diff --git a/.github/workflows/charm-release.yaml b/.github/workflows/charm-release.yaml index 9d9a965c..6e585fa2 100644 --- a/.github/workflows/charm-release.yaml +++ b/.github/workflows/charm-release.yaml @@ -64,6 +64,16 @@ on: default: false required: false type: boolean + terraform-tag-prefix: + description: "Tag prefix to use for the Terraform release tag." + default: 'tf-' + required: false + type: string + terraform-tag-suffix: + description: "Tag suffix to append to the Terraform release tag." + default: '' + required: false + type: string secrets: CHARMHUB_TOKEN: required: true @@ -233,3 +243,16 @@ jobs: fi done fi + + release-terraform: + name: Release the Terraform module + needs: + - release-charm + if: github.ref_name != 'main' && startsWith(github.ref_name, 'track/') + uses: ./.github/workflows/terraform-release.yaml + permissions: + contents: write + with: + terraform-tag-prefix: "${{ inputs.terraform-tag-prefix }}" + terraform-tag-suffix: "${{ inputs.terraform-tag-suffix }}" + terraform-path: "${{ inputs.charm-path }}/terraform" diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml new file mode 100644 index 00000000..3ff9fefc --- /dev/null +++ b/.github/workflows/terraform-release.yaml @@ -0,0 +1,82 @@ +name: Release Terraform module + +on: + workflow_call: + inputs: + terraform-tag-prefix: + description: "Tag prefix to use for the Terraform release tag." + default: 'tf-' + required: false + type: string + terraform-tag-suffix: + description: "Tag suffix to append to the Terraform release tag." + default: '' + required: false + type: string + terraform-path: + description: "Path to the terraform directory, relative to the repository root." + default: 'terraform' + required: false + type: string + +permissions: + contents: write + +jobs: + release: + name: Release the Terraform module + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Validate branch format + id: validate-branch + env: + GIT_BRANCH: ${{ github.ref_name }} + run: | + # Only allow tagging on branches matching track/. + if [[ "$GIT_BRANCH" =~ ^track/[0-9]+\.[0-9]+$ ]]; then + echo "valid=true" >> "$GITHUB_OUTPUT" + else + echo "Branch '$GIT_BRANCH' does not match track/. format. Skipping." + echo "valid=false" >> "$GITHUB_OUTPUT" + fi + - name: Check for terraform changes + if: steps.validate-branch.outputs.valid == 'true' + id: check-changes + env: + TERRAFORM_PATH: ${{ inputs.terraform-path }} + run: | + # Check if the push includes changes to the terraform directory + if git diff --name-only HEAD~1..HEAD | grep -q "^${TERRAFORM_PATH}/"; then + echo "changed=true" >> "$GITHUB_OUTPUT" + else + echo "changed=false" >> "$GITHUB_OUTPUT" + fi + - name: Create Terraform tag + if: steps.validate-branch.outputs.valid == 'true' && steps.check-changes.outputs.changed == 'true' + env: + TERRAFORM_PATH: ${{ inputs.terraform-path }} + TAG_PREFIX: ${{ inputs.terraform-tag-prefix }} + TAG_SUFFIX: ${{ inputs.terraform-tag-suffix }} + GIT_BRANCH: ${{ github.ref_name }} + run: | + # Extract semantic version from the track branch name + track_version="${GIT_BRANCH#track/}" + # Calculate patch version: number of commits touching terraform dir since diverging from main + git fetch origin main + merge_base=$(git merge-base HEAD origin/main) + patch=$(git rev-list --count "$merge_base"..HEAD -- "$TERRAFORM_PATH/") + # Build the tag + tag="${TAG_PREFIX}${track_version}.${patch}${TAG_SUFFIX}" + echo "Creating tag: $tag" + # Configure git with noctua bot identity + git config --global user.email "webops+observability-noctua-bot@canonical.com" + git config --global user.name "Noctua" + # Create and push the annotated tag + git log -1 --pretty=%B > tag-message + git tag --annotate "$tag" --file=tag-message + rm -f tag-message + git push origin "$tag"