I am attempting to use GitHub Actions for a complete pipeline, including automatic SemVer versioning (using tags) that I would then like to consume after building my Docker image to tag it with the current version. This is the action that I am using to bump the version, which should have a new_tag output but I cannot reference it, this is what I am trying:
jobs:
setup:
...
version:
needs: [setup]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
fetch-depth: '0'
- name: Bump version and push tag
uses: anothrNick/github-tag-action#1.26.0
id: autoversion
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
sonar:
...
anchore:
...
docker:
needs: [setup, version]
steps:
...
- name: Build and push
uses: docker/build-push-action#v2
with:
context: .
push: true
tags: ansfire/flaskql:${{ needs.version.autoversion.outputs.new_tag }}
From what I have read using the needs key is supposed to allow one job to access upstream jobs but I cannot get it to access this. Do I need an outputs key in the version stage? Thanks!
Look into this answer, you need to define the outputs in the job creating the outputs, i.e.
jobs:
version:
[...]
outputs:
new_tag: ${{ steps.autoversion.outputs.new_tag }}
docker:
[...] tags: ansfire/flakql:${{ needs.version.outputs.new_tag }}
Related
I have a GitHub repo (let's call it my-repo), with GitHub Actions set up and the corresponding .github/workflows/files.yml included, and properly linked to Vercel. When my deployment Action runs, it fails with an HttpError and this log:
Run bobheadxi/deployments#v1
targeting my-GitHub/my-repo
initializing new deployment for develop # refs/heads/develop
unexpected error encountered: HttpError: Not Found
Error: unexpected error encountered: HttpError: Not Found
I have confirmed that refs/heads/develop exists in my-repo's refs.
Here is a screenshot of the GitHub Actions log (with debugging enabled):
Here is my workflow code (Point of failure is Create Deployment):
name: Deploy Environment to Vercel
on:
push:
branches:
- develop
- main
- release
workflow_dispatch:
jobs:
deploy_develop:
name: "Deploy to Develop"
if: github.ref == 'refs/heads/develop'
runs-on: mono-runner
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Create Deployment
uses: bobheadxi/deployments#v1
id: deployment
with:
step: start
token: ${{ secrets.BUILDBOT_PERSONAL_TOKEN }}
env: "Develop"
- name: Vercel Deployment
uses: amondnet/vercel-action#master
id: vercel
with:
vercel-token: ${{ secrets.BUILDBOT_VERCEL_TOKEN }}
github-token: ${{ secrets.BUILDBOT_PERSONAL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
scope: ${{ secrets.VERCEL_ORG_ID }}
- name: Update Deployment
uses: bobheadxi/deployments#v1
if: always()
with:
step: finish
token: ${{ secrets.BUILDBOT_PERSONAL_TOKEN }}
status: ${{ job.status }}
env: ${{ steps.deployment.outputs.env }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
Things I have verified:
Vercel is properly linked to my-repo GitHub project.
GitHub secrets are created to provide the Vercel project ID + org ID (the ones provided in the .vercel directory upon linking the my-repo project to Vercel).
I disabled Vercel builds in my vercel.json file in my-repo so that only GitHub is doing the builds.
The logs don't provide any other information that I can find - any advice would be greatly appreciated!!
The answer ended up being that my secrets were not properly being fed into my GitHub Actions by the Buildbot I have set up. Now that the secrets are properly configured, the same code does deploy to Vercel.
face palm
LOL I had the same problem, here is fix inside workflow file (workflow.yml):
- name: Run worklow
env:
SOME_TOKEN: ${{ secrets.SOME_TOKEN }}
working-directory: ./directory
run: run command
I am making a custom terraform provider for my organization.
I was following the instructions here:
https://www.terraform.io/registry/providers/publishing?_ga=2.233394398.119722977.1642457969-242172196.1631994131
In the section where it mentions to set up a GitHub Action by copying over the following into my workflows directory:
GitHub Actions workflow from the terraform-provider-scaffolding repository (https://github.com/hashicorp/terraform-provider-scaffolding/blob/main/.github/workflows/release.yml)
Unfortunately doing so seems to have caused the release workflow to no longer work and run. As a result, I was hoping I might get some overall insights into this as I am trying to hook it up to terraform registry and it's not letting me publish it because of a mal-release configuration.
Here is the repo:
https://github.com/Richard-Barrett/terraform-provider-mirantis
Here is the code that I am using for release.yml in my existing workflows:
# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: release
on:
push:
tags:
- 'v*'
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2.4.0
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go#v2
with:
go-version: 1.17
-
name: Import GPG key
id: import_gpg
uses: hashicorp/ghaction-import-gpg#v2.1.0
env:
# These secrets will need to be configured for the repository:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action#v2.8.0
with:
version: latest
args: release --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I think it may be the way I am auto-tagging in my repo as well, here is what I am using within my tag.yml:
name: 'tag'
on:
push:
branches:
- main
jobs:
tag:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout#v2.4.0
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Also, the tag workflow wasn't working at first, but now is, but my release status is just showing no status
So after much chagrin and heartache, I found out why it wasn't working.
