.github/workflows/repo-sync.yml #12477
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note this is almost fully copied from | |
# https://github.com/github/docs/blob/main/.github/workflows/repo-sync.yml | |
# with the exception of a few modifications. | |
on: | |
schedule: | |
- cron: "0 */2 * * *" # https://crontab.guru/every-2-hours | |
workflow_dispatch: | |
jobs: | |
repo-sync: | |
# disallow scheduled runs for public repo | |
if: ${{ !(github.event_name == 'schedule' && github.repository == 'hashicorp/terraform-docs-common') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
with: | |
persist-credentials: false | |
- name: repo-sync | |
uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88 # v2.3.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
with: | |
source_repo: ${{ secrets.SOURCE_REPO }} # https://${access_token}@github.com/github/the-other-repo.git | |
source_branch: main | |
destination_branch: repo-sync | |
github_token: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
- name: Create pull request | |
uses: repo-sync/pull-request@7e79a9f5dc3ad0ce53138f01df2fad14a04831c5 # v2.12.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
with: | |
source_branch: repo-sync | |
destination_branch: main | |
pr_title: "repo sync" | |
pr_body: | | |
This is an automated pull request to sync changes between the public and private repos. | |
This pull request should be **merged** (not squashed) to preserve continuity across repos. | |
Please take care when merging | |
pr_label: automated-reposync-pr | |
github_token: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
# This will exit 0 if there's no difference between `repo-sync` | |
# and `main`. And if so, no PR will be created. | |
pr_allow_empty: false | |
- name: Find pull request | |
uses: juliangruber/find-pull-request-action@3a4c7c62101755c3778d397dcb6a760a558992f1 # v1.8.0 | |
id: find-pull-request | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
branch: repo-sync | |
base: main | |
author: hashibot-web | |
state: open | |
# Ensure the PR is up-to-date with main | |
- name: Update branch | |
if: ${{ steps.find-pull-request.outputs.number }} | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
github-token: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
script: | | |
const mainHeadSha = await github.rest.git.getRef({ | |
...context.repo, | |
ref: 'heads/main' | |
}) | |
console.log(`heads/main sha: ${mainHeadSha.data.object.sha}`) | |
const pull = await github.rest.pulls.get({ | |
...context.repo, | |
pull_number: parseInt(${{ steps.find-pull-request.outputs.number }}) | |
}) | |
console.log(`Pull request base sha: ${pull.data.base.sha}`) | |
if (mainHeadSha.data.object.sha !== pull.data.base.sha || pull.data.mergeable_state === 'behind') { | |
try { | |
const updateBranch = await github.rest.pulls.updateBranch({ | |
...context.repo, | |
pull_number: parseInt(${{ steps.find-pull-request.outputs.number }}) | |
}) | |
console.log(updateBranch.data.message) | |
} catch (error) { | |
// When the head branch is modified an error with status 422 is thrown | |
// We should retry one more time to update the branch | |
if (error.status === 422) { | |
try { | |
const updateBranch = await github.rest.pulls.updateBranch({ | |
...context.repo, | |
pull_number: parseInt(${{ steps.find-pull-request.outputs.number }}) | |
}) | |
console.log(updateBranch.data.message) | |
} catch (error) { | |
// Only retry once. We'll rely on the update branch workflow to update | |
// this PR in the case of a second failure. | |
console.log(`Retried updating the branch, but an error occurred: ${error}`) | |
} | |
} else { | |
// A failed branch update shouldn't fail this workflow. | |
console.log(`An error occurred when updating the branch: ${error}`) | |
} | |
} | |
} else { | |
console.log(`Branch is already up-to-date`) | |
} | |
- name: Check pull request file count after updating | |
if: ${{ steps.find-pull-request.outputs.number }} | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
id: pr-files | |
env: | |
PR_NUMBER: ${{ steps.find-pull-request.outputs.number }} | |
with: | |
github-token: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
result-encoding: string | |
script: | | |
const { data: prFiles } = await github.rest.pulls.listFiles({ | |
...context.repo, | |
pull_number: process.env.PR_NUMBER, | |
}) | |
core.setOutput('count', (prFiles && prFiles.length || 0).toString()) | |
# Sometimes after updating the branch, there aren't any remaining files changed. | |
# If not, we should close the PR instead of merging it and triggering deployments. | |
- name: Close the pull request if no files remain | |
if: ${{ steps.find-pull-request.outputs.number && steps.pr-files.outputs.count == '0' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
run: | | |
gh pr close ${{ steps.find-pull-request.outputs.number }} --repo $GITHUB_REPOSITORY | |
# DANGER: ONLY AUTO MERGE INTERNAL PRs | |
- name: Admin merge the pull request | |
if: ${{ steps.find-pull-request.outputs.number && steps.pr-files.outputs.count != '0' && github.repository == 'hashicorp/terraform-docs-common-internal' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT_WITH_REPO_AND_WORKFLOW_SCOPE }} | |
PR_NUMBER: ${{ steps.find-pull-request.outputs.number }} | |
run: | | |
gh pr merge $PR_NUMBER --admin --merge |