chore(deps): update github/codeql-action digest to 4f3212b #373
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: New release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
env: | |
NAMESPACE: telekom_mms | |
COLLECTION_NAME: icinga_director | |
ANSIBLE_COLLECTIONS_PATHS: ./ | |
jobs: | |
update_docs: | |
runs-on: ubuntu-latest | |
name: create documentation inside docs-folder | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
# ansible-doc-extractor requires the collection to be in a directory in | |
# the form ./ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}}/ | |
- name: Check out code to ansible collection location | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
with: | |
python-version: 3.8 | |
- name: Install ansible-doc-extractor | |
run: python -m pip install ansible-doc-extractor[ansible] | |
- name: create documentation | |
run: ansible-doc-extractor docs/ plugins/inventory/* plugins/modules/* | |
# the token is needed so the github app can push to the repository | |
# the github app can bypass the branch protection rule (need a PR to merge) | |
# this way it can directly commit to main | |
- name: Obtain a GitHub App Installation Access Token | |
id: githubAppAuth | |
run: | | |
TOKEN="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_BRANCH_PROTECTION_APP_TOKEN }})" | |
echo "::add-mask::$TOKEN" | |
echo token=${TOKEN} >> $GITHUB_OUTPUT | |
- name: commit documentation | |
uses: github-actions-x/commit@722d56b8968bf00ced78407bbe2ead81062d8baa # v2.9 | |
with: | |
github-token: ${{ steps.githubAppAuth.outputs.token }} | |
push-branch: 'main' | |
commit-message: 'update documentation' | |
force-add: 'true' | |
files: docs/ | |
name: Telekom MMS GmbH | |
email: [email protected] | |
generate_changelog: | |
runs-on: ubuntu-latest | |
name: create release draft | |
needs: update_docs # the documentation should be updated before creating a new release | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
# checkout the main branch, because without the ref, the above commit ("update documentation") | |
# isn't included and the push will fail | |
ref: main | |
fetch-depth: 0 | |
persist-credentials: false | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
with: | |
python-version: 3.8 | |
- name: Install antsibull-changelog, antsichaut | |
run: python -m pip install antsibull-changelog --disable-pip-version-check | |
- name: Install pandoc | |
run: sudo apt-get install pandoc | |
- name: 'Get Previous tag' | |
id: previoustag | |
uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
- name: calculate next version | |
id: version | |
uses: patrickjahns/version-drafter-action@2076fa43abb28f31d0e8b0890253fbd1d1a966fc # v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate new version in changelog.yaml | |
run: antsibull-changelog release -v --version "${{ steps.version.outputs.next-version }}" | |
- name: Generate changelog.yaml | |
uses: ansible-community/antsichaut@66464bba7f07c56db4bfec4b14e70b71c0b43ca9 # 0.4.0 | |
with: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
SINCE_VERSION: "${{ steps.previoustag.outputs.tag }}" | |
- name: Update Changelog.rst | |
run: antsibull-changelog generate -v | |
# the token is needed so the github app can push to the repository | |
# the github app can bypass the branch protection rule (need a PR to merge) | |
# this way it can directly commit to main | |
- name: Obtain a GitHub App Installation Access Token | |
id: githubAppAuth | |
run: | | |
TOKEN="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_BRANCH_PROTECTION_APP_TOKEN }})" | |
echo "::add-mask::$TOKEN" | |
echo token=${TOKEN} >> $GITHUB_OUTPUT | |
- name: update and push due to new release | |
uses: github-actions-x/commit@722d56b8968bf00ced78407bbe2ead81062d8baa # v2.9 | |
with: | |
# use the token obtained in the step before | |
github-token: ${{ steps.githubAppAuth.outputs.token }} | |
push-branch: 'main' | |
commit-message: 'update due to new release' | |
force-add: 'true' | |
files: CHANGELOG.rst changelogs/ | |
name: Deutsche Telekom MMS | |
email: [email protected] | |
# do a second checkout to prevent race situation | |
# changelog gets updated but action works on old commit id | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: main | |
# Drafts your next Release notes as Pull Requests are merged into "main" | |
- uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |