107
- name: Compare PR and main VERSION using shared action
@@ -120,20 +120,20 @@ jobs:
120120
RESULT="${{ steps.compare_pr_main_version.outputs.result }}"
121121
122122
if [ "$RESULT" = "eq" ]; then
123-
echo "VERSION is the same as main branch (after removing metadata)"
123+
echo "VERSION is the same as main branch (after removing metadata)"
124124
echo "PR VERSION: $PR_VERSION"
125125
echo "Main branch VERSION: $MAIN_VERSION"
126126
echo "Please update the VERSION file with a greater semantic version"
127127
exit 1
128128
elif [ "$RESULT" = "lt" ]; then
129-
echo "VERSION is less than main branch version"
129+
echo "VERSION is less than main branch version"
130130
echo "PR VERSION: $PR_VERSION"
131131
echo "Main branch VERSION: $MAIN_VERSION"
132132
echo "Please update the VERSION file with a greater semantic version"
133133
exit 1
134134
fi
135135
136-
echo "VERSION file has been updated and is greater"
136+
echo "VERSION file has been updated and is greater"
137137
echo "Main branch: $MAIN_VERSION"
138138
echo "PR branch: $PR_VERSION"
139139
@@ -144,7 +144,7 @@ jobs:
144144
145145
# Check that version starts with 'v'
146146
if [[ ! "$VERSION" == v* ]]; then
147-
echo "Version must start with 'v' prefix"
147+
echo "Version must start with 'v' prefix"
148148
echo "Current version: $VERSION"
149149
echo "Expected format: v1.0.0 (semantic versioning with 'v' prefix)"
150150
exit 1
@@ -155,17 +155,17 @@ jobs:
155155
156156
# Validate semantic versioning format (major.minor.patch)
157157
if [[ ! $VERSION_CLEAN =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
158-
echo "Invalid version format: $VERSION"
158+
echo "Invalid version format: $VERSION"
159159
echo "Expected format: v1.0.0 (semantic versioning with 'v' prefix)"
160160
exit 1
161161
fi
162162
163-
echo "Valid version: $VERSION"
163+
echo "Valid version: $VERSION"
164164
165165
- name: Skip check for non-PR events
166166
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
167167
run: |
168-
echo "⏭️ Skipping VERSION check (not a PR or PR is from a fork)"
168+
echo "Skipping VERSION check (not a PR or PR is from a fork)"
169169
170170
parse_tags:
171171
name: Parse tags
@@ -174,26 +174,43 @@ jobs:
174174
tags: ${{ steps.parse_tags.outputs.tags }}
175175
has_custom_tags: ${{ steps.parse_tags.outputs.has_custom_tags }}
176176
steps:
177+
- name: Debug - Show received tags
178+
run: |
179+
echo "Event name: ${{ github.event_name }}"
180+
echo "Received tag input: '${{ github.event.inputs.tag }}'"
181+
if [ -n "${{ github.event.inputs.tag }}" ]; then
182+
echo "Tags breakdown:"
183+
TAGS="${{ github.event.inputs.tag }}"
184+
IFS=',' read -ra TAG_ARRAY <<< "$TAGS"
185+
for tag in "${TAG_ARRAY[@]}"; do
186+
echo " - $tag"
187+
done
188+
fi
189+
177190
- name: Parse tags
178191
id: parse_tags
179192
shell: bash
180193
run: |
181194
if [ "${{ github.event_name }}" == "workflow_dispatch" ] && [ -n "${{ github.event.inputs.tag }}" ]; then
195+
echo "Parsing tags from input: '${{ github.event.inputs.tag }}'"
182196
# Parse comma-separated tags and output as multiline string for docker/metadata-action
183197
IFS=',' read -ra TAGS <<< "${{ github.event.inputs.tag }}"
184198
TAGS_OUTPUT=""
185199
for tag in "${TAGS[@]}"; do
186200
tag=$(echo "$tag" | xargs) # trim whitespace
187201
if [ -n "$tag" ]; then
188202
TAGS_OUTPUT="${TAGS_OUTPUT}type=raw,value=${tag}"$'\n'
203+
echo "Added tag: ${tag}"
189204
fi
190205
done
191206
echo "tags<<EOF" >> $GITHUB_OUTPUT
192207
echo "$TAGS_OUTPUT" >> $GITHUB_OUTPUT
193208
echo "EOF" >> $GITHUB_OUTPUT
194209
echo "has_custom_tags=true" >> $GITHUB_OUTPUT
210+
echo "Parsed tags successfully"
195211
else
196212
echo "has_custom_tags=false" >> $GITHUB_OUTPUT
213+
echo "No custom tags provided (event: ${{ github.event_name }}, has tag input: $([ -n '${{ github.event.inputs.tag }}' ] && echo 'yes' || echo 'no'))"
197214
fi
198215
199216
health-checker:
@@ -226,13 +243,23 @@ jobs:
226243
username: ${{ github.repository_owner }}
227244
password: ${{ secrets.AETHERLAY_GITHUB_TOKEN }}
228245

