Add first version of the action

Dockerfile

@@ -0,0 +1,11 @@
+FROM fthomas/scala-steward:latest
+RUN apk --no-cache add gnupg
+RUN apk --no-cache add firejail
+RUN apk --no-cache add curl
+RUN apk --no-cache add bash
+RUN apk --no-cache add jq
+RUN apk --no-cache add git
+RUN apk --no-cache add ca-certificates
+ENV PATH="/opt/docker/sbt/bin:${PATH}"
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,113 @@
+# Scala Steward Github Action
+
+[![Scala Steward badge](https://img.shields.io/badge/Scala_Steward-helping-blue.svg?style=flat&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAQCAMAAAARSr4IAAAAVFBMVEUAAACHjojlOy5NWlrKzcYRKjGFjIbp293YycuLa3pYY2LSqql4f3pCUFTgSjNodYRmcXUsPD/NTTbjRS+2jomhgnzNc223cGvZS0HaSD0XLjbaSjElhIr+AAAAAXRSTlMAQObYZgAAAHlJREFUCNdNyosOwyAIhWHAQS1Vt7a77/3fcxxdmv0xwmckutAR1nkm4ggbyEcg/wWmlGLDAA3oL50xi6fk5ffZ3E2E3QfZDCcCN2YtbEWZt+Drc6u6rlqv7Uk0LdKqqr5rk2UCRXOk0vmQKGfc94nOJyQjouF9H/wCc9gECEYfONoAAAAASUVORK5CYII=)](https://scala-steward.org)
+
+A Github Action to launch [Scala Steward](https://github.com/fthomas/scala-steward) in your repository.
+
+<p align="center">
+  <a href="https://github.com/fthomas/scala-steward" target="_blank">
+    <img src="https://github.com/fthomas/scala-steward/raw/master/data/images/scala-steward-logo-circle-0.png" height="180px">
+  </a>
+</p>
+
+## What does this action do?
+
+When added, this action will launch [Scala Steward](https://github.com/fthomas/scala-steward) on your own repository and create PRs to update your Scala dependencies using your own user:
+
+![](./data/images/example-pr.png)
+
+## Usage
+
+Create a new `.github/workflows/scala-steward.yml` file:
+
+```yaml
+# This workflow will launch at 00:00 every Sunday
+on:
+  schedule:    
+    - cron:  '0 0 * * 0'
+
+jobs:
+  scala-steward:
+    runs-on: ubuntu-latest
+    name: Launch Scala Steward
+    steps:
+      - name: Launch Scala Steward
+        uses: alejandrohdezma/scala-steward-action@v1
+        with:
+          github-repository: owner/repo
+          github-token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
+          gpg-secret-key: ${{ secrets.GPG_SCALA_STEWARD }}
+```
+
+If you want to be able to trigger the action manually, you can add a `repository_dispatch` event:
+
+```yaml
+on:
+  schedule:    
+    - cron:  '0 0 * * 0'
+  repository_dispatch:
+    types: [scala-steward]
+```
+
+Finally, call the trigger from your local machine with:
+
+```bash
+# Change `owner/repo` to your own repository
+curl -d "{\"event_type\": \"scala-steward\"}" \
+    -H "Content-Type: application/json" \
+    -H "Authorization: token ${GITHUB_TOKEN}" \
+    "https://api.github.com/repos/owner/repo/dispatches"
+```
+
+> Remember to have a valid github token exported as GITHUB_TOKEN in your local environment:
+> ```bash
+> export GITHUB_TOKEN="your_github_token"
+> ```
+
+## Configuration
+
+### Repository
+
+The `github-repository` setting isn't required if the workflow launches from the same repository that you wish to update.
+
+Otherwise, set it to the name of the repository to update in the form `owner/repository`.
+
+### Github Token
+
+1. You will need to generate a [Github Personal Access Token](https://github.com/settings/tokens).
+2. Add it as a secret repository.
+3. Provide it to the action using `github-token`.
+
+### GPG
+
+1. Create a fresh GPG key:
+
+    ```bash
+    gpg --gen-key
+    ```
+
+    > :exclamation: Do not add a passphrase to the GPG key, since you won't be able to add it when Scala Steward writes a commit.
+
+2. Annotate the key ID from the previous command.
+3. Export the base64 encoded secret of your private key to the clipboard:
+    
+    ```bash
+    # macOS
+    gpg --armor --export-secret-keys $LONG_ID | base64 | pbcopy
+    # Ubuntu (assuming GNU base64)
+    gpg --armor --export-secret-keys $LONG_ID | base64 -w0 | xclip
+    # Arch
+    gpg --armor --export-secret-keys $LONG_ID | base64 | sed -z 's;\n;;g' | xclip -selection clipboard -i
+    # FreeBSD (assuming BSD base64)
+    gpg --armor --export-secret-keys $LONG_ID | base64 | xclip
+    ```
+4. Add it as a new `GPG_SCALA_STEWARD` repository secret.
+5. Provide it to the action using `gpg-secret-key`.
+
+## Credit
+
+All the credit goes to [fthomas](https://github.com/fthomas) for creating such an awesome tool as Scala Steward
+
+## License
+
+Scala Steward Action is licensed under the Apache License, Version 2.0.

