Envoy/Publish & verify #4

Workflow file for this run

.github/workflows/envoy-publish.yml at bb28dda

	# This workflow is triggered by azp currently
	# Once arm/x64 build jobs are shifted to github, this can be triggered
	# by on: workflow_run
	name: Envoy/Publish & verify

	permissions:
	contents: read

	on:
	workflow_run:
	workflows:
	# Workaround issue with PRs not triggering tertiary workflows
	- Request
	# - Envoy/Prechecks
	types:
	- completed

	concurrency:
	group: ${{ github.head_ref \|\| github.run_id }}-${{ github.workflow }}
	cancel-in-progress: true

	env:
	CI_DEBUG: ${{ vars.CI_DEBUG }}


	jobs:
	load:
	secrets:
	app-key: ${{ secrets.ENVOY_CI_APP_KEY }}
	app-id: ${{ secrets.ENVOY_CI_APP_ID }}
	lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }}
	lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }}
	permissions:
	actions: read
	contents: read
	packages: read
	pull-requests: read
	if: >-
	${{ github.event.workflow_run.conclusion == 'success'
	&& (github.repository == 'envoyproxy/envoy' \|\| vars.ENVOY_CI) }}
	uses: ./.github/workflows/_load.yml
	with:
	check-name: publish
	# head-sha: ${{ github.sha }}

	build:
	permissions:
	contents: read
	packages: read
	secrets:
	dockerhub-username: >-
	${{ fromJSON(needs.load.outputs.trusted)
	&& secrets.DOCKERHUB_USERNAME
	\|\| '' }}
	dockerhub-password: >-
	${{ fromJSON(needs.load.outputs.trusted)
	&& secrets.DOCKERHUB_PASSWORD
	\|\| '' }}
	gpg-key: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_GPG_MAINTAINER_KEY \|\| secrets.ENVOY_GPG_SNAKEOIL_KEY }}
	gpg-key-password: >-
	${{ fromJSON(needs.load.outputs.trusted)
	&& secrets.ENVOY_GPG_MAINTAINER_KEY_PASSWORD
	\|\| secrets.ENVOY_GPG_SNAKEOIL_KEY_PASSWORD }}
	if: ${{ fromJSON(needs.load.outputs.request).run.publish \|\| fromJSON(needs.load.outputs.request).run.verify }}
	needs:
	- load
	uses: ./.github/workflows/_publish_build.yml
	name: Build
	with:
	request: ${{ needs.load.outputs.request }}
	trusted: ${{ fromJSON(needs.load.outputs.trusted) }}

	publish:
	secrets:
	ENVOY_CI_SYNC_APP_ID: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_SYNC_APP_ID \|\| '' }}
	ENVOY_CI_SYNC_APP_KEY: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_SYNC_APP_KEY \|\| '' }}
	ENVOY_CI_PUBLISH_APP_ID: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_PUBLISH_APP_ID \|\| '' }}
	ENVOY_CI_PUBLISH_APP_KEY: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_PUBLISH_APP_KEY \|\| '' }}
	permissions:
	contents: read
	packages: read
	if: ${{ fromJSON(needs.load.outputs.request).run.publish }}
	needs:
	- load
	- build
	uses: ./.github/workflows/_publish_publish.yml
	name: Publish
	with:
	request: ${{ needs.load.outputs.request }}
	trusted: ${{ fromJSON(needs.load.outputs.trusted) }}

	verify:
	permissions:
	contents: read
	packages: read
	if: ${{ fromJSON(needs.load.outputs.request).run.verify }}
	needs:
	- load
	- build
	uses: ./.github/workflows/_publish_verify.yml
	name: Verify
	with:
	request: ${{ needs.load.outputs.request }}
	trusted: ${{ fromJSON(needs.load.outputs.trusted) }}

	request:
	secrets:
	app-id: ${{ secrets.ENVOY_CI_APP_ID }}
	app-key: ${{ secrets.ENVOY_CI_APP_KEY }}
	permissions:
	actions: read
	contents: read
	pull-requests: read
	if: >-
	${{ always()
	&& (fromJSON(needs.load.outputs.request).run.publish
	\|\| fromJSON(needs.load.outputs.request).run.verify) }}
	needs:
	- load
	- build
	- publish
	- verify
	uses: ./.github/workflows/_finish.yml
	with:
	needs: ${{ toJSON(needs) }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Envoy/Publish & verify #4

Workflow file

Envoy/Publish & verify #4

Jobs

Run details

Workflow file for this run