Envoy/Publish & verify #10546

Workflow file for this run

.github/workflows/envoy-publish.yml at ec19828

	# This workflow is triggered by azp currently
	# Once arm/x64 build jobs are shifted to github, this can be triggered
	# by on: workflow_run
	name: Envoy/Publish & verify

	permissions:
	contents: read

	on:
	# This runs untrusted code, do not expose secrets in the verify job
	workflow_dispatch:
	inputs:
	ref:
	description: "Git SHA ref to checkout"
	sha:
	description: "Git SHA of commit HEAD (ie last commit of PR)"
	head_ref:
	description: "Ref for grouping PRs"

	concurrency:
	group: >-
	${{ github.actor != 'trigger-release-envoy[bot]'
	&& github.event.inputs.head_ref
	\|\| github.run_id
	}}-${{ github.event.workflow.id }}
	cancel-in-progress: true

	jobs:
	load:
	secrets:
	app-key: ${{ secrets.ENVOY_CI_APP_KEY }}
	app-id: ${{ secrets.ENVOY_CI_APP_ID }}
	lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }}
	lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }}
	permissions:
	actions: read
	contents: read
	packages: read
	pull-requests: read
	if: >-
	${{
	(github.repository == 'envoyproxy/envoy'
	\|\| vars.ENVOY_CI)
	&& (!contains(github.actor, '[bot]')
	\|\| github.actor == 'trigger-workflow-envoy[bot]'
	\|\| github.actor == 'trigger-release-envoy[bot]')
	}}
	uses: ./.github/workflows/_load.yml
	with:
	check-name: publish
	head-sha: ${{ inputs.sha }}

	publish:
	secrets:
	ENVOY_CI_SYNC_APP_ID: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_SYNC_APP_ID \|\| '' }}
	ENVOY_CI_SYNC_APP_KEY: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_SYNC_APP_KEY \|\| '' }}
	ENVOY_CI_PUBLISH_APP_ID: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_PUBLISH_APP_ID \|\| '' }}
	ENVOY_CI_PUBLISH_APP_KEY: ${{ fromJSON(needs.load.outputs.trusted) && secrets.ENVOY_CI_PUBLISH_APP_KEY \|\| '' }}
	permissions:
	contents: read
	packages: read
	if: ${{ fromJSON(needs.load.outputs.request).run.publish }}
	needs:
	- load
	uses: ./.github/workflows/_stage_publish.yml
	name: Publish
	with:
	request: ${{ needs.load.outputs.request }}
	trusted: ${{ fromJSON(needs.load.outputs.trusted) }}

	verify:
	permissions:
	contents: read
	packages: read
	if: ${{ fromJSON(needs.load.outputs.request).run.verify }}
	needs:
	- load
	uses: ./.github/workflows/_stage_verify.yml
	name: Verify
	with:
	request: ${{ needs.load.outputs.request }}
	trusted: ${{ fromJSON(needs.load.outputs.trusted) }}

	request:
	secrets:
	app-id: ${{ secrets.ENVOY_CI_APP_ID }}
	app-key: ${{ secrets.ENVOY_CI_APP_KEY }}
	permissions:
	actions: read
	contents: read
	pull-requests: read
	if: >-
	${{ always()
	&& (fromJSON(needs.load.outputs.request).run.publish
	\|\| fromJSON(needs.load.outputs.request).run.verify) }}
	needs:
	- load
	- publish
	- verify
	uses: ./.github/workflows/_finish.yml
	with:
	needs: ${{ toJSON(needs) }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Envoy/Publish & verify #10546

Workflow file

Envoy/Publish & verify #10546

Jobs

Run details

Workflow file for this run