name: Generate run metadata on: workflow_call: inputs: github-event-name: type: string required: true github-event-json: type: string required: true outputs: build-tag: description: "Tag for the current workflow run" value: ${{ jobs.tags.outputs.build-tag }} release-tag: description: "Tag for the release if this is an RC PR run" value: ${{ jobs.tags.outputs.release-tag }} previous-storage-release: description: "Tag of the last storage release" value: ${{ jobs.tags.outputs.storage }} previous-proxy-release: description: "Tag of the last proxy release" value: ${{ jobs.tags.outputs.proxy }} previous-compute-release: description: "Tag of the last compute release" value: ${{ jobs.tags.outputs.compute }} run-kind: description: "The kind of run we're currently in. Will be one of `push-main`, `storage-release`, `compute-release`, `proxy-release`, `storage-rc-pr`, `compute-rc-pr`, `proxy-rc-pr`, `pr`, or `workflow-dispatch`" value: ${{ jobs.tags.outputs.run-kind }} release-pr-run-id: description: "Only available if `run-kind in [storage-release, proxy-release, compute-release]`. Contains the run ID of the `Build and Test` workflow, assuming one with the current commit can be found." value: ${{ jobs.tags.outputs.release-pr-run-id }} sha: description: "github.event.pull_request.head.sha on release PRs, github.sha otherwise" value: ${{ jobs.tags.outputs.sha }} permissions: {} defaults: run: shell: bash -euo pipefail {0} jobs: tags: runs-on: ubuntu-22.04 outputs: build-tag: ${{ steps.build-tag.outputs.build-tag }} release-tag: ${{ steps.build-tag.outputs.release-tag }} compute: ${{ steps.previous-releases.outputs.compute }} proxy: ${{ steps.previous-releases.outputs.proxy }} storage: ${{ steps.previous-releases.outputs.storage }} run-kind: ${{ steps.run-kind.outputs.run-kind }} release-pr-run-id: ${{ steps.release-pr-run-id.outputs.release-pr-run-id }} sha: ${{ steps.sha.outputs.sha }} permissions: contents: read steps: # Need `fetch-depth: 0` to count the number of commits in the branch - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit - name: Get run kind id: run-kind env: RUN_KIND: >- ${{ false || (inputs.github-event-name == 'push' && github.ref_name == 'main') && 'push-main' || (inputs.github-event-name == 'push' && github.ref_name == 'release') && 'storage-release' || (inputs.github-event-name == 'push' && github.ref_name == 'release-compute') && 'compute-release' || (inputs.github-event-name == 'push' && github.ref_name == 'release-proxy') && 'proxy-release' || (inputs.github-event-name == 'pull_request' && github.base_ref == 'release') && 'storage-rc-pr' || (inputs.github-event-name == 'pull_request' && github.base_ref == 'release-compute') && 'compute-rc-pr' || (inputs.github-event-name == 'pull_request' && github.base_ref == 'release-proxy') && 'proxy-rc-pr' || (inputs.github-event-name == 'pull_request') && 'pr' || (inputs.github-event-name == 'workflow_dispatch') && 'workflow-dispatch' || 'unknown' }} run: | echo "run-kind=$RUN_KIND" | tee -a $GITHUB_OUTPUT - name: Get the right SHA id: sha env: SHA: > ${{ contains(fromJSON('["storage-rc-pr", "proxy-rc-pr", "compute-rc-pr"]'), steps.run-kind.outputs.run-kind) && fromJSON(inputs.github-event-json).pull_request.head.sha || github.sha }} run: | echo "sha=$SHA" | tee -a $GITHUB_OUTPUT - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ steps.sha.outputs.sha }} - name: Get build tag id: build-tag env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} CURRENT_BRANCH: ${{ github.head_ref || github.ref_name }} CURRENT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} RUN_KIND: ${{ steps.run-kind.outputs.run-kind }} run: | case $RUN_KIND in push-main) echo "build-tag=$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; storage-release) echo "build-tag=release-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; proxy-release) echo "build-tag=release-proxy-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; compute-release) echo "build-tag=release-compute-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; pr|storage-rc-pr|compute-rc-pr|proxy-rc-pr) BUILD_AND_TEST_RUN_ID=$(gh api --paginate \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "/repos/${GITHUB_REPOSITORY}/actions/runs?head_sha=${CURRENT_SHA}&branch=${CURRENT_BRANCH}" \ | jq '[.workflow_runs[] | select(.name == "Build and Test")][0].id // ("Error: No matching workflow run found." | halt_error(1))') echo "build-tag=$BUILD_AND_TEST_RUN_ID" | tee -a $GITHUB_OUTPUT case $RUN_KIND in storage-rc-pr) echo "release-tag=release-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; proxy-rc-pr) echo "release-tag=release-proxy-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; compute-rc-pr) echo "release-tag=release-compute-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT ;; esac ;; workflow-dispatch) echo "build-tag=$GITHUB_RUN_ID" | tee -a $GITHUB_OUTPUT ;; *) echo "Unexpected RUN_KIND ('${RUN_KIND}'), failing to assign build-tag!" exit 1 esac - name: Get the previous release-tags id: previous-releases env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api --paginate \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "/repos/${GITHUB_REPOSITORY}/releases" \ | jq -f .github/scripts/previous-releases.jq -r \ | tee -a "${GITHUB_OUTPUT}" - name: Get the release PR run ID id: release-pr-run-id if: ${{ contains(fromJSON('["storage-release", "compute-release", "proxy-release"]'), steps.run-kind.outputs.run-kind) }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} CURRENT_SHA: ${{ github.sha }} run: | RELEASE_PR_RUN_ID=$(gh api "/repos/${GITHUB_REPOSITORY}/actions/runs?head_sha=$CURRENT_SHA" | jq '[.workflow_runs[] | select(.name == "Build and Test") | select(.head_branch | test("^rc/release.*$"; "s"))] | first | .id // ("Failed to find Build and Test run from RC PR!" | halt_error(1))') echo "release-pr-run-id=$RELEASE_PR_RUN_ID" | tee -a $GITHUB_OUTPUT