I didn't specify the Branch on which the action was to be triggered:
Answer:
https://github.com/Richard-Barrett/terraform-provider-mirantis/commit/62a1fb003aee118e133dd22ce79dd488798214e1
The overall change was adding that to the release.yml.
The tag.yml is fine.
As a result, here was the overall change:
name: 'release'
on:
push:
branches:
- main
tags:
- 'v*'
jobs:
And the final release file looked like this:
# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: 'release'
on:
push:
branches:
- main
tags:
- 'v*'
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2.4.0
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go#v2
with:
go-version: 1.17
-
name: Import GPG key
id: import_gpg
uses: hashicorp/ghaction-import-gpg#v2.1.0
env:
# These secrets will need to be configured for the repository:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action#v2.8.0
with:
version: latest
args: release --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
My GitHub Action is failing on the final step, creating a pull request.
Below is the section of my yml file that is failing.
pull-request:
needs: regression-tests
name: Development to Master
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
name: checkout
- uses: repo-sync/pull-request#v2
name: pull-request
with:
destination_branch: "master"
pr_title: "Pulling ${{ github.ref }} into master"
pr_body: "*An automated PR test*"
pr_reviewer: "Kev"
pr_draft: true
github_token: ${{ secrets.PullRequest }}
And this is what I see in the log
2021-05-26T10:25:10.0613353Z ##[section]Starting: Request a runner to run this job
2021-05-26T10:25:10.4927450Z Can't find any online and idle self-hosted runner in current repository that matches the required
labels: 'ubuntu-latest'
2021-05-26T10:25:10.4927569Z Can't find any online and idle self-hosted runner in current repository's account/organization that
matches the required labels: 'ubuntu-latest'
2021-05-26T10:25:10.4928148Z Found online and idle hosted runner in current repository's account/organization that matches the required
labels: 'ubuntu-latest'
2021-05-26T10:25:10.6935866Z ##[section]Finishing: Request a runner to run this job
2021-05-26T10:25:18.9831794Z Current runner version: '2.278.0'
2021-05-26T10:25:18.9861037Z ##[group]Operating System
2021-05-26T10:25:18.9862046Z Ubuntu
2021-05-26T10:25:18.9862461Z 20.04.2
2021-05-26T10:25:18.9862889Z LTS
2021-05-26T10:25:18.9863336Z ##[endgroup]
2021-05-26T10:25:18.9864044Z ##[group]Virtual Environment
2021-05-26T10:25:18.9864687Z Environment: ubuntu-20.04
2021-05-26T10:25:18.9865181Z Version: 20210524.1
2021-05-26T10:25:18.9866149Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20210524.1/images/linux/Ubuntu2004-README.md
2021-05-26T10:25:18.9867437Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20210524.1
Any thoughts please on what the issue could be?
This edited code now works
pull-request:
needs: regression-tests
name: Github Pull Request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: pull-request
uses: repo-sync/pull-request#v2
with:
destination_branch: "master"
pr_title: "Pulling ${{ github.ref }} into master"
pr_body: "👑 *An automated PR test*"
pr_reviewer: "Kev"
github_token: ${{ secrets.GITHUB_TOKEN }}
It has a monorepo, where it will contain two subfolders, which are:
Each with their respective projects and packages. I am trying to access a certain subfolder to do its respective action, but it is giving an error when I run a command to test with lint, which is:
error Couldn't find a package.json file in "/github/workspace"
It probably should not be accessing the frontend subfolder. I need it to run all the commands in this subfolder, how do I do it?
MY .YML:
name: PIPELINE OF TESTS
on:
push:
branches: [frontend-develop, backend-develop]
pull_request_target:
types: [opened, edited, closed]
branches: [main]
jobs:
test-frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
strategy:
matrix:
node-version: [14.x]
architecture: [x64]
steps:
- name: CHECK-OUT GIT REPOSITORY
uses: actions/checkout#v2
- name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
uses: actions/setup-node#v2
- name: INSTALL PROJECT DEPENDENCIES (YARN)
uses: borales/actions-yarn#v2.0.0
with:
cmd: install
- name: CODE ANALYSE (LINT) AND STYLE-GUIDE ANALYSE (PRETTIER + AIRBNB)
uses: borales/actions-yarn#v2.0.0
with:
cmd: lint-check
- name: UNIT TEST (JEST)
uses: borales/actions-yarn#v2.0.0
with:
cmd: test
Using defaults with run will only be applied to the run step (e.g scripts/commands that you execute yourself and not actions). See the docs:
Provide default shell and working-directory to all run steps in the
job. Context and expression are not allowed in this section.
When you are using a GitHub action (you have uses:) it not possible to change the working directory. Keep in mind that some actions support this - you can pass an additional argument to with:, but in your case borales/actions-yarn do not support that.
What can you do?
As suggested in the borales/actions-yarn REAME.md:
Please keep in mind that this Action was originally written for GitHub Actions beta (when Docker was the only way of doing things).
Consider using actions/setup-node to work with Yarn. This repository will be mostly supporting the existing flows.
You can remove these actions and call yarn directly in run:. Your workflow should look like:
name: PIPELINE OF TESTS
on:
push:
branches: [frontend-develop, backend-develop]
pull_request_target:
types: [opened, edited, closed]
branches: [main]
jobs:
test-frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
strategy:
matrix:
node-version: [14.x]
architecture: [x64]
steps:
- name: CHECK-OUT GIT REPOSITORY
uses: actions/checkout#v2
- name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
uses: actions/setup-node#v2
- name: INSTALL PROJECT DEPENDENCIES (YARN)
run: yarn install
- name: CODE ANALYSE (LINT) AND STYLE-GUIDE ANALYSE (PRETTIER + AIRBNB)
run: yarn lint-check
- name: UNIT TEST (JEST)
run: yarn test
I'm using GitHub Actions to build a docker image using the build-push-action. I'd like to add tags to the image before pushing it to the docker registry:
Each image should be tagged with latest
If the commit that triggered the build has a git tag attached, the image should be tagged with this tag as well.
I have something along the lines of:
- name: Build and push
id: docker_build
uses: docker/build-push-action#v2
with:
context: .
push: true
tags:
- user/image:latest
It would be easy to always add more tags, but I want to add it only if there's a git tag. Is there a way to do that?
There's a docker/metadata-action that does this. Make sure to set up the push tags trigger along with whatever other triggers you might need. The action docs have a lot more details about what tags it applies for each event trigger type. See also https://docs.github.com/en/actions/publishing-packages/publishing-docker-images for even more info on the general topic of Docker image publishing.
name: Tag Docker Image with Git
on:
push:
tags: [ v* ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Log into the Container registry
uses: docker/login-action#f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata for the Docker image
id: meta
uses: docker/metadata-action#98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push the Docker image
uses: docker/build-push-action#ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
I found a solution using a dedicated action. I create the tags in a separate step and add it afterwards. The relevant parts of the CI config look like this:
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta#v1
with:
images: l7r7/sample
tag-custom: latest
tag-semver: |
{{raw}}
- name: Build and push
id: docker_build
uses: docker/build-push-action#v2
with:
context: .
push: false
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
To be precise, it's not exactly what I was asking for, because it will add a tag containing the branch name as well. But that's ok for me. I can live with that.
A full working example can be found here.
Maybe something like this:
- name: Build and push
id: gen_tags
run: |
if [[ $GITHUB_REF == 'refs/tags/'* ]]; then
TAGS='["user/image:latest","user/image:'${GITHUB_REF/refs\/tags\//}'"]'
else
TAGS='["user/image:latest"]'
fi
echo '::set-output name=tags::'$TAGS
- name: Build and push
id: docker_build
uses: docker/build-push-action#v2
needs: gen_tags
with:
context: .
push: true
tags: ${{ fromJson(steps.gen_tags.outputs.tags) }}
The first step generates the list of tags and the second build/push. if $GITHUB_REF starts by refs/tags/ it is a tag and as such we generate a json list with both docker tags. Else, we use a list that contains only the latest tag. Since we can only pass strings around, we have to output the json as a string and then parse it in the second step using fromJson. I am sorry for the ugly escaping (you might actually have issues there and have to try few different solutions), but it's a bit tricky to do without making the script more complex.
I was not able to use the above answers because they are triggered upon adding a tag, whereas I wanted it to be triggered by pushing to master.
In my case, I would:
Use an action to update the tags upon on a push to master.
https://github.com/mathieudutour/github-tag-action
And in a separate step, deploy:
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: 0 # Without this, this action won't be able to find any or the correct tags.
- name: 'Get tag'
id: tag
uses: 'WyriHaximus/github-action-get-previous-tag#8a0e045f02c0a3a04e1452df58b90fc7e555e950'
- name: Set correct environment
run: |
TAG=${{ steps.tag.outputs.tag }}
echo "TAG=$TAG" >> "$GITHUB_ENV"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action#v1
- name: Retrieve metadata
id: metadata
uses: docker/metadata-action#e5622373a38e60fb6d795a4421e56882f2d7a681
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
with:
images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}
tags: |
type=semver,pattern={{major}}.{{minor}}.{{patch}},value=${{ env.TAG }}
type=semver,pattern={{major}}.{{minor}},value=${{ env.TAG }}
type=semver,pattern={{major}},value=${{ env.TAG }}
- name: Build and push
id: docker
uses: docker/build-push-action#v2
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}