-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
431 lines (406 loc) · 16.1 KB
/
action.yml
File metadata and controls
431 lines (406 loc) · 16.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
name: 'Initialize GitHub Job'
description: 'Common steps for initializing a job for GitHub actions'
author: 'PandasWhoCode'
inputs:
checkout:
description: 'Whether to checkout the repository'
required: false
checkout-ref:
description: 'The branch, tag or SHA to checkout'
required: false
checkout-token:
description: 'Personal access token (PAT) used to fetch the repository and set up task'
required: false
checkout-fetch-depth:
description: 'Depth of commit history to fetch'
required: false
default: '1'
checkout-submodules:
description: 'Whether to checkout submodules (true/false/recursive)'
default: 'false'
required: false
setup-node:
description: 'Whether to setup Node.js'
required: false
node-version:
description: 'Node.js version to use'
required: false
node-cache:
description: 'Used to specify a package manager for caching (npm, yarn, pnpm)'
required: false
node-check-latest:
description: 'Whether to check for the latest Node.js version'
required: false
node-registry:
description: 'The registry URL to use for Node.js package installation and publishing'
required: false
setup-java:
description: 'Whether to setup Java'
required: false
java-version:
description: 'Java version to use'
required: false
java-distribution:
description: 'Java distribution (temurin, zulu, adopt, etc.)'
required: false
java-cache:
description: 'Name of the build platform to cache dependencies. It can be "maven", "gradle" or "sbt".'
required: false
setup-gradle:
description: 'Whether to setup Gradle'
required: false
gradle-version:
description: 'Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.'
required: false
default: 'wrapper'
gradle-cache-disabled:
description: 'Whether to disable Gradle caching'
required: false
default: 'false'
gradle-cache-read-only:
description: 'Whether to use read-only caching for Gradle'
required: false
cache-write-only:
description: 'When true, entries will not be restored from the cache but will be saved at the end of the Job.'
required: false
default: 'false'
setup-python:
description: 'Whether to setup Python'
required: false
python-version:
description: 'Python version to use'
required: false
python-cache:
description: 'Used to specify a package manager for caching (pip, pipenv, poetry)'
required: false
setup-go:
description: 'Whether to setup Go'
required: false
go-version:
description: 'Go version to use'
required: false
go-cache:
description: 'Whether to cache Go modules'
required: false
default: 'true'
go-architecture:
description: 'Target architecture for Go to use. Examples: x86, x64. Will use system architecture by default.'
required: false
setup-rust:
description: 'Whether to setup Rust'
required: false
rust-version:
description: 'Rust version to use'
required: false
rust-targets:
description: 'Comma-separated list of target triples to install for this toolchain'
required: false
rust-components:
description: 'Comma-separated list of components to be additionally installed'
required: false
setup-swift:
description: 'Whether to setup Swift'
required: false
swift-version:
description: 'Swift version to use'
required: false
swift-cache:
description: 'Whether to cache downloaded toolchain snapshots. Enabled by default, can be disabled in case of storage constraints.'
required: false
default: 'true'
swift-prefer-oss-toolchain:
description: 'Whether to prefer installing Swift open source toolchain over using Xcode integrated toolchain.'
required: false
default: 'false'
swift-sdks:
description: 'Semi-colon separated list of Swift SDKs to install along with the main toolchain.'
required: false
setup-task:
description: 'Whether to setup Task'
required: false
default: 'false'
setup-gomplate:
description: 'Whether to setup gomplate'
required: false
default: 'false'
task-version:
description: 'Task version to use'
required: false
default: '3.50.0'
task-retries:
description: 'Number of retries for Task setup in case of failure, default is 3.'
required: false
default: '3'
# expose outputs from the sub-actions
outputs:
checkout-ref:
description: 'The branch, tag or SHA that was checked out'
value: ${{ steps.checkout-code.outputs.ref }}
checkout-commit:
description: 'The commit SHA that was checked out'
value: ${{ steps.checkout-code.outputs.commit }}
java-distribution:
description: 'Distribution of Java that has been installed'
value: ${{ steps.setup-java.outputs.distribution }}
java-version:
description: 'Actual version of the java environment that has been installed'
value: ${{ steps.setup-java.outputs.version }}
java-path:
description: 'Path to where the java environment has been installed (same as $JAVA_HOME)'
value: ${{ steps.setup-java.outputs.path }}
java-cache-hit:
description: 'A boolean value to indicate an exact match was found for the primary key'
value: ${{ steps.setup-java.outputs.cache-hit }}
gradle-build-scan-url:
description: 'Link to the Build Scan® generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `setup-gradle` Step itself.'
value: ${{ steps.setup-gradle.outputs.build-scan-url }}
gradle-dependency-graph-file:
description: 'Path to the GitHub Dependency Graph snapshot file generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `setup-gradle` Step itself.'
value: ${{ steps.setup-gradle.outputs.dependency-graph-file }}
gradle-version:
description: 'Version of Gradle that was setup by the action'
value: ${{ steps.setup-gradle.outputs.gradle-version }}
node-cache-hit:
description: 'A boolean value to indicate if a cache was hit.'
value: ${{ steps.setup-node.outputs.cache-hit }}
node-version:
description: 'The installed node version.'
value: ${{ steps.setup-node.outputs.node-version }}
node-registry-url:
description: 'The registry URL used for package installation and publishing.'
value: ${{ inputs.node-registry || 'https://registry.npmjs.org/' }}
python-version:
description: "The installed Python or PyPy version. Useful when given a version range as input."
value: ${{ steps.setup-python.outputs.python-version }}
python-cache-hit:
description: "A boolean value to indicate a cache entry was found"
value: ${{ steps.setup-python.outputs.cache-hit }}
python-path:
description: "The absolute path to the Python or PyPy executable."
value: ${{ steps.setup-python.outputs.python-path }}
go-version:
description: 'The installed Go version. Useful when given a version range as input.'
value: ${{ steps.setup-go.outputs.go-version }}
go-cache-hit:
description: 'A boolean value to indicate if a cache was hit'
value: ${{ steps.setup-go.outputs.cache-hit }}
rust-cachekey:
description: 'A short hash of the rustc version, appropriate for use as a cache key. "20220627a831"'
value: ${{ steps.setup-rust.outputs.cachekey }}
rust-name:
description: 'Rustups name for the selected version of the toolchain. "1.62.0"'
value: ${{ steps.setup-rust.outputs.name }}
swift-version:
description: 'The actual Swift version that was configured.'
value: ${{ steps.setup-swift.outputs.swift-version }}
swift-toolchain:
description: 'JSON formatted toolchain snapshot metadata that was configured.'
value: ${{ steps.setup-swift.outputs.toolchain }}
swift-sdks:
description: 'JSON formatted SDK snapshots metadata that were configured.'
value: ${{ steps.setup-swift.outputs.sdks }}
runs:
using: 'composite'
steps:
# Always perform Harden Runner step
- name: Harden Runner
id: harden-runner
uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
with:
egress-policy: audit
- name: Checkout Code Parameters
id: checkout-params
if: ${{ inputs.checkout == 'true' }}
shell: bash
run: |
echo "::group::Checkout Code Parameters"
echo "Ref: ${{ inputs.checkout-ref }}"
echo "Fetch Depth: ${{ inputs.checkout-fetch-depth }}"
echo "Submodules: ${{ inputs.checkout-submodules }}"
echo "::endgroup::"
- name: Checkout Code
id: checkout-code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
if: ${{ inputs.checkout == 'true' }}
with:
fetch-depth: ${{ inputs.checkout-fetch-depth }}
submodules: ${{ inputs.checkout-submodules }}
ref: ${{ inputs.checkout-ref }}
token: ${{ inputs.checkout-token }}
- name: Set Up Java Parameters
id: setup-java-params
if: ${{ inputs.setup-java == 'true' }}
shell: bash
run: |
echo "::group::Setting up Java."
echo "Version: ${{ inputs.java-version }}"
echo "Distribution: ${{ inputs.java-distribution }}"
echo "Cache: ${{ inputs.java-cache }}"
echo "::endgroup::"
- name: Setup Java
id: setup-java
if: ${{ inputs.setup-java == 'true' }}
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: ${{ inputs.java-distribution }}
java-version: ${{ inputs.java-version }}
cache: ${{ inputs.java-cache }}
- name: Set Up Gradle Parameters
id: setup-gradle-params
if: ${{ inputs.setup-gradle == 'true' }}
shell: bash
run: |
echo "::group::Setting up Gradle."
echo "Version: ${{ inputs.gradle-version }}"
echo "Cache Disabled: ${{ inputs.gradle-cache-disabled }}"
echo "Cache Read Only: ${{ inputs.gradle-cache-read-only }}"
echo "Cache Write Only: ${{ inputs.cache-write-only }}"
echo "::endgroup::"
- name: Setup Gradle
id: setup-gradle
if: ${{ inputs.setup-gradle == 'true' }}
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
with:
cache-read-only: ${{ inputs.gradle-cache-read-only == 'true' }}
cache-write-only: ${{ inputs.cache-write-only == 'true' }}
cache-disabled: ${{ inputs.gradle-cache-disabled == 'true' }}
gradle-version: ${{ inputs.gradle-version }}
- name: Set Up NodeJS Parameters
id: setup-node-params
if: ${{ inputs.setup-node == 'true' }}
shell: bash
run: |
echo "::group::Setting up NodeJS."
echo "Version: ${{ inputs.node-version }}"
echo "Cache: ${{ inputs.node-cache }}"
echo "Check Latest: ${{ inputs.node-check-latest }}"
echo "Registry URL: ${{ inputs.node-registry || 'https://registry.npmjs.org/' }}"
echo "::endgroup::"
- name: Setup NodeJS
id: setup-node
if: ${{ inputs.setup-node == 'true' }}
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: ${{ inputs.node-version }}
cache: ${{ inputs.node-cache }}
check-latest: ${{ inputs.node-check-latest == 'true' }}
registry-url: ${{ inputs.node-registry || 'https://registry.npmjs.org/' }}
- name: Set Up Python Parameters
id: setup-python-params
if: ${{ inputs.setup-python == 'true' }}
shell: bash
run: |
echo "::group::Setting up Python."
echo "Version: ${{ inputs.python-version }}"
echo "Cache: ${{ inputs.python-cache }}"
echo "::endgroup::"
- name: Setup Python
id: setup-python
if: ${{ inputs.setup-python == 'true' }}
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ inputs.python-version }}
cache: ${{ inputs.python-cache }}
- name: Set Up Go Parameters
id: setup-go-params
if: ${{ inputs.setup-go == 'true' }}
shell: bash
run: |
echo "::group::Setting up Go."
echo "Version: ${{ inputs.go-version }}"
echo "Cache: ${{ inputs.go-cache }}"
echo "Architecture: ${{ inputs.go-architecture }}"
echo "::endgroup::"
- name: Setup Go
id: setup-go
if: ${{ inputs.setup-go == 'true' }}
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: ${{ inputs.go-version }}
cache: ${{ inputs.go-cache == 'true' }}
architecture: ${{ inputs.go-architecture }}
- name: Set Up Rust Parameters
id: setup-rust-params
if: ${{ inputs.setup-rust == 'true' }}
shell: bash
run: |
echo "::group::Setting up Rust."
echo "Version: ${{ inputs.rust-version }}"
echo "Targets: ${{ inputs.rust-targets }}"
echo "Components: ${{ inputs.rust-components }}"
echo "::endgroup::"
- name: Setup Rust
id: setup-rust
if: ${{ inputs.setup-rust == 'true' }}
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # v1
with:
toolchain: ${{ inputs.rust-version }}
targets: ${{ inputs.rust-targets || '' }}
components: ${{ inputs.rust-components || '' }}
- name: Set Up Swift Parameters
id: setup-swift-params
if: ${{ inputs.setup-swift == 'true' }}
shell: bash
run: |
echo "::group::Setting up Swift."
echo "Version: ${{ inputs.swift-version }}"
echo "Cache: ${{ inputs.swift-cache }}"
echo "Prefer OSS Toolchain: ${{ inputs.swift-prefer-oss-toolchain }}"
echo "SDKs: ${{ inputs.swift-sdks }}"
echo "::endgroup::"
- name: Setup Swift
id: setup-swift
if: ${{ inputs.setup-swift == 'true' }}
uses: SwiftyLab/setup-swift@86a5d3b9cffda409de636eb5f63f3f5696fdbe36 # v1.13.0
with:
swift-version: ${{ inputs.swift-version }}
cache-snapshot: ${{ inputs.swift-cache == 'true' }}
prefer-oss-toolchain: ${{ inputs.swift-prefer-oss-toolchain == 'true' }}
sdks: ${{ inputs.swift-sdks || '' }}
- name: Set Up Task Parameters
id: setup-task-params
if: ${{ inputs.setup-task == 'true' }}
shell: bash
run: |
echo "::group::Setting up Task"
echo "Version: ${{ inputs.task-version }}"
echo "Repo Token Provided: ${{ inputs.checkout-token != '' }}"
echo "Task Max Retries: ${{ inputs.task-retries }}"
echo "::endgroup::"
- name: Setup Task
id: setup-task
if: ${{ inputs.setup-task == 'true' }}
uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 # v3.50.0
with:
version: ${{ inputs.task-version }}
repo-token: ${{ inputs.checkout-token }}
max-retries: ${{ inputs.task-retries }}
- name: Set Up Gomplate Parameters
id: setup-gomplate-params
if: ${{ inputs.setup-gomplate == 'true' }}
shell: bash
run: |
echo "::group::Setting up gomplate"
echo "Version: v5.0.0"
echo "::endgroup::"
- name: Install Gomplate
id: setup-gomplate
if: ${{ inputs.setup-gomplate == 'true' }}
shell: bash
run: |
GOMPLATE_VERSION="v5.0.0"
GOMPLATE_RELEASE_URL="https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}"
curl -sSfL "${GOMPLATE_RELEASE_URL}/gomplate_linux-amd64" \
-o /tmp/gomplate || { echo "Failed to download gomplate binary"; exit 1; }
curl -sSfL "${GOMPLATE_RELEASE_URL}/checksums-${GOMPLATE_VERSION}_sha256.txt" \
-o /tmp/gomplate_checksums.txt || { echo "Failed to download gomplate checksums"; exit 1; }
EXPECTED_SHA="$(grep 'bin/gomplate_linux-amd64$' /tmp/gomplate_checksums.txt | awk '{print $1}')"
if [ -z "${EXPECTED_SHA}" ]; then
echo "Unable to find checksum for gomplate_linux-amd64"
exit 1
fi
echo "${EXPECTED_SHA} /tmp/gomplate" | sha256sum -c - || { echo "Gomplate checksum verification failed"; exit 1; }
sudo install -m 755 /tmp/gomplate /usr/local/bin/gomplate
branding:
icon: 'arrow-up-right'
color: 'green'