mirror of
https://github.com/hashicorp/vault.git
synced 2026-03-23 10:56:09 -04:00
3d420fec98
Bump our action version pins to the latest versions. - actions/checkout v6.0.1 => v6.0.2 Tag handling improvements - actions/download-artifact v7.0.0 => v8.0.0 Supports automatic detection of unzipping based on Content-Type Enforces digest checking Uses ES modules - actions/setup-go v6.2.0 => v6.3.0 Uses go.mod for default module caching (which we don't use) Fixes to download URL - actions/upload-artifact v6.0.0 => v7.0.0 Supports disabling automatic archiving Uses ES modules - aws-actions/configure-aws-credentials v5.1.1 => v6.0.0 Uses Node 24 - browser-actions/setup-chrome v2.1.0 => v2.1.1 Bug fix for Node runtime version - docker/build-push-action v6.18.0 => v6.19.2 Internal dep updates and auth support for different Github servers. - hashicorp/setup-terraform v3.1.2 => v4.0.0 Uses Node 24 Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
115 lines
4.4 KiB
YAML
115 lines
4.4 KiB
YAML
name: Plugin update check
|
|
run-name: ${{ inputs.repo }} update check
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: string
|
|
description: 'The owner and repository name as per the github.repository context property.'
|
|
required: true
|
|
plugin_branch:
|
|
type: string
|
|
description: 'The name of the plugin branch.'
|
|
required: true
|
|
|
|
jobs:
|
|
plugin-update-check:
|
|
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
|
|
env:
|
|
PLUGIN_REPO: "${{inputs.repo}}"
|
|
PLUGIN_BRANCH: "${{inputs.plugin_branch}}"
|
|
VAULT_BRANCH: "auto-plugin-update/${{inputs.repo}}/${{inputs.plugin_branch}}"
|
|
RUN_ID: "${{github.run_id}}"
|
|
steps:
|
|
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
# We don't use the default token so that checks are executed on the resulting PR
|
|
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
|
|
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
|
with:
|
|
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
|
|
go-version-file: .go-version
|
|
|
|
- name: update plugin
|
|
run: |
|
|
go get "github.com/$PLUGIN_REPO@$PLUGIN_BRANCH"
|
|
go mod tidy
|
|
|
|
- name: detect changes
|
|
id: changes
|
|
run: |
|
|
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: commit/push
|
|
if: steps.changes.outputs.count > 0
|
|
run: |
|
|
git config user.name hc-github-team-secure-vault-ecosystem
|
|
git config user.email hc-github-team-secure-vault-ecosystem@users.noreply.github.com
|
|
git add .
|
|
git commit -m "Automated dependency upgrades"
|
|
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
|
|
|
|
- name: Open pull request if needed
|
|
id: pr
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
# Only open a PR if the branch is not attached to an existing one
|
|
run: |
|
|
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
|
|
|
|
if [ -z "$PR" ]; then
|
|
gh pr create \
|
|
--head "$VAULT_BRANCH" \
|
|
--title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
|
|
--body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
|
|
else
|
|
echo "Pull request already exists, won't create a new one."
|
|
fi
|
|
|
|
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
|
|
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Add labels to Vault CI check PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
# this is a different token to the one we have been using that should
|
|
# allow us to add labels
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
continue-on-error: true
|
|
run: |
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
|
|
--add-label "dependencies,pr/no-changelog,pr/no-milestone" \
|
|
--repo hashicorp/vault
|
|
|
|
- name: Comment on plugin PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
run: |
|
|
# get Plugin PR number
|
|
plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
|
|
|
|
if [ -z "$plugin_pr_num" ]; then
|
|
echo "error: no plugin PR found"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
# make a comment on the plugin repo's PR
|
|
gh pr comment "$plugin_pr_num" \
|
|
--body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
|
|
--repo "$PLUGIN_REPO"
|