-
Notifications
You must be signed in to change notification settings - Fork 4.3k
115 lines (100 loc) · 4.29 KB
/
plugin-update-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Plugin update check
run-name: ${{ inputs.repo }} update check
on:
workflow_dispatch:
inputs:
repo:
type: string
description: 'The owner and repository name as per the github.repository context property.'
required: true
plugin_branch:
type: string
description: 'The name of the plugin branch.'
required: true
jobs:
plugin-update-check:
runs-on: ubuntu-latest
env:
PLUGIN_REPO: "${{inputs.repo}}"
PLUGIN_BRANCH: "${{inputs.plugin_branch}}"
VAULT_BRANCH: "auto-plugin-update/${{inputs.repo}}/${{inputs.plugin_branch}}"
RUN_ID: "${{github.run_id}}"
steps:
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# We don't use the default token so that checks are executed on the resulting PR
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version
- name: update plugin
run: |
go get "github.com/$PLUGIN_REPO@$PLUGIN_BRANCH"
go mod tidy
- name: detect changes
id: changes
run: |
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
- name: commit/push
if: steps.changes.outputs.count > 0
run: |
git config user.name hc-github-team-secure-vault-ecosystem
git config user.email [email protected]
git add .
git commit -m "Automated dependency upgrades"
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
- name: Open pull request if needed
id: pr
if: steps.changes.outputs.count > 0
env:
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
# Only open a PR if the branch is not attached to an existing one
run: |
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
if [ -z "$PR" ]; then
gh pr create \
--head "$VAULT_BRANCH" \
--title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
--body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
else
echo "Pull request already exists, won't create a new one."
fi
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
- name: Add labels to Vault CI check PR
if: steps.changes.outputs.count > 0
env:
# this is a different token to the one we have been using that should
# allow us to add labels
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
continue-on-error: true
run: |
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
echo "error: no vault PR found"
exit 1
fi
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
--add-label "dependencies,pr/no-changelog,pr/no-milestone" \
--repo hashicorp/vault
- name: Comment on plugin PR
if: steps.changes.outputs.count > 0
env:
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
run: |
# get Plugin PR number
plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
if [ -z "$plugin_pr_num" ]; then
echo "error: no plugin PR found"
exit 1
fi
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
echo "error: no vault PR found"
exit 1
fi
# make a comment on the plugin repo's PR
gh pr comment "$plugin_pr_num" \
--body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
--repo "$PLUGIN_REPO"