-
Notifications
You must be signed in to change notification settings - Fork 0
215 lines (198 loc) · 8.49 KB
/
update-stores.yml
File metadata and controls
215 lines (198 loc) · 8.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: Create Cert Store Update Pull Request
on:
repository_dispatch:
types: targetRepo-event
workflow_dispatch:
inputs:
targetRepo:
description: 'Target repository for workflow_dispatch'
default: 'all'
targetRef:
description: 'Target ref for workflow_dispatch'
default: 'latest'
jobs:
create_pull_request:
runs-on: ubuntu-latest
steps:
- name: Set TARGET_REPO_BRANCH from workflow_dispatch input
if: github.event_name == 'workflow_dispatch'
id: set-local-env-vars
run: |
echo "TARGET_REPO_BRANCH=${{ inputs.targetRef }}" | tee -a $GITHUB_ENV
echo "KFUTIL_ARG=${{ inputs.targetRepo }}" | tee -a $GITHUB_ENV
- name: Set TARGET_REPO_BRANCH from repository_dispatch input
if: github.event_name == 'repository_dispatch'
id: set-env-vars-from-payload
run: |
echo "TARGET_REPO_BRANCH=${{ github.event.client_payload.targetRef }}" | tee -a $GITHUB_ENV
echo "KFUTIL_ARG=${{ github.event.client_payload.targetRepo }}" | tee -a $GITHUB_ENV
- name: Set Branch Name based on targetRef
id: set-branch-name
run: |
if [ "${{ env.TARGET_REPO_BRANCH }}" == "main" ]; then
echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}_${{ env.TARGET_REPO_BRANCH }}" | tee -a $GITHUB_ENV
else
echo "BRANCH_NAME=${{ env.KFUTIL_ARG }}" | tee -a $GITHUB_ENV
fi
- name: Check Open PRs for Existing Branch
id: check-branch
uses: actions/github-script@v8
with:
script: |
// Look for open pull requests
const owner = context.repo.owner;
const repo = context.repo.repo;
const pulls = await github.rest.pulls.list({
owner,
repo,
state: "open"
});
// Filter out ones matching our branch naming convention
const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.BRANCH_NAME }}');
const isBranch = (filteredData.length > 0)
if (isBranch) {
const {
head: { ref: incomingBranch }, base: { ref: baseBranch }
} = pulls.data[0]
core.setOutput('PR_BRANCH', 'commit'); // Just commit since the branch exists
console.log(`incomingBranch: ${incomingBranch}`)
console.log(`baseBranch: ${baseBranch}`)
} else {
core.setOutput('PR_BRANCH', 'create') // No branch, create one
}
console.log(`Branch exists? ${filteredData.length > 0}`)
console.log(`Branch name: ${{env.BRANCH_NAME}}`)
- name: set env.PR_BRANCH value for jobs
run: |
echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV
# If the branch with an open PR already exists, first check out that branch from kfutil
- name: Check out existing repo merge branch
if: env.PR_BRANCH == 'commit'
uses: actions/checkout@v4
with:
repository: 'keyfactor/kfutil'
sparse-checkout: |
.github
cmd
path: './merge-folder/'
token: ${{ secrets.V2BUILDTOKEN }}
ref: '${{env.BRANCH_NAME}}'
# If the branch does not exist, first check out the main branch from kfutil.
- name: Check out main
if: env.PR_BRANCH == 'create'
uses: actions/checkout@v4
with:
repository: 'keyfactor/kfutil'
sparse-checkout: |
.github
cmd
path: './merge-folder/'
token: ${{ secrets.V2BUILDTOKEN }}
# Save a copy of the original json
- name: Save original store_types.json
run: |
echo "Saving original store_types.json as store_types.sav.json"
cp ./merge-folder/store_types.json ./merge-folder/store_types.sav.json
# Checkout and run the python tool
- name: Check out python merge tool repo
uses: actions/checkout@v4
with:
repository: 'keyfactor/integration-tools'
path: './tools/'
token: ${{ secrets.V2BUILDTOKEN }}
- name: Run Python Script
working-directory: ./tools/store-type-merge
run: |
python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }}
env:
GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }}
- name: Save Store Types JSON Artifact
if: success()
uses: actions/upload-artifact@v4
with:
name: store-types
path: |
./tools/store-type-merge/store_types.json
./merge-folder/store_types.sav.json
- name: Save Invalid Store Types JSON Artifact
if: success()
uses: actions/upload-artifact@v4
with:
name: invalid-repos
path: ./tools/store-type-merge/invalid_repos.json
- name: Save logs directory
if: success()
uses: actions/upload-artifact@v4
with:
name: logs
path: ./tools/store-type-merge/log
# Copy the result to the pr commit folder
- name: Copy store-type-merge results
run: |
echo "Saving original store_types.json as store_types.sav.json"
cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json
mkdir -p ./merge-folder/cmd || true
cp -f ./tools/store-type-merge/store_types.json ./merge-folder/cmd/store_types.json # this necessary?
ls -la ./merge-folder/
ls -la ./merge-folder/cmd/
# Diff the new json against the saved copy and set an UPDATE_FILE variable
- name: Diff the results
run: |
echo "Diff the results"
echo "Set UPDATE_FILE=1 if differences"
if cmp -s ./merge-folder/store_types.json ./merge-folder/store_types.sav.json ;
then echo "UPDATE_FILE=F" | tee -a $GITHUB_ENV;
else echo "UPDATE_FILE=T" | tee -a $GITHUB_ENV;
fi
diff ./merge-folder/store_types.json ./merge-folder/store_types.sav.json || true
# There are two different steps with a condition to check the PR_BRANCH env var
# Both steps will contain a check for the UPDATE_FILE variable before running
- name: Add and Commit to newly created branch
if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create' }}
uses: Keyfactor/add-and-commit@v9.1.3
env:
GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
with:
add: |
store_types.json
./cmd/store_types.json --force
message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}
author_name: Keyfactor
author_email: keyfactor@keyfactor.github.io
cwd: './merge-folder/'
new_branch: ${{env.BRANCH_NAME}}
- name: Add and Commit to existing branch
if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }}
uses: Keyfactor/add-and-commit@v9.1.3
env:
GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
with:
add: |
store_types.json
./cmd/store_types.json --force
message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}
author_name: Keyfactor
author_email: keyfactor@keyfactor.github.io
cwd: './merge-folder/'
- name: Create new PR for the newly created branch
if: env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create'
uses: actions/github-script@v8
with:
script: |
console.log(`Created ${{env.BRANCH_NAME}} `)
console.log("Commit to ${{env.BRANCH_NAME}} for PR")
const owner = context.repo.owner;
const repo = context.repo.repo;
const baseBranch = context.payload.ref ?
context.payload.ref.replace('refs/heads/', '') : 'main';
console.log(`Base branch for PR: ${baseBranch}`);
const newBranch = '${{env.BRANCH_NAME}}';
const response = await github.rest.pulls.create({
owner,
repo,
title: 'New Pull Request - ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}',
head: newBranch,
base: baseBranch,
body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.',
});
console.log(`Pull request created: ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} : ${response.data.html_url}`);