♻️ Update shared DevOps tooling #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "♻️ Update shared DevOps tooling" | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 8 * * MON" | |
| jobs: | |
| update-actions: | |
| name: "Update DevOps tooling" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # IMPORTANT: mandatory to update content/actions/PRs | |
| contents: write | |
| actions: write | |
| pull-requests: write | |
| steps: | |
| - name: "Checkout primary repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| # Note: Requires a specific/defined Personal Access Token | |
| token: ${{ secrets.ACTIONS_WORKFLOW }} | |
| - name: "Pull workflows from central repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: "os-climate/devops-toolkit" | |
| path: ".devops" | |
| - name: "Update repository workflows and create PR" | |
| id: update-repository | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| # yamllint disable rule:line-length | |
| run: | | |
| ### SHELL CODE START ### | |
| REPO_DIR=$(git rev-parse --show-toplevel) | |
| # Ensure working from top-level of GIT repository | |
| CURRENT_DIR=$(pwd) | |
| if [ "$REPO_DIR" != "$CURRENT_DIR" ]; then | |
| echo "Changing directory to: $REPO_DIR" | |
| if ! (cd "$REPO_DIR"); then | |
| echo "Error: unable to change directory"; exit 1 | |
| fi | |
| fi | |
| # Define a function to allow selective opt-out of devops tooling | |
| OPT_OUT=".devops-exclusions" | |
| perform_operation() { | |
| ELEMENT="$1" | |
| if [ ! -f "$OPT_OUT" ]; then | |
| # Opt-out file does not exist; all operations will be performed | |
| return 1 | |
| else | |
| if grep -Fxq "$ELEMENT" "$OPT_OUT" | |
| then | |
| # Element is excluded from processing | |
| return 0 | |
| else | |
| # Element should be processed | |
| return 1 | |
| fi | |
| fi | |
| } | |
| echo "Removing remote branch if it exists: update-devops-tooling" | |
| git push origin --delete update-devops-tooling || : | |
| STRING=$(dd if=/dev/urandom bs=1k count=1 2>/dev/null | tr -dc 'a-zA-Z0-9' | head -c 10) | |
| git checkout -b "update-$STRING" | |
| # Configure GIT | |
| TEST=$(git config -l) | |
| if [ -n "$TEST" ]; then | |
| git config user.name "github-actions[bot]" | |
| git config user.email \ | |
| "41898282+github-actions[bot]@users.noreply.github.com" | |
| fi | |
| FOLDERS=".github .github/workflows scripts" | |
| for FOLDER in ${FOLDERS}; do | |
| # Check to see if operation should be skipped | |
| if (perform_operation "$FOLDER"); then | |
| echo "Opted out of DevOps folder: $FOLDER" | |
| continue | |
| else | |
| # If necessary, create target folder | |
| if [ ! -d "$FOLDER" ]; then | |
| echo "Creating target folder: $FOLDER" | |
| mkdir "$FOLDER" | |
| fi | |
| # Update folder contents | |
| echo "Updating folder contents: $FOLDER" | |
| cp -a .devops/"$FOLDER"/. "$FOLDER" | |
| fi | |
| done | |
| # Copy specified files into repository root | |
| FILES=".pre-commit-config.yaml .prettierignore .gitignore" | |
| for FILE in ${FILES}; do | |
| if (perform_operation "$FILE"); then | |
| echo "Opted out of DevOps file: $FILE" | |
| else | |
| echo "Copying file: $FILE" | |
| cp .devops/"$FILE" "$FILE" | |
| fi | |
| done | |
| # If no changes required, do not throw an error | |
| if [ -z "$(git status --porcelain)" ]; then | |
| echo "No updates/changes to commit"; exit 0 | |
| else | |
| # Set a flag for use by the next action/step | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| if [ -n "$GITHUB_TOKEN" ]; then | |
| git add . | |
| if ! (git commit -as -S -m "Chore: Update DevOps tooling from central repository [skip-ci]" \ | |
| -m "This commit created by automation/scripting" --no-verify); then | |
| echo "Commit failed; aborting"; exit 1 | |
| else | |
| git push --set-upstream origin update-devops-tooling | |
| # ToDo: need to verify if we are running in a GHA | |
| gh pr create --title \ | |
| "Chore: Pull DevOps tooling from upstream repository" \ | |
| --body 'Automated by a GitHub workflow: bootstrap.yaml' | |
| fi | |
| else | |
| echo "Script running in GitHub Actions workflow; proceeding to next step" | |
| fi | |
| ### SHELL CODE END ### | |
| - name: Create Pull Request | |
| if: steps.update-repository.outputs.changed == 'true' | |
| uses: peter-evans/create-pull-request@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| token: ${{ github.token }} | |
| commit-message: "Chore: Update DevOps tooling from central repository [skip-ci]" | |
| signoff: "true" | |
| branch: update-devops-tooling | |
| delete-branch: true | |
| title: "Chore: Update DevOps tooling from central repository [skip-ci]" | |
| body: | | |
| Update repository with content from upstream: os-climate/devops-toolkit | |
| labels: | | |
| automated pr | |
| draft: false |