CLOUDP-82782: flexible push-files action (signed commits) (#162)

Author: Anton

.github/actions/push-files/Dockerfile

@@ -1,9 +1,8 @@
-#TODO change to alpine
 FROM alpine/git:latest
 
 # Install GitHub CLI
 RUN apk update && \
-    apk add --no-cache libc6-compat
+    apk add --no-cache libc6-compat bash
 RUN mkdir ghcli && cd ghcli && \
     wget https://github.com/cli/cli/releases/download/v1.5.0/gh_1.5.0_linux_386.tar.gz -O ghcli.tar.gz --no-check-certificate  && \
     tar --strip-components=1 -xf ghcli.tar.gz -C /usr/local

.github/actions/push-files/action.yml

@@ -4,8 +4,8 @@ inputs:
   GITHUB_TOKEN:
     description: "Action token"
     required: true
-  FILE_TO_COMMIT:
-    description: "Target file which will be committed"
+  PATH_TO_COMMIT:
+    description: "Target file or directory which will be committed"
     required: true
   DESTINATION_BRANCH:
     description: "Target branch"

.github/actions/push-files/entrypoint.sh

@@ -1,28 +1,36 @@
-#!/bin/sh
+#!/bin/bash
 
-#set -eou pipefail
+set -eou pipefail
 
-#commit file to the destination branch
+commit_single_file() {
+  # Commit to the branch
+  file="$1"
+  sha=$(git rev-parse "$DESTINATION_BRANCH:$file") || true
+  content=$(base64 "$file")
+  message="Pushing $file using GitHub API"
 
-MESSAGE="generated $FILE_TO_COMMIT"
-SHA=$(git rev-parse "$DESTINATION_BRANCH:$FILE_TO_COMMIT")
-CONTENT=$(base64 "$FILE_TO_COMMIT")
-echo "$DESTINATION_BRANCH:$FILE_TO_COMMIT:$SHA"
+  echo "$DESTINATION_BRANCH:$file:$sha"
+  if [ "$sha" = "$DESTINATION_BRANCH:$file" ]; then
+      echo "File does not exist"
+      gh api --method PUT "/repos/:owner/:repo/contents/$file" \
+          --field message="$message" \
+          --field content="$content" \
+          --field encoding="base64" \
+          --field branch="$DESTINATION_BRANCH"
+  else
+      echo "File exists"
+      gh api --method PUT "/repos/:owner/:repo/contents/$file" \
+          --field message="$message" \
+          --field content="$content" \
+          --field encoding="base64" \
+          --field branch="$DESTINATION_BRANCH" \
+          --field sha="$sha"
+  fi
+}
+
+# simple 'for loop' does not work correctly, see https://github.com/koalaman/shellcheck/wiki/SC2044#correct-code
+while IFS= read -r -d '' file
+do
+  commit_single_file "$file"
+done <   <(find "${PATH_TO_COMMIT}" -type f -print0)
 
-# Commit to the branch
-if [ "$SHA" = "$DESTINATION_BRANCH:$FILE_TO_COMMIT" ]; then
-    echo "File does not exist"
-    gh api --method PUT "/repos/:owner/:repo/contents/$FILE_TO_COMMIT" \
-        --field message="$MESSAGE" \
-        --field content="$CONTENT" \
-        --field encoding="base64" \
-        --field branch="$DESTINATION_BRANCH"
-else
-    echo "File exists"
-    gh api --method PUT "/repos/:owner/:repo/contents/$FILE_TO_COMMIT" \
-        --field message="$MESSAGE" \
-        --field content="$CONTENT" \
-        --field encoding="base64" \
-        --field branch="$DESTINATION_BRANCH" \
-        --field sha="$SHA"
-fi

.github/workflows/release-branch.yml

@@ -10,6 +10,7 @@ on:
         description: "Release version:"
         required: true
 
+
 jobs:
   create-release-branch:
     name: Create Release
@@ -25,7 +26,7 @@ jobs:
       with:
         fetch-depth: 0 #required for tags
 
-    - name: Create all-in-one installation script
+    - name: Create deploy configurations
       uses: ./.github/actions/gen-install-scripts
       with:
         IMAGE_URL: ${{ env.DOCKER_RELEASE_REPO }}:${{ env.VERSION }}
@@ -36,53 +37,11 @@ jobs:
         git checkout -b "release/${VERSION}"
         git push origin "release/${VERSION}"
 
-    - name: Commit all-in-one
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/all-in-one.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit crd project
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/crds/atlas.mongodb.com_atlasprojects.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit crd cluster
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/crds/atlas.mongodb.com_atlasclusters.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit namespaced crds
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/namespaced/crds.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit namespaced config
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/namespaced/namespaced-config.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit clusterwide crds
-      uses: ./.github/actions/push-files
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/clusterwide/crds.yaml"
-        DESTINATION_BRANCH: "release/${{ env.VERSION }}"
-
-    - name: Commit clusterwide config
+    - name: Commit and push deploy directory
       uses: ./.github/actions/push-files
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        FILE_TO_COMMIT: "deploy/clusterwide/clusterwide-config.yaml"
+        PATH_TO_COMMIT: "deploy"
         DESTINATION_BRANCH: "release/${{ env.VERSION }}"
 
     - name: Create PR