spin
spin copied to clipboard
fermyon
WIP: feat(ci): create sdk and template tag in release action
I will check how to commit with GPG tomorrow.
ref: https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c
I will check how to commit with GPG tomorrow.
ref: https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c
Hi @vdice, I use another way to commit templates change and it can have gpg key of github-actions[bot] like the following.
Sorry, I found that I can't use FILE_TO_COMMIT: templates/*. It will create a new file *, so I add WIP to the title.
If we want to sign templates change commit with GPG key, I think the easiest way is to give gpg_private_key in secrets. Other ways like using gh api will need to create a tree first to commit multiple files.
https://github.com/crazy-max/ghaction-import-gpg https://dev.to/bro3886/create-a-folder-and-push-multiple-files-under-a-single-commit-through-github-api-23kc
@itowlson can you take a look at this PR when convenient? I'd like to double-check that we're automating the sdk and template tags correctly (see also https://github.com/fermyon/spin/pull/685#discussion_r943806935)
@FrankYang0529 Indeed, it does look cleaner to supply the gpg key rather than constructing the tree. Are you able to test the gpg key approach on your fork?
@vdice I add "Import GPG key" step and it works fine. The following pictures are results on my fork repo.
Could you help to setup GPG_PRIVATE_KEY and PASSPHRASE ? Also, I am unsure what is the email of @fermybot?
Ref: https://github.com/crazy-max/ghaction-import-gpg
The failed workflow checks will be fixed here https://github.com/fermyon/spin/pull/687#discussion_r949181230.
@FrankYang0529 Excellent! Yes, I'll help add the secrets once back next week. Perhaps by then we can get @itowlson's eyes on the SDK/template tagging bits to make sure all looks good. This automation is really helpful!
@FrankYang0529 Thanks so much for addressing all of the requested changes.
I've created a branch from this PR and am testing on my fork. However, on the create-go-sdk-tag step from the release workflow, I'm seeing the following:
To https://github.com/vdice/spin
! [remote rejected] sdk/go/v0.4.1 -> sdk/go/v0.4.1 (refusing to allow a GitHub App to create or update workflow `.github/workflows/release.yml` without `workflows` permission)
The permissions for the GitHub Action for my fork are already set to read and write:
Did you encounter the same behavior? Is a separate GITHUB_TOKEN with more advanced permissions necessary?
@vdice, I didn't change any setting about permission. Do you set any rule in Protected tags?
@FrankYang0529 Thanks for comparing settings -- ours are the same. My first attempt whereupon I hit the aforementioned error, I had created the tag on a branch other than main. This time, I merged the branch to main on my fork and then created the tag -- and it worked! https://github.com/vdice/spin/runs/8024077723?check_suite_focus=true