Publish to staging with a custom publish composite job

Change-type: patch
2025-04-09 12:21:17 +00:00 · 2022-09-22 16:00:45 +01:00 · 2022-09-22 16:00:45 +01:00 · 29ae778e39
commit 29ae778e39
parent ac1fa4d491
2 changed files with 29 additions and 42 deletions
--- a/.github/actions/publish/action.yml
+++ b/.github/actions/publish/action.yml
@ -0,0 +1,22 @@
+# https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
+name: "Publish to staging"
+description: "Custom publish step to publish to balena staging"
+# these inputs are always provided by flowzone, so they must always be defined on the composite action
+inputs:
+  json:
+    description: "JSON stringified object containing all the inputs from the calling workflow"
+    required: true
+  secrets:
+    description: "JSON stringified object containing all the secrets from the calling workflow"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: balena-io/deploy-to-balena-action@v0.13.0
+      with:
+        balena_token: ${{ fromJSON(inputs.secrets).CUSTOM_JOB_SECRET_1 }}
+        fleet: ${{ env.matrix_value }}
+        environment: balena-staging.com
+        versionbot: false # ignore versionbot branch since the flowzone source is already versioned
+        source: .
--- a/.github/workflows/flowzone.yml
+++ b/.github/workflows/flowzone.yml
@ -16,6 +16,7 @@ jobs:
      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
      BALENA_API_KEY: ${{ secrets.BALENA_TOKEN }}
+      CUSTOM_JOB_SECRET_1: ${{ secrets.BALENA_STAGING_TOKEN }}
    with:
      balena_slugs: |
        balena_os/aarch64-supervisor,
@ -23,45 +24,9 @@ jobs:
        balena_os/armv7hf-supervisor,
        balena_os/i386-supervisor,
        balena_os/rpi-supervisor
-
-  staging:
-    name: Publish to balena-staging
-    runs-on: ubuntu-latest
-    needs: flowzone
-    strategy:
-      fail-fast: true
-      matrix:
-        slug:
-          [
-            balena_os/aarch64-supervisor,
-            balena_os/amd64-supervisor,
-            balena_os/armv7hf-supervisor,
-            balena_os/i386-supervisor,
-            balena_os/rpi-supervisor
-          ]
-
-    defaults:
-      run:
-        working-directory: .
-        shell: bash --noprofile --norc -eo pipefail -x {0}
-
-    steps:
-      - name: Download source artifact
-        uses: actions/download-artifact@v3
-        with:
-          # IMPORTANT: this is relying on an undocumented flowzone
-          # interface. If flowzone ever changes their artifact names
-          # this will break
-          name: source-${{ github.event.pull_request.head.sha }}
-
-      - name: Extract source artifact
-        working-directory: .
-        run: tar -xvf source.tar
-
-      - uses: balena-io/deploy-to-balena-action@v0.13.0
-        with:
-          balena_token: ${{ secrets.BALENA_STAGING_TOKEN }}
-          fleet: ${{ matrix.slug }}
-          environment: balena-staging.com
-          versionbot: false # ignore versionbot branch since the flowzone source is already versioned
-          source: .
+      custom_publish_matrix:
+        balena_os/aarch64-supervisor,
+        balena_os/amd64-supervisor,
+        balena_os/armv7hf-supervisor,
+        balena_os/i386-supervisor,
+        balena_os/rpi-supervisor