From c6716cbbe1f43d471b2adc3a2fe9b1763c170d0f Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Tue, 7 Apr 2026 16:53:39 +0100 Subject: [PATCH 1/7] DUPLO-42440: Upgrade remaining actions to Node24 + add test workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - azure/CLI@v2 → @v3 (node24) - octokit/request-action@v2.x → @v3 (node24) - tspascoal/get-user-teams-membership@v3 → inline gh api - softprops/action-gh-release@v2 → inline gh release create - Sync setup/action.yml stale v2 references - Add temporary test workflows for verification --- .github/workflows/publish.yml | 21 ++++++------ .github/workflows/test-release.yml | 52 ++++++++++++++++++++++++++++++ .github/workflows/test-rules.yml | 26 +++++++++++++++ README.md | 2 +- action.yml | 2 +- rules/action.yml | 25 ++++++++++---- setup/action.yml | 8 ++--- 7 files changed, 114 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/test-release.yml create mode 100644 .github/workflows/test-rules.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cc45bc8..b06a2c2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,16 +60,17 @@ jobs: - name: Create Release id: release if: inputs.push - uses: softprops/action-gh-release@v2 - with: - token: ${{ steps.app-token.outputs.token }} - name: ${{ steps.bump.outputs.tag }} - tag_name: ${{ steps.bump.outputs.tag }} - prerelease: false - body: | - [![Publish](${{ github.server_url }}/${{ github.repository }}/actions/workflows/publish.yml/badge.svg)](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ steps.registry.outputs.badge }} - - ${{ steps.bump.outputs.release-notes }} + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + BADGE_LINE: "[![Publish](${{ github.server_url }}/${{ github.repository }}/actions/workflows/publish.yml/badge.svg)](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ steps.registry.outputs.badge }}" + RELEASE_NOTES: ${{ steps.bump.outputs.release-notes }} + shell: bash + run: | + printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md + RELEASE_URL=$(gh release create "${{ steps.bump.outputs.tag }}" \ + --title "${{ steps.bump.outputs.tag }}" \ + --notes-file /tmp/release-body.md) + echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT - name: Summary id: summary diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml new file mode 100644 index 0000000..d035939 --- /dev/null +++ b/.github/workflows/test-release.yml @@ -0,0 +1,52 @@ +name: Test Release Script +on: workflow_dispatch +jobs: + test-release: + name: Verify inline gh release create + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v6 + + - name: Create test release + id: release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BADGE_LINE: "Test badge line" + RELEASE_NOTES: "Test release notes for Node24 upgrade verification." + shell: bash + run: | + TEST_TAG="v0.0.0-test-node24-$(date +%s)" + git tag "$TEST_TAG" + git push origin "$TEST_TAG" + printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md + RELEASE_URL=$(gh release create "$TEST_TAG" \ + --title "$TEST_TAG" \ + --notes-file /tmp/release-body.md \ + --prerelease) + echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT + echo "tag=$TEST_TAG" >> $GITHUB_OUTPUT + echo "Release URL: $RELEASE_URL" + + - name: Verify output + shell: bash + run: | + echo "Release URL output: ${{ steps.release.outputs.url }}" + if [ -z "${{ steps.release.outputs.url }}" ]; then + echo "ERROR: url output was not set" + exit 1 + fi + echo "URL output is set correctly." + + - name: Cleanup test release + if: always() + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + TAG="${{ steps.release.outputs.tag }}" + if [ -n "$TAG" ]; then + gh release delete "$TAG" --yes 2>/dev/null || true + git push origin ":refs/tags/$TAG" 2>/dev/null || true + echo "Cleaned up test release and tag: $TAG" + fi diff --git a/.github/workflows/test-rules.yml b/.github/workflows/test-rules.yml new file mode 100644 index 0000000..078c0ad --- /dev/null +++ b/.github/workflows/test-rules.yml @@ -0,0 +1,26 @@ +name: Test Rules Action +on: workflow_dispatch +jobs: + test-rules: + name: Verify inline gh api team check + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v6 + + - name: Run rules action + id: rules + # Use current branch's version of the rules action + uses: ./rules + with: + # Use different envs so the gate doesn't trigger exit 1 + current_environment: dev + protected_environment: prod + team: engineering + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify outputs + shell: bash + run: | + echo "Test completed successfully." + echo "The rules action ran without errors." diff --git a/README.md b/README.md index 6c5e55a..ed38304 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ The scripts and documentation in this project are released under the [MIT Licens - [actions/upload-artifact@v7](https://github.com/actions/upload-artifact) - [aws-actions/amazon-ecr-login@v2](https://github.com/aws-actions/amazon-ecr-login) - [aws-actions/configure-aws-credentials@v6](https://github.com/aws-actions/configure-aws-credentials) - - [azure/CLI@v2](https://github.com/marketplace/actions/azure-cli-action) + - [azure/CLI@v3](https://github.com/marketplace/actions/azure-cli-action) - [azure/login@v3](https://github.com/azure/login) - [crazy-max/ghaction-github-runtime@v4](https://github.com/crazy-max/ghaction-github-runtime) - [docker/login-action@v4](https://github.com/docker/login-action) diff --git a/action.yml b/action.yml index 5ee4494..bc97aff 100644 --- a/action.yml +++ b/action.yml @@ -206,7 +206,7 @@ runs: - name: Azure CLI script id: setup-azure-cli - uses: azure/CLI@v2 + uses: azure/CLI@v3 if: env.AZURE_ENABLED == 'true' && inputs.cloud-cli == 'true' && inputs.credentials with: azcliversion: 2.57.0 diff --git a/rules/action.yml b/rules/action.yml index c3219e2..19830ba 100644 --- a/rules/action.yml +++ b/rules/action.yml @@ -18,7 +18,7 @@ runs: steps: - name: Get User Group - uses: octokit/request-action@v2.x + uses: octokit/request-action@v3 id: get_user_groups env: GITHUB_TOKEN: ${{ inputs.github-token }} @@ -27,12 +27,25 @@ runs: owner: ${{ github.repository_owner }} username: ${{ github.event.sender.login }} - - uses: tspascoal/get-user-teams-membership@v3 + - name: Get User Teams Membership id: actorTeams - with: - username: ${{ github.actor }} - team: ${{ inputs.team }} - GITHUB_TOKEN: ${{ inputs.github-token }} + shell: bash + env: + GH_TOKEN: ${{ inputs.github-token }} + run: | + IS_MEMBER="false" + MATCHED="" + IFS=',' read -ra TEAMS <<< "${{ inputs.team }}" + for TEAM in "${TEAMS[@]}"; do + TEAM=$(echo "$TEAM" | xargs) + STATE=$(gh api "/orgs/${{ github.repository_owner }}/teams/$TEAM/memberships/${{ github.actor }}" --jq '.state' 2>/dev/null) || STATE="" + if [ "$STATE" = "active" ]; then + IS_MEMBER="true" + MATCHED="${MATCHED:+$MATCHED,}$TEAM" + fi + done + echo "teams=$MATCHED" >> $GITHUB_OUTPUT + echo "isTeamMember=$IS_MEMBER" >> $GITHUB_OUTPUT - name: Display User Group shell: bash diff --git a/setup/action.yml b/setup/action.yml index 4fbe983..54ec0e4 100644 --- a/setup/action.yml +++ b/setup/action.yml @@ -180,7 +180,7 @@ runs: - name: Authenticate to Google Cloud id: login-gcp - uses: google-github-actions/auth@v2 + uses: google-github-actions/auth@v3 if: env.GCP_ENABLED == 'true' && inputs.credentials with: credentials_json: ${{ inputs.credentials }} @@ -188,7 +188,7 @@ runs: - name: Set up Cloud SDK id: setup-gcloud - uses: google-github-actions/setup-gcloud@v2 + uses: google-github-actions/setup-gcloud@v3 if: env.GCP_ENABLED == 'true' with: version: '>= 363.0.0' @@ -206,14 +206,14 @@ runs: - name: Azure Login id: login-azure - uses: azure/login@v2 + uses: azure/login@v3 if: env.AZURE_ENABLED == 'true' && inputs.credentials with: creds: ${{ inputs.credentials }} - name: Azure CLI script id: setup-azure-cli - uses: azure/CLI@v2 + uses: azure/CLI@v3 if: env.AZURE_ENABLED == 'true' && inputs.credentials with: azcliversion: 2.57.0 From dde42e737ac18d307a92280b63b302be30bb61fc Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Tue, 7 Apr 2026 16:57:02 +0100 Subject: [PATCH 2/7] Add Node24 test jobs to experiments workflow for verification --- .github/workflows/example.yml | 78 ++++++++++++++++++++++++++++++++--- 1 file changed, 72 insertions(+), 6 deletions(-) diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 705405f..3997cbf 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -21,7 +21,7 @@ on: jobs: info: runs-on: ubuntu-latest - environment: + environment: name: ${{ inputs.environment }} steps: @@ -29,7 +29,7 @@ jobs: env: GITHUB_CONTEXT: ${{ toJson(github) }} run: echo "$GITHUB_CONTEXT" - + - name: Print ENV env: GITHUB_CONTEXT: ${{ toJson(github) }} @@ -39,7 +39,7 @@ jobs: env: NAME: ${{ inputs.name }} run: | - + if [ -z "$NAME" ]; then echo "-z is true" else @@ -51,12 +51,12 @@ jobs: else echo "The name is empty" fi - + - name: Print list of things env: LIST_OF_THINGS: ${{ inputs.list_of_things }} run: | - + # loop each item in the space delimited list for item in $LIST_OF_THINGS; do echo "item: $item" @@ -65,4 +65,70 @@ jobs: - name: The Job run: | echo '${{ toJSON(env) }}' - \ No newline at end of file + + test-rules: + name: Test Rules Action (Node24) + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v6 + + - name: Run rules action + uses: ./rules + with: + current_environment: dev + protected_environment: prod + team: engineering + github-token: ${{ secrets.GITHUB_TOKEN }} + + test-release: + name: Test Release Script (Node24) + runs-on: ubuntu-latest + permissions: + contents: write + steps: + + - uses: actions/checkout@v6 + + - name: Create test release + id: release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BADGE_LINE: "Test badge line" + RELEASE_NOTES: "Test release notes for Node24 upgrade verification." + shell: bash + run: | + TEST_TAG="v0.0.0-test-node24-$(date +%s)" + git tag "$TEST_TAG" + git push origin "$TEST_TAG" + printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md + RELEASE_URL=$(gh release create "$TEST_TAG" \ + --title "$TEST_TAG" \ + --notes-file /tmp/release-body.md \ + --prerelease) + echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT + echo "tag=$TEST_TAG" >> $GITHUB_OUTPUT + echo "Release URL: $RELEASE_URL" + + - name: Verify output + shell: bash + run: | + echo "Release URL output: ${{ steps.release.outputs.url }}" + if [ -z "${{ steps.release.outputs.url }}" ]; then + echo "ERROR: url output was not set" + exit 1 + fi + echo "URL output is set correctly." + + - name: Cleanup test release + if: always() + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + TAG="${{ steps.release.outputs.tag }}" + if [ -n "$TAG" ]; then + gh release delete "$TAG" --yes 2>/dev/null || true + git push origin ":refs/tags/$TAG" 2>/dev/null || true + echo "Cleaned up test release and tag: $TAG" + fi \ No newline at end of file From 975a934fea1c20ba57d9b1c930a3378bc33a7651 Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Tue, 7 Apr 2026 16:58:59 +0100 Subject: [PATCH 3/7] Fix octokit/request-action tag: v3 -> v3.0.0 (no major version tag exists) --- rules/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/action.yml b/rules/action.yml index 19830ba..e49f2b0 100644 --- a/rules/action.yml +++ b/rules/action.yml @@ -18,7 +18,7 @@ runs: steps: - name: Get User Group - uses: octokit/request-action@v3 + uses: octokit/request-action@v3.0.0 id: get_user_groups env: GITHUB_TOKEN: ${{ inputs.github-token }} From 9c225fe6b1047791ac3201b3285d9b7b2d47bd83 Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Tue, 7 Apr 2026 17:11:09 +0100 Subject: [PATCH 4/7] Replace octokit/request-action with inline gh api (v3 removed route param inputs) --- rules/action.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/rules/action.yml b/rules/action.yml index e49f2b0..1d0a9bd 100644 --- a/rules/action.yml +++ b/rules/action.yml @@ -18,14 +18,13 @@ runs: steps: - name: Get User Group - uses: octokit/request-action@v3.0.0 id: get_user_groups + shell: bash env: - GITHUB_TOKEN: ${{ inputs.github-token }} - with: - route: GET /orgs/{owner}/memberships/{username} - owner: ${{ github.repository_owner }} - username: ${{ github.event.sender.login }} + GH_TOKEN: ${{ inputs.github-token }} + run: | + ROLE=$(gh api "/orgs/${{ github.repository_owner }}/memberships/${{ github.event.sender.login }}" --jq '.role' 2>/dev/null) || ROLE="unknown" + echo "role=$ROLE" >> $GITHUB_OUTPUT - name: Get User Teams Membership id: actorTeams @@ -50,7 +49,7 @@ runs: - name: Display User Group shell: bash env: - GH_ROLE: ${{ fromJson(steps.get_user_groups.outputs.data).role }} + GH_ROLE: ${{ steps.get_user_groups.outputs.role }} GH_TEAMS: ${{ steps.actorTeams.outputs.teams }} GHA_ENV: ${{ inputs.environment }} ISMEMBER: ${{ steps.actorTeams.outputs.isTeamMember }} From 7d760cd97836aa301df0db977193211bc6a39353 Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Tue, 7 Apr 2026 17:19:03 +0100 Subject: [PATCH 5/7] Remove temporary test workflows after successful verification --- .github/workflows/example.yml | 78 +++--------------------------- .github/workflows/test-release.yml | 52 -------------------- .github/workflows/test-rules.yml | 26 ---------- 3 files changed, 6 insertions(+), 150 deletions(-) delete mode 100644 .github/workflows/test-release.yml delete mode 100644 .github/workflows/test-rules.yml diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 3997cbf..705405f 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -21,7 +21,7 @@ on: jobs: info: runs-on: ubuntu-latest - environment: + environment: name: ${{ inputs.environment }} steps: @@ -29,7 +29,7 @@ jobs: env: GITHUB_CONTEXT: ${{ toJson(github) }} run: echo "$GITHUB_CONTEXT" - + - name: Print ENV env: GITHUB_CONTEXT: ${{ toJson(github) }} @@ -39,7 +39,7 @@ jobs: env: NAME: ${{ inputs.name }} run: | - + if [ -z "$NAME" ]; then echo "-z is true" else @@ -51,12 +51,12 @@ jobs: else echo "The name is empty" fi - + - name: Print list of things env: LIST_OF_THINGS: ${{ inputs.list_of_things }} run: | - + # loop each item in the space delimited list for item in $LIST_OF_THINGS; do echo "item: $item" @@ -65,70 +65,4 @@ jobs: - name: The Job run: | echo '${{ toJSON(env) }}' - - test-rules: - name: Test Rules Action (Node24) - runs-on: ubuntu-latest - steps: - - - uses: actions/checkout@v6 - - - name: Run rules action - uses: ./rules - with: - current_environment: dev - protected_environment: prod - team: engineering - github-token: ${{ secrets.GITHUB_TOKEN }} - - test-release: - name: Test Release Script (Node24) - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - - uses: actions/checkout@v6 - - - name: Create test release - id: release - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - BADGE_LINE: "Test badge line" - RELEASE_NOTES: "Test release notes for Node24 upgrade verification." - shell: bash - run: | - TEST_TAG="v0.0.0-test-node24-$(date +%s)" - git tag "$TEST_TAG" - git push origin "$TEST_TAG" - printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md - RELEASE_URL=$(gh release create "$TEST_TAG" \ - --title "$TEST_TAG" \ - --notes-file /tmp/release-body.md \ - --prerelease) - echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT - echo "tag=$TEST_TAG" >> $GITHUB_OUTPUT - echo "Release URL: $RELEASE_URL" - - - name: Verify output - shell: bash - run: | - echo "Release URL output: ${{ steps.release.outputs.url }}" - if [ -z "${{ steps.release.outputs.url }}" ]; then - echo "ERROR: url output was not set" - exit 1 - fi - echo "URL output is set correctly." - - - name: Cleanup test release - if: always() - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - TAG="${{ steps.release.outputs.tag }}" - if [ -n "$TAG" ]; then - gh release delete "$TAG" --yes 2>/dev/null || true - git push origin ":refs/tags/$TAG" 2>/dev/null || true - echo "Cleaned up test release and tag: $TAG" - fi \ No newline at end of file + \ No newline at end of file diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml deleted file mode 100644 index d035939..0000000 --- a/.github/workflows/test-release.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Test Release Script -on: workflow_dispatch -jobs: - test-release: - name: Verify inline gh release create - runs-on: ubuntu-latest - steps: - - - uses: actions/checkout@v6 - - - name: Create test release - id: release - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - BADGE_LINE: "Test badge line" - RELEASE_NOTES: "Test release notes for Node24 upgrade verification." - shell: bash - run: | - TEST_TAG="v0.0.0-test-node24-$(date +%s)" - git tag "$TEST_TAG" - git push origin "$TEST_TAG" - printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md - RELEASE_URL=$(gh release create "$TEST_TAG" \ - --title "$TEST_TAG" \ - --notes-file /tmp/release-body.md \ - --prerelease) - echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT - echo "tag=$TEST_TAG" >> $GITHUB_OUTPUT - echo "Release URL: $RELEASE_URL" - - - name: Verify output - shell: bash - run: | - echo "Release URL output: ${{ steps.release.outputs.url }}" - if [ -z "${{ steps.release.outputs.url }}" ]; then - echo "ERROR: url output was not set" - exit 1 - fi - echo "URL output is set correctly." - - - name: Cleanup test release - if: always() - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - TAG="${{ steps.release.outputs.tag }}" - if [ -n "$TAG" ]; then - gh release delete "$TAG" --yes 2>/dev/null || true - git push origin ":refs/tags/$TAG" 2>/dev/null || true - echo "Cleaned up test release and tag: $TAG" - fi diff --git a/.github/workflows/test-rules.yml b/.github/workflows/test-rules.yml deleted file mode 100644 index 078c0ad..0000000 --- a/.github/workflows/test-rules.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Test Rules Action -on: workflow_dispatch -jobs: - test-rules: - name: Verify inline gh api team check - runs-on: ubuntu-latest - steps: - - - uses: actions/checkout@v6 - - - name: Run rules action - id: rules - # Use current branch's version of the rules action - uses: ./rules - with: - # Use different envs so the gate doesn't trigger exit 1 - current_environment: dev - protected_environment: prod - team: engineering - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Verify outputs - shell: bash - run: | - echo "Test completed successfully." - echo "The rules action ran without errors." From 80948f1440fb1b726361bceba7716446857dabf0 Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Thu, 16 Apr 2026 14:46:46 +0100 Subject: [PATCH 6/7] Use upstream v3 releases for softprops and octokit + add test jobs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - softprops/action-gh-release@v2 → @v3 (Node24, released Apr 14) - octokit/request-action@v2.x → @v3.0.0 (Node24, params in route string) - Add test jobs to GHA Experiments for verification --- .github/workflows/example.yml | 66 ++++++++++++++++++++++++++++++++++- .github/workflows/publish.yml | 21 ++++++----- rules/action.yml | 11 +++--- 3 files changed, 80 insertions(+), 18 deletions(-) diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 705405f..d7be222 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -65,4 +65,68 @@ jobs: - name: The Job run: | echo '${{ toJSON(env) }}' - \ No newline at end of file + + test-rules: + name: Test Rules Action (Node24) + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v6 + + - name: Run rules action + uses: ./rules + with: + current_environment: dev + protected_environment: prod + team: engineering + github-token: ${{ secrets.GITHUB_TOKEN }} + + test-release: + name: Test Release Script (Node24) + runs-on: ubuntu-latest + permissions: + contents: write + steps: + + - uses: actions/checkout@v6 + + - name: Create test tag + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + TEST_TAG="v0.0.0-test-node24-$(date +%s)" + git tag "$TEST_TAG" + git push origin "$TEST_TAG" + echo "TEST_TAG=$TEST_TAG" >> $GITHUB_ENV + + - name: Create test release + id: release + uses: softprops/action-gh-release@v3 + with: + tag_name: ${{ env.TEST_TAG }} + name: ${{ env.TEST_TAG }} + prerelease: true + body: "Test release for Node24 upgrade verification." + + - name: Verify output + shell: bash + run: | + echo "Release URL: ${{ steps.release.outputs.url }}" + if [ -z "${{ steps.release.outputs.url }}" ]; then + echo "ERROR: url output was not set" + exit 1 + fi + echo "URL output is set correctly." + + - name: Cleanup test release + if: always() + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + if [ -n "$TEST_TAG" ]; then + gh release delete "$TEST_TAG" --yes 2>/dev/null || true + git push origin ":refs/tags/$TEST_TAG" 2>/dev/null || true + echo "Cleaned up test release and tag: $TEST_TAG" + fi \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b06a2c2..10ec57a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,17 +60,16 @@ jobs: - name: Create Release id: release if: inputs.push - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - BADGE_LINE: "[![Publish](${{ github.server_url }}/${{ github.repository }}/actions/workflows/publish.yml/badge.svg)](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ steps.registry.outputs.badge }}" - RELEASE_NOTES: ${{ steps.bump.outputs.release-notes }} - shell: bash - run: | - printf '%s\n\n%s\n' "$BADGE_LINE" "$RELEASE_NOTES" > /tmp/release-body.md - RELEASE_URL=$(gh release create "${{ steps.bump.outputs.tag }}" \ - --title "${{ steps.bump.outputs.tag }}" \ - --notes-file /tmp/release-body.md) - echo "url=$RELEASE_URL" >> $GITHUB_OUTPUT + uses: softprops/action-gh-release@v3 + with: + token: ${{ steps.app-token.outputs.token }} + name: ${{ steps.bump.outputs.tag }} + tag_name: ${{ steps.bump.outputs.tag }} + prerelease: false + body: | + [![Publish](${{ github.server_url }}/${{ github.repository }}/actions/workflows/publish.yml/badge.svg)](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ steps.registry.outputs.badge }} + + ${{ steps.bump.outputs.release-notes }} - name: Summary id: summary diff --git a/rules/action.yml b/rules/action.yml index 1d0a9bd..ab5e920 100644 --- a/rules/action.yml +++ b/rules/action.yml @@ -18,13 +18,12 @@ runs: steps: - name: Get User Group + uses: octokit/request-action@v3.0.0 id: get_user_groups - shell: bash env: - GH_TOKEN: ${{ inputs.github-token }} - run: | - ROLE=$(gh api "/orgs/${{ github.repository_owner }}/memberships/${{ github.event.sender.login }}" --jq '.role' 2>/dev/null) || ROLE="unknown" - echo "role=$ROLE" >> $GITHUB_OUTPUT + GITHUB_TOKEN: ${{ inputs.github-token }} + with: + route: GET /orgs/${{ github.repository_owner }}/memberships/${{ github.event.sender.login }} - name: Get User Teams Membership id: actorTeams @@ -49,7 +48,7 @@ runs: - name: Display User Group shell: bash env: - GH_ROLE: ${{ steps.get_user_groups.outputs.role }} + GH_ROLE: ${{ fromJson(steps.get_user_groups.outputs.data).role }} GH_TEAMS: ${{ steps.actorTeams.outputs.teams }} GHA_ENV: ${{ inputs.environment }} ISMEMBER: ${{ steps.actorTeams.outputs.isTeamMember }} From de460941d0c194ca178a2c4fb541cb6f6da7a6a5 Mon Sep 17 00:00:00 2001 From: amaechiabuah Date: Thu, 16 Apr 2026 14:50:31 +0100 Subject: [PATCH 7/7] Remove test jobs from experiments workflow after verification --- .github/workflows/example.yml | 66 +---------------------------------- 1 file changed, 1 insertion(+), 65 deletions(-) diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index d7be222..705405f 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -65,68 +65,4 @@ jobs: - name: The Job run: | echo '${{ toJSON(env) }}' - - test-rules: - name: Test Rules Action (Node24) - runs-on: ubuntu-latest - steps: - - - uses: actions/checkout@v6 - - - name: Run rules action - uses: ./rules - with: - current_environment: dev - protected_environment: prod - team: engineering - github-token: ${{ secrets.GITHUB_TOKEN }} - - test-release: - name: Test Release Script (Node24) - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - - uses: actions/checkout@v6 - - - name: Create test tag - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - TEST_TAG="v0.0.0-test-node24-$(date +%s)" - git tag "$TEST_TAG" - git push origin "$TEST_TAG" - echo "TEST_TAG=$TEST_TAG" >> $GITHUB_ENV - - - name: Create test release - id: release - uses: softprops/action-gh-release@v3 - with: - tag_name: ${{ env.TEST_TAG }} - name: ${{ env.TEST_TAG }} - prerelease: true - body: "Test release for Node24 upgrade verification." - - - name: Verify output - shell: bash - run: | - echo "Release URL: ${{ steps.release.outputs.url }}" - if [ -z "${{ steps.release.outputs.url }}" ]; then - echo "ERROR: url output was not set" - exit 1 - fi - echo "URL output is set correctly." - - - name: Cleanup test release - if: always() - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - if [ -n "$TEST_TAG" ]; then - gh release delete "$TEST_TAG" --yes 2>/dev/null || true - git push origin ":refs/tags/$TEST_TAG" 2>/dev/null || true - echo "Cleaned up test release and tag: $TEST_TAG" - fi \ No newline at end of file + \ No newline at end of file