From f463f267cf35d4d08b9ea802f1650a43c8ef7fde Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Tue, 28 Nov 2023 16:52:10 +0100 Subject: [PATCH 1/3] ci: fix insufficient permissions for github token in release workflow --- .github/workflows/release.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9fff4ce4c..f5b04e2f4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,14 @@ jobs: upload: runs-on: ubuntu-22.04 permissions: + contents: write + checks: write packages: write + actions: read + issues: read + pull-requests: read + repository-projects: read + statuses: read strategy: fail-fast: false steps: From 915f0171b3e3d96133b3e950cba3a8d42f0629bf Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Tue, 28 Nov 2023 17:11:13 +0100 Subject: [PATCH 2/3] ci: fix manual trigger of release workflow --- .github/workflows/release.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f5b04e2f4..1502ed3ec 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -52,11 +52,13 @@ jobs: v*) echo "profile=emqx" >> $GITHUB_OUTPUT echo "version=$(./pkg-vsn.sh emqx)" >> $GITHUB_OUTPUT + echo "ref_name=v$(./pkg-vsn.sh emqx)" >> "$GITHUB_ENV" echo "s3dir=emqx-ce" >> $GITHUB_OUTPUT ;; e*) echo "profile=emqx-enterprise" >> $GITHUB_OUTPUT echo "version=$(./pkg-vsn.sh emqx-enterprise)" >> $GITHUB_OUTPUT + echo "ref_name=e$(./pkg-vsn.sh emqx-enterprise)" >> "$GITHUB_ENV" echo "s3dir=emqx-ee" >> $GITHUB_OUTPUT ;; esac @@ -64,14 +66,14 @@ jobs: run: | BUCKET=${{ secrets.AWS_S3_BUCKET }} OUTPUT_DIR=${{ steps.profile.outputs.s3dir }} - aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ github.ref_name }} packages + aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ env.ref_name }} packages - uses: alexellis/upload-assets@0.4.0 env: GITHUB_TOKEN: ${{ github.token }} with: asset_paths: '["packages/*"]' - name: update to emqx.io - if: startsWith(github.ref_name, 'v') && ((github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artefacts) + if: startsWith(env.ref_name, 'v') && ((github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artefacts) run: | set -eux curl -w %{http_code} \ @@ -79,7 +81,7 @@ jobs: -H "Content-Type: application/json" \ -H "token: ${{ secrets.EMQX_IO_TOKEN }}" \ -X POST \ - -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ github.ref_name }}\" }" \ + -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ env.ref_name }}\" }" \ ${{ secrets.EMQX_IO_RELEASE_API }} - name: Push to packagecloud.io if: (github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artefacts From 19e7ec1f1f2f037e1342ebcd858e975be80d845d Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Wed, 29 Nov 2023 10:24:40 +0100 Subject: [PATCH 3/3] ci: use our own fork of upload-assets --- .github/workflows/release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1502ed3ec..4a0d0403f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -67,11 +67,12 @@ jobs: BUCKET=${{ secrets.AWS_S3_BUCKET }} OUTPUT_DIR=${{ steps.profile.outputs.s3dir }} aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ env.ref_name }} packages - - uses: alexellis/upload-assets@0.4.0 + - uses: emqx/upload-assets@8d2083b4dbe3151b0b735572eaa153b6acb647fe # 0.5.0 env: GITHUB_TOKEN: ${{ github.token }} with: asset_paths: '["packages/*"]' + tag_name: "${{ env.ref_name }}" - name: update to emqx.io if: startsWith(env.ref_name, 'v') && ((github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artefacts) run: |