246+
- name: Debug - Show tags for health-checker
247+
run: |
248+
echo "Tags from parse_tags job:"
249+
echo "${{ needs.parse_tags.outputs.tags }}"
250+
echo ""
251+
echo "Has custom tags: ${{ needs.parse_tags.outputs.has_custom_tags }}"
252+
echo "Event name: ${{ github.event_name }}"
253+
echo "Ref name: ${{ github.ref_name }}"
254+
echo "Default branch: ${{ github.event.repository.default_branch }}"
255+
229256
- name: Docker meta for health-checker
230257
id: meta_hc
231258
uses: docker/metadata-action@v5
232259
with:
233260
images: ghcr.io/project-aethermesh/aetherlay/aetherlay-hc
234261
tags: |
235-
type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' }}
262+
type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' && needs.parse_tags.outputs.has_custom_tags != 'true' }}
236263
type=sha,format=short,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' }}
237264
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
238265
${{ needs.parse_tags.outputs.tags }}
@@ -241,6 +268,11 @@ jobs:
241268
org.opencontainers.image.vendor=Project Aethermesh
242269
org.opencontainers.image.licenses=AGPL-3.0
243270
271+
- name: Debug - Show final tags for health-checker
272+
run: |
273+
echo "Final tags that will be applied:"
274+
echo "${{ steps.meta_hc.outputs.tags }}"
275+
244276
- name: Build and push health-checker image
245277
id: container_image_hc
246278
uses: docker/build-push-action@v6
@@ -281,13 +313,23 @@ jobs:
281313
username: ${{ github.repository_owner }}
282314
password: ${{ secrets.AETHERLAY_GITHUB_TOKEN }}
283315

316+
- name: Debug - Show tags for load-balancer
317+
run: |
318+
echo "Tags from parse_tags job:"
319+
echo "${{ needs.parse_tags.outputs.tags }}"
320+
echo ""
321+
echo "Has custom tags: ${{ needs.parse_tags.outputs.has_custom_tags }}"
322+
echo "Event name: ${{ github.event_name }}"
323+
echo "Ref name: ${{ github.ref_name }}"
324+
echo "Default branch: ${{ github.event.repository.default_branch }}"
325+
284326
- name: Docker meta for load-balancer
285327
id: meta_lb
286328
uses: docker/metadata-action@v5
287329
with:
288330
images: ghcr.io/project-aethermesh/aetherlay/aetherlay-lb
289331
tags: |
290-
type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' }}
332+
type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' && needs.parse_tags.outputs.has_custom_tags != 'true' }}
291333
type=sha,format=short,enable=${{ github.ref_name == github.event.repository.default_branch && github.event_name != 'pull_request' }}
292334
type=raw,value=pr-${{ github.event.pull_request.number }},enable=${{ github.event_name == 'pull_request' }}
293335
${{ needs.parse_tags.outputs.tags }}
@@ -296,6 +338,11 @@ jobs:
296338
org.opencontainers.image.vendor=Project Aethermesh
297339
org.opencontainers.image.licenses=AGPL-3.0
298340
341+
- name: Debug - Show final tags for load-balancer
342+
run: |
343+
echo "Final tags that will be applied:"
344+
echo "${{ steps.meta_lb.outputs.tags }}"
345+
299346
- name: Build and push load-balancer image
300347
id: container_image_lb
301348
uses: docker/build-push-action@v6

