-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1143ed1
commit ba9865b
Showing
5 changed files
with
234 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
FROM fthomas/scala-steward:latest | ||
RUN apk --no-cache add gnupg | ||
RUN apk --no-cache add firejail | ||
RUN apk --no-cache add curl | ||
RUN apk --no-cache add bash | ||
RUN apk --no-cache add jq | ||
RUN apk --no-cache add git | ||
RUN apk --no-cache add ca-certificates | ||
ENV PATH="/opt/docker/sbt/bin:${PATH}" | ||
COPY entrypoint.sh /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
# Scala Steward Github Action | ||
|
||
[![Scala Steward badge](https://img.shields.io/badge/Scala_Steward-helping-blue.svg?style=flat&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAMAAAARSr4IAAAAVFBMVEUAAACHjojlOy5NWlrKzcYRKjGFjIbp293YycuLa3pYY2LSqql4f3pCUFTgSjNodYRmcXUsPD/NTTbjRS+2jomhgnzNc223cGvZS0HaSD0XLjbaSjElhIr+AAAAAXRSTlMAQObYZgAAAHlJREFUCNdNyosOwyAIhWHAQS1Vt7a77/3fcxxdmv0xwmckutAR1nkm4ggbyEcg/wWmlGLDAA3oL50xi6fk5ffZ3E2E3QfZDCcCN2YtbEWZt+Drc6u6rlqv7Uk0LdKqqr5rk2UCRXOk0vmQKGfc94nOJyQjouF9H/wCc9gECEYfONoAAAAASUVORK5CYII=)](https://scala-steward.org) | ||
|
||
A Github Action to launch [Scala Steward](https://github.com/fthomas/scala-steward) in your repository. | ||
|
||
<p align="center"> | ||
<a href="https://github.com/fthomas/scala-steward" target="_blank"> | ||
<img src="https://github.com/fthomas/scala-steward/raw/master/data/images/scala-steward-logo-circle-0.png" height="180px"> | ||
</a> | ||
</p> | ||
|
||
## What does this action do? | ||
|
||
When added, this action will launch [Scala Steward](https://github.com/fthomas/scala-steward) on your own repository and create PRs to update your Scala dependencies using your own user: | ||
|
||
![](./data/images/example-pr.png) | ||
|
||
## Usage | ||
|
||
Create a new `.github/workflows/scala-steward.yml` file: | ||
|
||
```yaml | ||
# This workflow will launch at 00:00 every Sunday | ||
on: | ||
schedule: | ||
- cron: '0 0 * * 0' | ||
|
||
jobs: | ||
scala-steward: | ||
runs-on: ubuntu-latest | ||
name: Launch Scala Steward | ||
steps: | ||
- name: Launch Scala Steward | ||
uses: alejandrohdezma/scala-steward-action@v1 | ||
with: | ||
github-repository: owner/repo | ||
github-token: ${{ secrets.ADMIN_GITHUB_TOKEN }} | ||
gpg-secret-key: ${{ secrets.GPG_SCALA_STEWARD }} | ||
``` | ||
If you want to be able to trigger the action manually, you can add a `repository_dispatch` event: | ||
|
||
```yaml | ||
on: | ||
schedule: | ||
- cron: '0 0 * * 0' | ||
repository_dispatch: | ||
types: [scala-steward] | ||
``` | ||
|
||
Finally, call the trigger from your local machine with: | ||
|
||
```bash | ||
# Change `owner/repo` to your own repository | ||
curl -d "{\"event_type\": \"scala-steward\"}" \ | ||
-H "Content-Type: application/json" \ | ||
-H "Authorization: token ${GITHUB_TOKEN}" \ | ||
"https://api.github.com/repos/owner/repo/dispatches" | ||
``` | ||
|
||
> Remember to have a valid github token exported as GITHUB_TOKEN in your local environment: | ||
> ```bash | ||
> export GITHUB_TOKEN="your_github_token" | ||
> ``` | ||
## Configuration | ||
### Repository | ||
The `github-repository` setting isn't required if the workflow launches from the same repository that you wish to update. | ||
Otherwise, set it to the name of the repository to update in the form `owner/repository`. | ||
### Github Token | ||
1. You will need to generate a [Github Personal Access Token](https://github.com/settings/tokens). | ||
2. Add it as a secret repository. | ||
3. Provide it to the action using `github-token`. | ||
### GPG | ||
1. Create a fresh GPG key: | ||
```bash | ||
gpg --gen-key | ||
``` | ||
> :exclamation: Do not add a passphrase to the GPG key, since you won't be able to add it when Scala Steward writes a commit. | ||
2. Annotate the key ID from the previous command. | ||
3. Export the base64 encoded secret of your private key to the clipboard: | ||
```bash | ||
# macOS | ||
gpg --armor --export-secret-keys $LONG_ID | base64 | pbcopy | ||
# Ubuntu (assuming GNU base64) | ||
gpg --armor --export-secret-keys $LONG_ID | base64 -w0 | xclip | ||
# Arch | ||
gpg --armor --export-secret-keys $LONG_ID | base64 | sed -z 's;\n;;g' | xclip -selection clipboard -i | ||
# FreeBSD (assuming BSD base64) | ||
gpg --armor --export-secret-keys $LONG_ID | base64 | xclip | ||
