Skip to content

Changed to use GITHUB_TOKEN instead of PAT #3

Changed to use GITHUB_TOKEN instead of PAT

Changed to use GITHUB_TOKEN instead of PAT #3

Workflow file for this run

# Example modified from https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
name: Create and publish a Docker image
# Configures this workflow to run every time a change is pushed to selected tags and branches
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- v**
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# This job is configured to run on the latest available version of Ubuntu.
jobs:
build-and-push-image:
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
contents: read
packages: write
attestations: write
id-token: write
outputs:
commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }}
sha256: ${{ steps.calculate_checksum.outputs.sha256 }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build connector definition
run: |
set -e pipefail
export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]')
make build
working-directory: ./connector-definition
- name: Build connector definition
run: |
set -e pipefail
export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]')
make build
working-directory: ./connector-definition
- uses: actions/upload-artifact@v4
with:
name: connector-definition.tgz
path: ./connector-definition/dist/connector-definition.tgz
compression-level: 0 # Already compressed
- name: Calculate SHA256 checksum
id: calculate_checksum
run: |
SHA256=$(sha256sum ./connector-definition/dist/connector-definition.tgz | awk '{ print $1 }')
echo "sha256=$SHA256" >> $GITHUB_OUTPUT
- name: Get commit hash
id: get_commit_hash
run: |
COMMIT_HASH=$(git rev-parse HEAD)
echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT
release-connector:
name: Release connector
runs-on: ubuntu-latest
needs: build-and-push-image
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: connector-definition.tgz
path: ./connector-definition/dist
- name: Get version from tag
id: get-version
run: |
echo "tagged_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
shell: bash
- uses: mindsers/changelog-reader-action@v2
id: changelog-reader
with:
version: ${{ steps.get-version.outputs.tagged_version }}
path: ./CHANGELOG.md
- uses: softprops/action-gh-release@v1
with:
draft: false
tag_name: v${{ steps.get-version.outputs.tagged_version }}
body: ${{ steps.changelog-reader.outputs.changes }}
files: |
./connector-definition/dist/connector-definition.tgz
fail_on_unmatched_files: true
- name: Update ndc-hub
env:
REGISTRY_NAME: hasura
CONNECTOR_NAME: singlestore
COMMIT_HASH: ${{ needs.build-and-push-image.outputs.commit_hash }}
SHA256: ${{ needs.build-and-push-image.outputs.sha256 }}
GH_TOKEN: ${{ secrets.PAT_TOKEN }}
run: |
# Clone ndc-hub repository
git clone https://github.com/hasura/ndc-hub.git
cd ndc-hub
# Create a new branch
NEW_BRANCH="update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}"
git checkout -b $NEW_BRANCH
# Create releases directory if it doesn't exist
mkdir -p registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }}/releases/v${{ steps.get-version.outputs.tagged_version }}
cd registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }}
# Create connector-packaging.json
cat << EOF > releases/v${{ steps.get-version.outputs.tagged_version }}/connector-packaging.json
{
"version": "${{ steps.get-version.outputs.tagged_version }}",
"uri": "https://github.com/${{ github.repository }}/releases/download/v${{ steps.get-version.outputs.tagged_version }}/connector-definition.tgz",
"checksum": {
"type": "sha256",
"value": "$SHA256"
},
"source": {
"hash": "$COMMIT_HASH"
}
}
EOF
# Update metadata.json to remove 'packages' field if it exists and update 'latest_version'
jq --arg version_tag "v${{ steps.get-version.outputs.tagged_version }}" \
--arg commit_hash "$COMMIT_HASH" \
'if has("packages") then del(.packages) else . end |
.overview.latest_version = $version_tag |
if has("source_code") then
.source_code.version += [{
"tag": $version_tag,
"hash": $commit_hash,
"is_verified": false
}]
else
. + {"source_code": {"version": [{
"tag": $version_tag,
"hash": $commit_hash,
"is_verified": false
}]}}
end' \
metadata.json > tmp.json && mv tmp.json metadata.json
cp ../../../../README.md ./README.md
# Commit changes
git config user.name "GitHub Action"
git config user.email "[email protected]"
git add metadata.json README.md releases
git commit -m "Update ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}"
# Push changes
git push https://${{ secrets.PAT_TOKEN }}@github.com/hasura/ndc-hub.git HEAD:update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}
# Create PR using GitHub CLI
cd ../..
gh pr create --repo hasura/ndc-hub \
--base main \
--head $NEW_BRANCH \
--title "Update ${{ env.CONNECTOR_NAME }} connector to v${{ steps.get-version.outputs.tagged_version }}" \
--body "This PR updates the ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}."