.github/workflows/create-release.yaml

Lines changed: 30 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,10 @@ jobs:
2828
id: check_version_file
2929
run: |
3030
if [ ! -f "VERSION" ]; then
31-
echo "VERSION file not found in repository root"
31+
echo "VERSION file not found in repository root"
3232
exit 1
3333
fi
34-
echo "VERSION file exists"
34+
echo "VERSION file exists"
3535
3636
- name: Read and validate VERSION
3737
id: read_version
@@ -40,7 +40,7 @@ jobs:
4040
VERSION=$(cat VERSION | xargs)
4141
# Check that version starts with 'v'
4242
if [[ ! "$VERSION" == v* ]]; then
43-
echo "Version must start with 'v' prefix"
43+
echo "Version must start with 'v' prefix"
4444
echo "Current version: $VERSION"
4545
echo "Expected format: v1.0.0 (semantic versioning with 'v' prefix)"
4646
exit 1
@@ -51,7 +51,7 @@ jobs:
5151
5252
# Validate semantic versioning format (major.minor.patch)
5353
if [[ ! "$VERSION_CLEAN" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
54-
echo "Invalid version format: $VERSION"
54+
echo "Invalid version format: $VERSION"
5555
echo "Expected format: v1.0.0 (semantic versioning with 'v' prefix)"
5656
exit 1
5757
fi
@@ -60,7 +60,7 @@ jobs:
6060
LATEST_TAG=$(git tag -l 'v*' --sort=-version:refname | head -n 1 || echo "")
6161
echo "latest_tag=$LATEST_TAG" >> "$GITHUB_OUTPUT"
6262
echo "version=$VERSION" >> $GITHUB_OUTPUT
63-
echo "Valid version: $VERSION"
63+
echo "Valid version: $VERSION"
6464
6565
- name: Compare VERSION with latest release using shared action
6666
id: compare_with_latest
@@ -79,27 +79,27 @@ jobs:
7979
RESULT="${{ steps.compare_with_latest.outputs.result }}"
8080
8181
if [ "$RESULT" = "eq" ]; then
82-
echo "VERSION is the same as latest release"
82+
echo "VERSION is the same as latest release"
8383
echo "Current VERSION: $VERSION"
8484
echo "Latest release: $LATEST_TAG"
8585
echo "Please update the VERSION file with a greater semantic version"
8686
exit 1
8787
elif [ "$RESULT" = "lt" ]; then
88-
echo "VERSION is less than latest release"
88+
echo "VERSION is less than latest release"
8989
echo "Current VERSION: $VERSION"
9090
echo "Latest release: $LATEST_TAG"
9191
echo "Please update the VERSION file with a greater semantic version"
9292
exit 1
9393
fi
9494
95-
echo "VERSION is greater than latest release"
95+
echo "VERSION is greater than latest release"
9696
echo "Latest release: $LATEST_TAG"
9797
echo "New version: $VERSION"
9898
9999
- name: Note when no previous releases exist
100100
if: steps.read_version.outputs.latest_tag == ''
101101
run: |
102-
echo "No previous releases found, this will be the first release"
102+
echo "No previous releases found, this will be the first release"
103103
104104
- name: Generate tags
105105
id: generate_tags
@@ -142,23 +142,27 @@ jobs:
142142
name: Create GitHub Release
143143
runs-on: ubuntu-latest
144144
needs: validate_version
145+
permissions:
146+
contents: write
145147
steps:
146148
- name: Checkout code
147149
uses: actions/checkout@v6
148150
with:
149151
fetch-depth: 0
152+
token: ${{ secrets.AETHERLAY_GITHUB_TOKEN }}
153+
persist-credentials: true
150154

151155
- name: Create Git Tag
152156
run: |
153157
git config user.name "github-actions[bot]"
154158
git config user.email "github-actions[bot]@users.noreply.github.com"
155159
VERSION="${{ needs.validate_version.outputs.version }}"
156160
if git rev-parse "$VERSION" >/dev/null 2>&1; then
157-
echo "Tag $VERSION already exists"
161+
echo "Tag $VERSION already exists"
158162
exit 1
159163
fi
160164
git tag -a "$VERSION" -m "Release $VERSION"
161-
git push origin "$VERSION" || { echo "Failed to push tag"; exit 1; }
165+
git push origin "$VERSION" || { echo "Failed to push tag"; exit 1; }
162166
163167
- name: Create GitHub Release
164168
uses: softprops/action-gh-release@v2
@@ -170,13 +174,26 @@ jobs:
170174
draft: false
171175
prerelease: ${{ needs.validate_version.outputs.is_prerelease == 'true' }}
172176
env:
173-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
177+
GITHUB_TOKEN: ${{ secrets.AETHERLAY_GITHUB_TOKEN }}
178+
179+
- name: Debug - Output tags for build workflow
180+
run: |
181+
echo "Tags to be passed to build workflow:"
182+
echo "${{ needs.validate_version.outputs.tags }}"
183+
echo ""
184+
echo "Tags breakdown:"
185+
TAGS="${{ needs.validate_version.outputs.tags }}"
186+
IFS=',' read -ra TAG_ARRAY <<< "$TAGS"
187+
for tag in "${TAG_ARRAY[@]}"; do
188+
echo " - $tag"
189+
done
174190
175191
- name: Trigger build workflow
176192
uses: actions/github-script@v8
177193
with:
178194
script: |
179195
const tags = '${{ needs.validate_version.outputs.tags }}';
196+
console.log(`Triggering build workflow with tags: ${tags}`);
180197
await github.rest.actions.createWorkflowDispatch({
181198
owner: context.repo.owner,
182199
repo: context.repo.repo,
@@ -186,4 +203,4 @@ jobs:
186203
tag: tags
187204
}
188205
});
189-
console.log(`Triggered build workflow with tags: ${tags}`);
206+
console.log(`Build workflow triggered successfully with tags: ${tags}`);

0 commit comments

Comments
 (0)