sync #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: sync | |
on: | |
workflow_dispatch: | |
inputs: | |
pr_number: | |
description: 'The PR number to pull the body from' | |
required: false | |
default: '' | |
pull_request_target: | |
branches: | |
- "cn-update-terraform-provider-jans" | |
permissions: | |
contents: read | |
jobs: | |
publish: | |
permissions: | |
contents: write # for Git to git push | |
name: Push to terraform-provider-jans repo | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: 3.8 | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Configure Git | |
run: | | |
mkdir sync | |
cd sync | |
git clone https://mo-auto:${{ secrets.MOAUTO_WORKFLOW_TOKEN }}@github.com/JanssenProject/terraform-provider-jans.git | |
git config --global user.name "mo-auto" | |
git config --global user.email "[email protected]" | |
git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
# If the user passed in a PR number | |
PR_NUMBER=${{ github.event.inputs.pr_number }} | |
if [ ! -z "$PR_NUMBER" ] | |
then | |
pull_number=$PR_NUMBER | |
echo "Manual PR number inputted" | |
else | |
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
fi | |
BODY=$(gh pr view $pull_number --json body --jq '.body') | |
echo $BODY | |
cd terraform-provider-jans | |
git checkout -b cn-update-terraform-provider-jans | |
rsync -av --progress ../../terraform-provider-jans/* . --exclude=.git | |
git add -A | |
git commit -S -s -m "fix(terraform-provider-jans): update terraform provider" || exit 0 | |
git push --set-upstream origin cn-update-terraform-provider-jans | |
MESSAGE="fix(terraform-provider-jans): update terraform module" | |
PR=$(gh pr create --body "${BODY}" --title "${MESSAGE}") |