-
Notifications
You must be signed in to change notification settings - Fork 77
72 lines (67 loc) · 2.61 KB
/
sync.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: sync
on:
workflow_dispatch:
inputs:
pr_number:
description: 'The PR number to pull the body from'
required: false
default: ''
pull_request_target:
branches:
- "cn-update-terraform-provider-jans"
permissions:
contents: read
jobs:
publish:
permissions:
contents: write # for Git to git push
name: Push to terraform-provider-jans repo
if: github.repository == 'JanssenProject/jans'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.8
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.8
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Configure Git
run: |
mkdir sync
cd sync
git clone https://mo-auto:${{ secrets.MOAUTO_WORKFLOW_TOKEN }}@github.com/JanssenProject/terraform-provider-jans.git
git config --global user.name "mo-auto"
git config --global user.email "[email protected]"
git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
# If the user passed in a PR number
PR_NUMBER=${{ github.event.inputs.pr_number }}
if [ ! -z "$PR_NUMBER" ]
then
pull_number=$PR_NUMBER
echo "Manual PR number inputted"
else
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
fi
BODY=$(gh pr view $pull_number --json body --jq '.body')
echo $BODY
cd terraform-provider-jans
git checkout -b cn-update-terraform-provider-jans
rsync -av --progress ../../terraform-provider-jans/* . --exclude=.git
git add -A
git commit -S -s -m "fix(terraform-provider-jans): update terraform provider" || exit 0
git push --set-upstream origin cn-update-terraform-provider-jans
MESSAGE="fix(terraform-provider-jans): update terraform module"
PR=$(gh pr create --body "${BODY}" --title "${MESSAGE}")