-
Notifications
You must be signed in to change notification settings - Fork 4.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gh action: add plugin update job (#22071)
* gh action: add plugin update job * remove check from name * git push changelog * make actionlint happy
- Loading branch information
1 parent
efa76db
commit 0c1e0b2
Showing
1 changed file
with
117 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
name: Plugin update | ||
run-name: Update ${{ inputs.repo }} by @${{ github.actor }} | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
repo: | ||
type: string | ||
description: 'The owner and repository name as per the github.repository context property.' | ||
required: true | ||
plugin_tag: | ||
type: string | ||
description: 'The name of the plugin tag.' | ||
required: true | ||
|
||
jobs: | ||
plugin-update: | ||
runs-on: ubuntu-latest | ||
env: | ||
VAULT_BRANCH: "update/${{ inputs.repo }}/${{ inputs.plugin_tag }}" | ||
steps: | ||
- run: echo "Branch ${{ inputs.plugin_tag }} of ${{ inputs.repo }}" | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
with: | ||
# We don't use the default token so that checks are executed on the resulting PR | ||
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow | ||
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | ||
|
||
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | ||
with: | ||
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 | ||
go-version-file: .go-version | ||
|
||
- name: update plugin | ||
run: | | ||
go get "github.com/${{ inputs.repo }}@${{ inputs.plugin_tag }}" | ||
go mod tidy | ||
- name: detect changes | ||
run: | | ||
count=$(git status --porcelain=v1 2>/dev/null | wc -l) | ||
if [ "$count" -eq 0 ]; then | ||
echo "error: no updates were made for repo ${{ inputs.repo }} with tag ${{ inputs.plugin_tag }}" | ||
exit 1 | ||
fi | ||
- name: commit/push | ||
run: | | ||
git config user.name hc-github-team-secure-vault-ecosystem | ||
git config user.email [email protected] | ||
git add . | ||
git commit -m "Automated dependency upgrades" | ||
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH" | ||
- name: Open pull request if needed | ||
id: pr | ||
env: | ||
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}} | ||
# Only open a PR if the branch is not attached to an existing one | ||
run: | | ||
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number') | ||
if [ -z "$PR" ]; then | ||
gh pr create \ | ||
--head "$VAULT_BRANCH" \ | ||
--title "Update ${{ inputs.repo }} to ${{ inputs.plugin_tag }}" \ | ||
--body "Updates ${{ inputs.repo }} to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/${{ github.run_id }}" | ||
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT" | ||
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "Pull request already exists, won't create a new one." | ||
fi | ||
- name: Add changelog | ||
continue-on-error: true | ||
run: | | ||
if [ -z "$vault_pr_num" ]; then | ||
echo "error: no vault PR found" | ||
exit 1 | ||
fi | ||
# strip "hashicorp/" from repo name | ||
PLUGIN=$(echo ${{ inputs.repo }} | awk -F/ '{print $NF}') | ||
echo "plugin: $PLUGIN" | ||
# plugin type is one of auth/secrets/database | ||
PLUGIN_TYPE=$(echo "$PLUGIN" | awk -F- '{print $3}') | ||
echo "plugin type: $PLUGIN_TYPE" | ||
# plugin service is the last element in the repo name | ||
PLUGIN_SERVICE=$(echo "$PLUGIN" | awk -F- '{print $4}') | ||
echo "plugin service: $PLUGIN_SERVICE" | ||
echo "\`\`\`release-note:change | ||
${PLUGIN_TYPE}/${PLUGIN_SERVICE}: Update plugin to ${{ inputs.plugin_tag }} | ||
\`\`\`" > "changelog/${vault_pr_num}.txt" | ||
git add . | ||
git commit -m "Add changelog" | ||
git push origin ${{ github.ref_name }}:"$VAULT_BRANCH" | ||
- name: Add labels to Vault PR | ||
env: | ||
# this is a different token to the one we have been using that should | ||
# allow us to add labels | ||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
continue-on-error: true | ||
run: | | ||
if [ -z "$vault_pr_num" ]; then | ||
echo "error: no vault PR found" | ||
exit 1 | ||
fi | ||
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \ | ||
--add-label "dependencies" \ | ||
--repo hashicorp/vault |