``` | ||
4. Add it as a new `GPG_SCALA_STEWARD` repository secret. | ||
5. Provide it to the action using `gpg-secret-key`. | ||
## Credit | ||
All the credit goes to [fthomas](https://github.com/fthomas) for creating such an awesome tool as Scala Steward | ||
## License | ||
Scala Steward Action is licensed under the Apache License, Version 2.0. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
name: 'Scala Steward Github Action' | ||
author: alejandrohdezma | ||
description: '🤖 A bot that helps you keeping your Scala projects up-to-date ' | ||
branding: | ||
icon: arrow-up-circle | ||
color: red | ||
|
||
inputs: | ||
github-repository: | ||
description: 'Repository to update. The current repository will be used by default' | ||
default: '' | ||
required: false | ||
github-token: | ||
description: 'Github Personal Access Token with permission to create branches on repo' | ||
required: true | ||
gpg-secret-key: | ||
description: 'The GPG secret key used to sign the commits' | ||
required: true | ||
|
||
runs: | ||
using: 'docker' | ||
image: 'Dockerfile' | ||
args: | ||
- ${{ inputs.github-repository }} | ||
- ${{ inputs.github-token }} | ||
- ${{ inputs.gpg-secret-key }} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
#!/bin/bash | ||
|
||
# Don't start if we can't reach Maven Central. | ||
curl -sf https://repo1.maven.org/maven2/ >/dev/null || { | ||
echo 'ERROR: Unable to connect to Maven Central' | ||
exit 1 | ||
} | ||
|
||
# Don't start if github-token is empty | ||
[ -z "$2" ] && { | ||
echo 'ERROR: github-token is empty' | ||
exit 1 | ||
} | ||
|
||
# Don't start if gpg-secret-key is empty | ||
[ -z "$3" ] && { | ||
echo 'ERROR: gpg-secret-key is empty' | ||
exit 1 | ||
} | ||
|
||
# Extract authenticated user information from Github API | ||
currentUser=$(curl -sSf -H "Authorization: token $2" https://api.github.com/user) | ||
login=$(echo "$currentUser" | jq .login) | ||
email=$(echo "$currentUser" | jq .email) | ||
name=$(echo "$currentUser" | jq .name) | ||
|
||
# Don't start if any of the current user information is missing | ||
[ -z "$login" ] && { | ||
echo 'Unable to get the login for the current authenticated user' | ||
exit 1 | ||
} | ||
|
||
[ -z "$email" ] && { | ||
echo 'Unable to get the email for the current authenticated user. Go to https://github.com/settings/profile and ensure you have it set up.' | ||
exit 1 | ||
} | ||
|
||
[ -z "$name" ] && { | ||
echo 'Unable to get the name for the current authenticated user. Go to https://github.com/settings/profile and ensure you have it set up.' | ||
exit 1 | ||
} | ||
|
||
mkdir -p /opt/scala-steward | ||
|
||
if [ -z "$1" ]; then | ||
# Create repos.md file with the contents of repository input | ||
echo "Using Github Actions repository" | ||
echo "- $GITHUB_REPOSITORY" >/opt/scala-steward/repos.md | ||
else | ||
# Fallback to current Github Action repository if not provided | ||
echo "Setting github repository to $1" | ||
echo "- $1" >/opt/scala-steward/repos.md | ||
fi | ||
|
||
# Store Github Personal Access Token in an executable file (as requested by steward) | ||
echo -e "#!/bin/sh\n\necho '$2'" >/opt/scala-steward/askpass.sh | ||
chmod +x /opt/scala-steward/askpass.sh | ||
|
||
# Add GPG secret key | ||
echo -e "$3" | base64 -d | gpg --import | grep '^gpg: key' | ||
read -r signingkey <<<"$(gpg --with-colons --list-secret-keys --keyid-format LONG | grep '^sec:-:4096:1:' | cut -d: -f5)" | ||
git config --global user.signingkey "$signingkey" | ||
|
||
/opt/docker/bin/scala-steward \ | ||
--workspace "/opt/scala-steward/workspace" \ | ||
--repos-file "/opt/scala-steward/repos.md" \ | ||
--git-ask-pass "/opt/scala-steward/askpass.sh" \ | ||
--git-author-email "$email" \ | ||
--git-author-name "$name" \ | ||
--vcs-login "$login" \ | ||
--ignore-opts-files \ | ||
--do-not-fork \ | ||
--env-var "SBT_OPTS=-Xmx2048m -Xss8m -XX:MaxMetaspaceSize=512m" \ | ||
--disable-sandbox \ | ||
--process-timeout 20min \ | ||
--whitelist "$HOME"/.cache/coursier \ | ||
--whitelist "$HOME"/.cache/JNA \ | ||
--whitelist "$HOME"/.ivy2 \ | ||
--whitelist "$HOME"/.sbt \ | ||
--whitelist "$HOME"/.scio-ideaPluginIC \ | ||
--whitelist "$HOME"/.tagless-redux-ijextPluginIC \ | ||
--whitelist "$JAVA_HOME" \ | ||
--read-only "$JAVA_HOME" \ | ||
--sign-commits |