GH Actions Cron Schedule #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GH Actions Cron Schedule | |
on: | |
workflow_dispatch: | |
schedule: | |
# Every M-F at 12:00am run this job | |
- cron: "0 0 * * 1-5" | |
env: | |
CURRENT_REDHAT_IMAGE: registry.access.redhat.com/ubi9/go-toolset@sha256:52ab391730a63945f61d93e8c913db4cc7a96f200de909cd525e2632055d9fa6 | |
jobs: | |
release-next: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Configure upstream | |
run: | | |
git remote add upstream https://github.com/sigstore/rekor | |
git config --global user.email "[email protected]" | |
git config --global user.name "GitHub Actions Bot" | |
- name: Check for existing pull request | |
run: | | |
openPRs="$(gh pr list --state open -H release-next-ci --json number | jq -r '.[].number' | wc -l)" | |
echo 'NUM_OPEN_PRS='$openPRs >> $GITHUB_ENV | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run update script | |
run: | | |
./redhat/release/update-to-head.sh | |
if: ${{ env.NUM_OPEN_PRS == 0 }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
check-upstream-shas: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the upstream rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: sigstore/rekor | |
path: upstream-rekor | |
ref: main | |
- name: Get upstream shas | |
run: | | |
cd upstream-rekor | |
upstreamSHA=$(grep -o -m 1 'golang:[^@]\+@sha256:[a-f0-9]\{64\}' Dockerfile) | |
echo 'UPSTREAM_SHA='$upstreamSHA >> $GITHUB_ENV | |
- name: Pull down the midstream rekor repository | |
uses: actions/checkout@v2 | |
with: | |
path: midstream-rekor | |
ref: main | |
- name: Get midstream shas | |
run: | | |
cd midstream-rekor | |
midstreamSHA=$(grep -o -m 1 'golang:[^@]\+@sha256:[a-f0-9]\{64\}' redhat/patches/0001-dockerfile.patch) | |
echo 'MIDSTREAM_SHA='$midstreamSHA >> $GITHUB_ENV | |
- name: Generate new patch file | |
if: ${{ env.UPSTREAM_SHA != env.MIDSTREAM_SHA }} | |
run: | | |
cd upstream-rekor | |
sed -i 's|${{ env.UPSTREAM_SHA }}|${{ env.CURRENT_REDHAT_IMAGE }}|g' Dockerfile | |
git diff > 0001-dockerfile.patch | |
cd ../midstream-rekor | |
git fetch origin | |
git checkout -B update-dockerfile.patch-file origin/main | |
cp -f ../upstream-rekor/0001-dockerfile.patch redhat/patches/ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check for existing pull request | |
if: ${{ env.UPSTREAM_SHA != env.MIDSTREAM_SHA }} | |
run: | | |
cd midstream-rekor | |
openPRs="$(gh pr list --state open -H update-dockerfile.patch-file --json number | jq -r '.[].number' | wc -l)" | |
echo 'NUM_OPEN_PRS='$openPRs >> $GITHUB_ENV | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Configure git | |
run: | | |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git config --global user.name "${GITHUB_ACTOR}" | |
- name: Create pull request | |
if: ${{ env.NUM_OPEN_PRS == 0 && env.UPSTREAM_SHA != env.MIDSTREAM_SHA }} | |
run: | | |
cd midstream-rekor | |
git add . | |
git commit -m "Update image in docker file" | |
git push -f origin update-dockerfile.patch-file | |
gh pr create --base main --head update-dockerfile.patch-file --title "Update patch file" --body "This is an automated pr to update the docker patch file" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |