-
Notifications
You must be signed in to change notification settings - Fork 3
145 lines (129 loc) · 4.97 KB
/
sig-nontrusted.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
run-name: SIG - ${{ github.event.inputs.config }}
name: SIG Deployment - FXCI
on:
workflow_dispatch:
inputs:
config:
type: choice
description: Choose which pool to build
options:
- win10-64-2009-alpha
- win10-64-2009
- win11-64-2009-alpha
- win11-64-2009
- win11-64-24h2-alpha
- win11-64-24h2
- win11-a64-24h2-tester-alpha
- win11-a64-24h2-tester
- win11-a64-24h2-builder-alpha
- win11-a64-24h2-builder
permissions:
id-token: write
contents: read
jobs:
packer:
name: "Build ${{ github.event.inputs.config }}"
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Azure Login
uses: azure/#@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID_FXCI }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_UNTRUSTED }}
enable-AzPSSession: true
- name: 'Run Packer'
shell: pwsh
run: |
Import-Module .\bin\WorkerImages\WorkerImages.psm1
$Vars = @{
Key = '${{ github.event.inputs.config }}'
Client_ID = "${{ secrets.AZURE_CLIENT_ID_FXCI }}"
oidc_request_url = "${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }}"
oidc_request_token = "${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }}"
Subscription_ID = "${{ secrets.AZURE_SUBSCRIPTION_ID_UNTRUSTED }}"
Tenant_ID = "${{ secrets.AZURE_TENANT_ID }}"
Application_ID = "${{ secrets.AZURE_APPLICATION_ID_FXCI }}"
}
New-AzSharedWorkerImage @Vars
"sharedimageversion=$ENV:PKR_VAR_sharedimage_version" >> $env:GITHUB_ENV
- name: Upload Release Notes Artifact
uses: actions/upload-artifact@v4
with:
name: release-notes-${{ github.event.inputs.config }}
path: ${{ github.event.inputs.config }}-${{ env.sharedimageversion }}.md
overwrite: true
retention-days: 1
if-no-files-found: error
sbom:
needs: packer
name: "Upload release notes"
runs-on: ubuntu-latest
permissions: write-all
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: sboms
name: release-notes-${{ github.event.inputs.config }}
merge-multiple: true
- name: "Test SBOM Exists & Create PR"
shell: pwsh
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONFIG: ${{ github.event.inputs.config }}
run: |
## Install powershell-yaml module
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module powershell-yaml -ErrorAction Stop
Get-ChildItem "sboms" -Recurse
Get-ChildItem
## Get the shared image version from the config file
$YAML = Convertfrom-Yaml (Get-Content "config/${{ env.CONFIG }}.yaml" -raw)
git config --local user.name "github-actions[bot]"
git config --local user.email "github-actions[bot]@users.noreply.github.com"
## Confirm it's there
Get-ChildItem "sboms" -Recurse
## Store the file in a variable
$SBOM_PATH = "sboms\${{ github.event.inputs.config }}-$($Yaml.sharedimage.image_version).md"
$SBOM_NAME = "${{ github.event.inputs.config }}-$($Yaml.sharedimage.image_version).md"
Write-host "SBOM Path: $SBOM_PATH"
Write-host "SBOM Name: $SBOM_NAME"
## Create a new branch for the release notes
$Date = Get-Date -Format "yyyyMMddTHHmm"
$Repo = "${{ github.repository }}"
if ($ENV:CONFIG -match "win10") {
$ReleaseBranch = "releases/win10/$Date-docs"
}
elseif ($ENV:CONFIG -match "win11") {
$ReleaseBranch = "releases/win11/$Date-docs"
}
elseif ($ENV:CONFIG -match "win2022") {
$ReleaseBranch = "releases/win2022/$Date-docs"
}
else {
$ReleaseBranch = $null
}
$branchExists = (gh api "/repos/$Repo/branches/$releaseBranch" | ConvertFrom-Json).Name
if ($null -eq $branchExists) {
git checkout -b $ReleaseBranch
git push origin $ReleaseBranch
} else {
git checkout $ReleaseBranch
}
$PR_Body = @"
# Release Notes for $($ENV:CONFIG).md
Automatically generated PR for $($ENV:CONFIG).md
"@
$PR_Title = "$ENV:CONFIG ($Date) Image Update"
Write-host "Using git add $SBOM_PATH"
git add $SBOM_PATH
Write-Host "Using git add ."
git add .
git commit -m "$($ENV:CONFIG) - Release Notes for $($ENV:CONFIG).md"
git push -u origin $ReleaseBranch
gh pr create --base main --head $ReleaseBranch --title $PR_Title --body $PR_Body