create-pr #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: create-pr | |
on: | |
workflow_dispatch: | |
inputs: | |
run_for: | |
type: choice | |
description: What to update | |
options: | |
- infra-deployments | |
- build-definitions | |
- all | |
schedule: | |
# At 09:00 UTC on Tuesday | |
- cron: '0 9 * * 2' | |
permissions: | |
contents: read | |
jobs: | |
create-infra-deployments-pr: | |
# also run by default | |
if: > | |
inputs.run_for == 'infra-deployments' || inputs.run_for == 'all' || inputs.run_for == '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
- name: Checkout infra-deployments | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: redhat-appstudio/infra-deployments | |
ref: main | |
path: infra-deployments | |
- name: Checkout ec-cli | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: enterprise-contract/ec-cli | |
ref: main | |
path: ec-cli | |
- name: Update ec-cli | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-cli | |
- name: Checkout ec-policies | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: enterprise-contract/ec-policies | |
ref: main | |
path: ec-policies | |
- name: Update ec-policies | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-policies | |
- name: Checkout enterprise-contract-controller | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: enterprise-contract/enterprise-contract-controller | |
ref: main | |
path: enterprise-contract-controller | |
- name: Update enterprise-contract-controller | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: enterprise-contract-controller | |
- name: Checkout ec-config | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: enterprise-contract/config | |
ref: main | |
path: ec-config | |
- name: Update ec-config | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-config | |
- name: Display diff | |
run: git diff | |
working-directory: infra-deployments | |
- name: Checkout infra-deployments-ci | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: infra-deployments-ci | |
- name: Create PR in infra-deployments | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} | |
APP_INSTALL_ID: 32872589 | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \ | |
./hack/create-pr.sh [email protected]:enterprise-contract/infra-deployments.git ../infra-deployments | |
working-directory: infra-deployments-ci | |
create-build-definitions-pr: | |
if: > | |
inputs.run_for == 'build-definitions' || inputs.run_for == 'all' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
- name: Checkout build-definitions | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: konflux-ci/build-definitions | |
ref: main | |
path: build-definitions | |
- name: Checkout ec-cli | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: enterprise-contract/ec-cli | |
ref: main | |
path: ec-cli | |
- name: Update ec-cli | |
env: | |
KEEP_TAG: 1 | |
run: ./hack/update-build-definitions.sh ../build-definitions | |
working-directory: ec-cli | |
- name: Display diff | |
run: git diff | |
working-directory: build-definitions | |
- name: Checkout infra-deployments-ci | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: infra-deployments-ci | |
- name: Create PR in build-definitions | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_BUILD_DEFINITIONS }} | |
APP_INSTALL_ID: 32872589 | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \ | |
./hack/create-pr.sh [email protected]:enterprise-contract/build-definitions.git ../build-definitions | |
working-directory: infra-deployments-ci |