This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tooling-actions.git
commit 995c85d097ce6f2b64e5d49c5d37407fbe5ff8d2 Author: Alastair McFarlane <[email protected]> AuthorDate: Tue Jan 27 10:08:35 2026 +0000 Update stg distribution to use tokens --- .github/workflows/distribute-maven-stg.yml | 61 +++++++++++++----------------- 1 file changed, 26 insertions(+), 35 deletions(-) diff --git a/.github/workflows/distribute-maven-stg.yml b/.github/workflows/distribute-maven-stg.yml index 718c5db..07a36eb 100644 --- a/.github/workflows/distribute-maven-stg.yml +++ b/.github/workflows/distribute-maven-stg.yml @@ -24,8 +24,8 @@ on: atr-id: description: 'Run ID (from ATR)' required: true - asf-uid: - description: 'Originating user ID' + atr-token: + description: 'ATR JWT Token' required: true project: description: 'Project in ATR to pull files from' @@ -157,15 +157,12 @@ jobs: *.apache.org) ;; *) echo "atr-host must match *.apache.org"; exit 1;; esac - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg key "$SSH_PUBLIC_KEY" \ - --arg uid "$INPUTS_ASF_UID" \ + jq -n --arg key "$SSH_PUBLIC_KEY" \ --arg phase "$INPUTS_PHASE" \ --arg project_name "$INPUTS_PROJECT" \ --arg version "$INPUTS_VERSION" \ - '{publisher:$publisher, jwt:$jwt, ssh_key:$key, asf_uid:$uid, project_name:$project_name, phase:$phase, version:$version}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{ssh_key:$key, project_name:$project_name, phase:$phase, version:$version}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/ssh/register"; env: JWT: ${{ steps.create-github-jwt.outputs.jwt }} @@ -173,24 +170,23 @@ jobs: INPUTS_PROJECT: ${{ inputs.project }} INPUTS_VERSION: ${{ inputs.version }} INPUTS_PHASE: ${{ inputs.phase }} - INPUTS_ASF_UID: ${{ inputs.asf-uid }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} - name: Report status back to ATR shell: bash run: | set -euxo pipefail - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg workflow "$WORKFLOW" \ + jq -n --arg workflow "$WORKFLOW" \ --arg run_id $RUN_ID \ --arg project_name "$INPUTS_PROJECT" \ - '{publisher:$publisher, jwt:$jwt, workflow:$workflow, run_id:$run_id, project_name:$project_name, status:"in-progress", message:"Compiling distribution"}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{workflow:$workflow, run_id:$run_id, project_name:$project_name, status:"in-progress", message:"Compiling distribution"}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/task/status"; env: JWT: ${{ steps.create-github-jwt.outputs.jwt }} RUN_ID: ${{ github.run_id }} INPUTS_PROJECT: ${{ inputs.project }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} - name: Download from ATR using rsync shell: bash @@ -289,18 +285,17 @@ jobs: shell: bash run: | set -euxo pipefail - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg workflow "$WORKFLOW" \ + jq -n --arg workflow "$WORKFLOW" \ --arg run_id $RUN_ID \ --arg project_name "$INPUTS_PROJECT" \ - '{publisher:$publisher, jwt:$jwt, workflow:$workflow, run_id:$run_id, project_name:$project_name, status:"in-progress", message:"Recording distribution"}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{workflow:$workflow, run_id:$run_id, project_name:$project_name, status:"in-progress", message:"Recording distribution"}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/task/status"; env: JWT: ${{ steps.create-github-jwt.outputs.jwt }} RUN_ID: ${{ github.run_id }} INPUTS_PROJECT: ${{ inputs.project }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} - name: Record distribution on ATR shell: bash @@ -308,10 +303,7 @@ jobs: set -euxo pipefail DETAILS_JSON=false [ "${INPUTS_DETAILS}" = "true" ] && DETAILS_JSON=true - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg uid "$INPUTS_ASF_UID" \ - --arg project "$INPUTS_PROJECT" \ + jq -n --arg project "$INPUTS_PROJECT" \ --arg version "$INPUTS_VERSION" \ --arg phase "$INPUTS_PHASE" \ --arg platform "MAVEN" \ @@ -319,8 +311,8 @@ jobs: --arg distribution_package "$INPUTS_DISTRIBUTION_PACKAGE" \ --arg distribution_version "$INPUTS_DISTRIBUTION_VERSION" \ --argjson details "$DETAILS_JSON" \ - '{publisher:$publisher, jwt:$jwt, asf_uid:$uid, project:$project, version:$version, phase:$phase, platform:$platform, distribution_owner_namespace:$distribution_owner_namespace, distribution_package:$distribution_package, distribution_version:$distribution_version, staging:true, details:$details}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{project:$project, version:$version, phase:$phase, platform:$platform, distribution_owner_namespace:$distribution_owner_namespace, distribution_package:$distribution_package, distribution_version:$distribution_version, staging:true, details:$details}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/record_from_workflow"; env: INPUTS_PROJECT: ${{ inputs.project }} @@ -332,27 +324,27 @@ jobs: INPUTS_DISTRIBUTION_VERSION: ${{ inputs.distribution-version }} INPUTS_DETAILS: "false" JWT: ${{ steps.create-github-jwt.outputs.jwt }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} - name: Report status back to ATR shell: bash if: failure() run: | set -euxo pipefail - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg workflow "$WORKFLOW" \ + jq -n --arg workflow "$WORKFLOW" \ --arg run_id $RUN_ID \ --arg project_name "$INPUTS_PROJECT" \ --arg err "$([ -f .err ] && [ -s .err ] && echo "Build failed: $(cat .err)" || echo "")" \ --arg status "failed" \ - '{publisher:$publisher, jwt:$jwt, workflow:$workflow, run_id:$run_id, project_name:$project_name, status:$status, message:$err}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{workflow:$workflow, run_id:$run_id, project_name:$project_name, status:$status, message:$err}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/task/status"; env: JWT: ${{ steps.create-github-jwt.outputs.jwt }} RUN_ID: ${{ github.run_id }} STATUS: ${{ job.status }} INPUTS_PROJECT: ${{ inputs.project }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} - name: Report status back to ATR @@ -360,17 +352,16 @@ jobs: if: success() run: | set -euxo pipefail - jq -n --arg publisher github \ - --arg jwt "$JWT" \ - --arg workflow "$WORKFLOW" \ + jq -n --arg workflow "$WORKFLOW" \ --arg run_id $RUN_ID \ --arg project_name "$INPUTS_PROJECT" \ --arg status "success" \ - '{publisher:$publisher, jwt:$jwt, workflow:$workflow, run_id:$run_id, project_name:$project_name, status:$status, message:"GitHub workflow succeeded"}' | - curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -d @- \ + '{workflow:$workflow, run_id:$run_id, project_name:$project_name, status:$status, message:"GitHub workflow succeeded"}' | + curl -sS --fail-with-body -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer $JWT' -H 'ATR-Auth: $INPUTS_ATR_TOKEN' -d @- \ "https://${ATR_HOST}/api/distribute/task/status"; env: JWT: ${{ steps.create-github-jwt.outputs.jwt }} RUN_ID: ${{ github.run_id }} STATUS: ${{ job.status }} INPUTS_PROJECT: ${{ inputs.project }} + INPUTS_ATR_TOKEN: ${{ inputs.atr-token }} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
