mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
76 lines
2.9 KiB
YAML
76 lines
2.9 KiB
YAML
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: string
|
|
description: the plugin repo that is updated (ex. vault-plugin-database-snowflake) - github.com/hashicorp will be prepended
|
|
required: true
|
|
sha:
|
|
type: string
|
|
description: the hash of the plugin repo commit to use
|
|
required: true
|
|
|
|
jobs:
|
|
plugin-update-check:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# In the case of a curl call, the input json will look like:
|
|
# e.g.,
|
|
# {
|
|
# "ref": "some-branch",
|
|
# "inputs": {
|
|
# "sha":"abcdef",
|
|
# "repo":"vault-plugin-database-snowflake"
|
|
# }
|
|
# }
|
|
COMMIT_SHA: "${{inputs.sha}}"
|
|
REPO_NAME: "${{inputs.repo}}"
|
|
BRANCH_NAME: "plugin-update-${{inputs.repo}}-${{inputs.sha}}"
|
|
steps:
|
|
- run: echo "would use $COMMIT_SHA of $REPO_NAME"
|
|
# checkout
|
|
- uses: actions/checkout@v3 # should be a sha, but eh
|
|
with:
|
|
# We don't use the default token so that checks are executed on the resulting PR
|
|
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
# activate go
|
|
- uses: actions/setup-go@v4
|
|
- name: update plugin
|
|
run: |
|
|
go get "github.com/hashicorp/$REPO_NAME@$COMMIT_SHA"
|
|
go mod tidy
|
|
- name: detect changes
|
|
id: changes
|
|
run: |
|
|
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
|
|
- name: commit/push
|
|
if: steps.changes.outputs.count > 0
|
|
run: |
|
|
git config user.name hc-github-team-secure-vault-ecosystem
|
|
git config user.email hc-github-team-secure-vault-ecosystem@users.noreply.github.com
|
|
git add .
|
|
git commit -m "Automated dependency upgrades"
|
|
git push -f origin ${{ github.ref_name }}:"$BRANCH_NAME"
|
|
- name: Open pull request if needed
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
# Only open a PR if the branch is not attached to an existing one
|
|
run: |
|
|
PR=$(gh pr list --head "$BRANCH_NAME" --json number -q '.[0].number')
|
|
# currently unable to set team as reviewer in GHA
|
|
# see https://github.com/cli/cli/issues/6395
|
|
reviewers="fairclothjm,kpcraig"
|
|
if [ -z "$PR" ]; then
|
|
gh pr create \
|
|
--head "$BRANCH_NAME" \
|
|
--title "Automated plugin update check" \
|
|
--reviewer "$reviewers" \
|
|
--label "dependencies" \
|
|
--body "Updates $REPO_NAME to verify vault CI
|
|
Full log: https://github.com/hashicorp/vault/actions/runs/${{github.run_id}}"
|
|
else
|
|
echo "Pull request already exists, won't create a new one."
|
|
exit 1
|
|
fi
|