action.yml

@@ -0,0 +1,26 @@
+name: 'Scala Steward Github Action'
+author: alejandrohdezma
+description: '🤖 A bot that helps you keeping your Scala projects up-to-date '
+branding:
+  icon:  arrow-up-circle
+  color: red
+
+inputs:
+  github-repository:
+    description: 'Repository to update. The current repository will be used by default'
+    default: ''
+    required: false
+  github-token:
+    description: 'Github Personal Access Token with permission to create branches on repo'
+    required: true
+  gpg-secret-key:
+    description: 'The GPG secret key used to sign the commits'
+    required: true
+
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.github-repository }}
+    - ${{ inputs.github-token }}
+    - ${{ inputs.gpg-secret-key }}

entrypoint.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+# Don't start if we can't reach Maven Central.
+curl -sf https://repo1.maven.org/maven2/ >/dev/null || {
+  echo 'ERROR: Unable to connect to Maven Central'
+  exit 1
+}
+
+# Don't start if github-token is empty
+[ -z "$2" ] && {
+  echo 'ERROR: github-token is empty'
+  exit 1
+}
+
+# Don't start if gpg-secret-key is empty
+[ -z "$3" ] && {
+  echo 'ERROR: gpg-secret-key is empty'
+  exit 1
+}
+
+# Extract authenticated user information from Github API
+currentUser=$(curl -sSf -H "Authorization: token $2" https://api.github.com/user)
+login=$(echo "$currentUser" | jq .login)
+email=$(echo "$currentUser" | jq .email)
+name=$(echo "$currentUser" | jq .name)
+
+# Don't start if any of the current user information is missing
+[ -z "$login" ] && {
+  echo 'Unable to get the login for the current authenticated user'
+  exit 1
+}
+
+[ -z "$email" ] && {
+  echo 'Unable to get the email for the current authenticated user. Go to https://github.com/settings/profile and ensure you have it set up.'
+  exit 1
+}
+
+[ -z "$name" ] && {
+  echo 'Unable to get the name for the current authenticated user. Go to https://github.com/settings/profile and ensure you have it set up.'
+  exit 1
+}
+
+mkdir -p /opt/scala-steward
+
+if [ -z "$1" ]; then
+  # Create repos.md file with the contents of repository input
+  echo "Using Github Actions repository"
+  echo "- $GITHUB_REPOSITORY" >/opt/scala-steward/repos.md
+else
+  # Fallback to current Github Action repository if not provided
+  echo "Setting github repository to $1"
+  echo "- $1" >/opt/scala-steward/repos.md
+fi
+
+# Store Github Personal Access Token in an executable file (as requested by steward)
+echo -e "#!/bin/sh\n\necho '$2'" >/opt/scala-steward/askpass.sh
+chmod +x /opt/scala-steward/askpass.sh
+
+# Add GPG secret key
+echo -e "$3" | base64 -d | gpg --import | grep '^gpg: key'
+read -r signingkey <<<"$(gpg --with-colons --list-secret-keys --keyid-format LONG | grep '^sec:-:4096:1:' | cut -d: -f5)"
+git config --global user.signingkey "$signingkey"
+
+/opt/docker/bin/scala-steward \
+  --workspace "/opt/scala-steward/workspace" \
+  --repos-file "/opt/scala-steward/repos.md" \
+  --git-ask-pass "/opt/scala-steward/askpass.sh" \
+  --git-author-email "$email" \
+  --git-author-name "$name" \
+  --vcs-login "$login" \
+  --ignore-opts-files \
+  --do-not-fork \
+  --env-var "SBT_OPTS=-Xmx2048m -Xss8m -XX:MaxMetaspaceSize=512m" \
+  --disable-sandbox \
+  --process-timeout 20min \
+  --whitelist "$HOME"/.cache/coursier \
+  --whitelist "$HOME"/.cache/JNA \
+  --whitelist "$HOME"/.ivy2 \
+  --whitelist "$HOME"/.sbt \
+  --whitelist "$HOME"/.scio-ideaPluginIC \
+  --whitelist "$HOME"/.tagless-redux-ijextPluginIC \
+  --whitelist "$JAVA_HOME" \
+  --read-only "$JAVA_HOME" \
+  --sign-commits