This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-actions.git
The following commit(s) were added to refs/heads/main by this push:
new 995c85d Update stg distribution to use tokens
995c85d is described below
commit 995c85d097ce6f2b64e5d49c5d37407fbe5ff8d2
Author: Alastair McFarlane <[email protected]>
AuthorDate: Tue Jan 27 10:08:35 2026 +0000
Update stg distribution to use tokens
---
.github/workflows/distribute-maven-stg.yml | 61 +++++++++++++-----------------
1 file changed, 26 insertions(+), 35 deletions(-)
diff --git a/.github/workflows/distribute-maven-stg.yml
b/.github/workflows/distribute-maven-stg.yml
index 718c5db..07a36eb 100644
--- a/.github/workflows/distribute-maven-stg.yml
+++ b/.github/workflows/distribute-maven-stg.yml
@@ -24,8 +24,8 @@ on:
atr-id:
description: 'Run ID (from ATR)'
required: true
- asf-uid:
- description: 'Originating user ID'
+ atr-token:
+ description: 'ATR JWT Token'
required: true
project:
description: 'Project in ATR to pull files from'
@@ -157,15 +157,12 @@ jobs:
*.apache.org) ;;
*) echo "atr-host must match *.apache.org"; exit 1;;
esac
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg key "$SSH_PUBLIC_KEY" \
- --arg uid "$INPUTS_ASF_UID" \
+ jq -n --arg key "$SSH_PUBLIC_KEY" \
--arg phase "$INPUTS_PHASE" \
--arg project_name "$INPUTS_PROJECT" \
--arg version "$INPUTS_VERSION" \
- '{publisher:$publisher, jwt:$jwt, ssh_key:$key, asf_uid:$uid,
project_name:$project_name, phase:$phase, version:$version}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{ssh_key:$key, project_name:$project_name, phase:$phase,
version:$version}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/ssh/register";
env:
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
@@ -173,24 +170,23 @@ jobs:
INPUTS_PROJECT: ${{ inputs.project }}
INPUTS_VERSION: ${{ inputs.version }}
INPUTS_PHASE: ${{ inputs.phase }}
- INPUTS_ASF_UID: ${{ inputs.asf-uid }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
- name: Report status back to ATR
shell: bash
run: |
set -euxo pipefail
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg workflow "$WORKFLOW" \
+ jq -n --arg workflow "$WORKFLOW" \
--arg run_id $RUN_ID \
--arg project_name "$INPUTS_PROJECT" \
- '{publisher:$publisher, jwt:$jwt, workflow:$workflow,
run_id:$run_id, project_name:$project_name, status:"in-progress",
message:"Compiling distribution"}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{workflow:$workflow, run_id:$run_id,
project_name:$project_name, status:"in-progress", message:"Compiling
distribution"}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/task/status";
env:
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
RUN_ID: ${{ github.run_id }}
INPUTS_PROJECT: ${{ inputs.project }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
- name: Download from ATR using rsync
shell: bash
@@ -289,18 +285,17 @@ jobs:
shell: bash
run: |
set -euxo pipefail
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg workflow "$WORKFLOW" \
+ jq -n --arg workflow "$WORKFLOW" \
--arg run_id $RUN_ID \
--arg project_name "$INPUTS_PROJECT" \
- '{publisher:$publisher, jwt:$jwt, workflow:$workflow,
run_id:$run_id, project_name:$project_name, status:"in-progress",
message:"Recording distribution"}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{workflow:$workflow, run_id:$run_id,
project_name:$project_name, status:"in-progress", message:"Recording
distribution"}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/task/status";
env:
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
RUN_ID: ${{ github.run_id }}
INPUTS_PROJECT: ${{ inputs.project }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
- name: Record distribution on ATR
shell: bash
@@ -308,10 +303,7 @@ jobs:
set -euxo pipefail
DETAILS_JSON=false
[ "${INPUTS_DETAILS}" = "true" ] && DETAILS_JSON=true
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg uid "$INPUTS_ASF_UID" \
- --arg project "$INPUTS_PROJECT" \
+ jq -n --arg project "$INPUTS_PROJECT" \
--arg version "$INPUTS_VERSION" \
--arg phase "$INPUTS_PHASE" \
--arg platform "MAVEN" \
@@ -319,8 +311,8 @@ jobs:
--arg distribution_package "$INPUTS_DISTRIBUTION_PACKAGE" \
--arg distribution_version "$INPUTS_DISTRIBUTION_VERSION" \
--argjson details "$DETAILS_JSON" \
- '{publisher:$publisher, jwt:$jwt, asf_uid:$uid,
project:$project, version:$version, phase:$phase, platform:$platform,
distribution_owner_namespace:$distribution_owner_namespace,
distribution_package:$distribution_package,
distribution_version:$distribution_version, staging:true, details:$details}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{project:$project, version:$version, phase:$phase,
platform:$platform, distribution_owner_namespace:$distribution_owner_namespace,
distribution_package:$distribution_package,
distribution_version:$distribution_version, staging:true, details:$details}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/record_from_workflow";
env:
INPUTS_PROJECT: ${{ inputs.project }}
@@ -332,27 +324,27 @@ jobs:
INPUTS_DISTRIBUTION_VERSION: ${{ inputs.distribution-version }}
INPUTS_DETAILS: "false"
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
- name: Report status back to ATR
shell: bash
if: failure()
run: |
set -euxo pipefail
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg workflow "$WORKFLOW" \
+ jq -n --arg workflow "$WORKFLOW" \
--arg run_id $RUN_ID \
--arg project_name "$INPUTS_PROJECT" \
--arg err "$([ -f .err ] && [ -s .err ] && echo "Build failed:
$(cat .err)" || echo "")" \
--arg status "failed" \
- '{publisher:$publisher, jwt:$jwt, workflow:$workflow,
run_id:$run_id, project_name:$project_name, status:$status, message:$err}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{workflow:$workflow, run_id:$run_id,
project_name:$project_name, status:$status, message:$err}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/task/status";
env:
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
RUN_ID: ${{ github.run_id }}
STATUS: ${{ job.status }}
INPUTS_PROJECT: ${{ inputs.project }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
- name: Report status back to ATR
@@ -360,17 +352,16 @@ jobs:
if: success()
run: |
set -euxo pipefail
- jq -n --arg publisher github \
- --arg jwt "$JWT" \
- --arg workflow "$WORKFLOW" \
+ jq -n --arg workflow "$WORKFLOW" \
--arg run_id $RUN_ID \
--arg project_name "$INPUTS_PROJECT" \
--arg status "success" \
- '{publisher:$publisher, jwt:$jwt, workflow:$workflow,
run_id:$run_id, project_name:$project_name, status:$status, message:"GitHub
workflow succeeded"}' |
- curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -d @- \
+ '{workflow:$workflow, run_id:$run_id,
project_name:$project_name, status:$status, message:"GitHub workflow
succeeded"}' |
+ curl -sS --fail-with-body -X POST -H 'Content-Type:
application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth:
$INPUTS_ATR_TOKEN' -d @- \
"https://${ATR_HOST}/api/distribute/task/status";
env:
JWT: ${{ steps.create-github-jwt.outputs.jwt }}
RUN_ID: ${{ github.run_id }}
STATUS: ${{ job.status }}
INPUTS_PROJECT: ${{ inputs.project }}
+ INPUTS_ATR_TOKEN: ${{ inputs.atr-token }}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
