create-pr #78
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: create-pr | |
on: | |
workflow_dispatch: | |
inputs: | |
run_for: | |
type: choice | |
description: What to update | |
options: | |
- infra-deployments | |
- build-definitions | |
- tenants-config | |
- all | |
schedule: | |
# At 09:00 UTC on Tuesday | |
- cron: '0 9 * * 2' | |
permissions: | |
contents: read | |
jobs: | |
create-tenants-config-pr: | |
if: > | |
inputs.run_for == 'tenants-config' || inputs.run_for == 'all' || inputs.run_for == '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
# this is the repo we want to update | |
- name: Checkout tenants-config | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: redhat-appstudio/tenants-config | |
ref: main | |
path: tenants-config | |
- name: Checkout ec-policies | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/ec-policies | |
ref: main | |
path: ec-policies | |
# ./hack/update-infra-deployments.sh ../tenants-config will update any files under tenants-config to the latest release policy | |
- name: Update policies in tenants-config | |
run: ./hack/update-infra-deployments.sh ../tenants-config | |
working-directory: ec-policies | |
- name: Run kustomize to populate the auto-generated files | |
run: ./build-manifests.sh | |
working-directory: tenants-config | |
# checkout this repo to run create-pr.sh | |
- name: Checkout infra-deployments-ci | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: infra-deployments-ci | |
# create-pr.sh changes directory to the upstream tenants-config, creates a remote from the fork and pushes the changes to the fork | |
- name: Create PR in tenants-config | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_TENANTS_CONFIG }} | |
APP_INSTALL_ID: 32872589 | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \ | |
./hack/create-pr.sh [email protected]:enterprise-contract/tenants-config.git ../tenants-config | |
working-directory: infra-deployments-ci | |
create-infra-deployments-pr: | |
# also run by default | |
if: > | |
inputs.run_for == 'infra-deployments' || inputs.run_for == 'all' || inputs.run_for == '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
- name: Checkout infra-deployments | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: redhat-appstudio/infra-deployments | |
ref: main | |
path: infra-deployments | |
- name: Checkout ec-cli | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/ec-cli | |
ref: main | |
path: ec-cli | |
- name: Update ec-cli | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-cli | |
- name: Checkout ec-policies | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/ec-policies | |
ref: main | |
path: ec-policies | |
- name: Update ec-policies | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-policies | |
- name: Checkout enterprise-contract-controller | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/enterprise-contract-controller | |
ref: main | |
path: enterprise-contract-controller | |
- name: Update enterprise-contract-controller | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: enterprise-contract-controller | |
- name: Checkout ec-config | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/config | |
ref: main | |
path: ec-config | |
- name: Update ec-config | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: ./hack/update-infra-deployments.sh ../infra-deployments | |
working-directory: ec-config | |
- name: Display diff | |
run: git diff | |
working-directory: infra-deployments | |
- name: Checkout infra-deployments-ci | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: infra-deployments-ci | |
- name: Create PR in infra-deployments | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} | |
APP_INSTALL_ID: 32872589 | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \ | |
./hack/create-pr.sh [email protected]:enterprise-contract/infra-deployments.git ../infra-deployments | |
working-directory: infra-deployments-ci | |
create-build-definitions-pr: | |
if: > | |
inputs.run_for == 'build-definitions' || inputs.run_for == 'all' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
disable-telemetry: true | |
- name: Checkout build-definitions | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: redhat-appstudio/build-definitions | |
ref: main | |
path: build-definitions | |
- name: Checkout ec-cli | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: enterprise-contract/ec-cli | |
ref: main | |
path: ec-cli | |
- name: Update ec-cli | |
env: | |
KEEP_TAG: 1 | |
run: ./hack/update-build-definitions.sh ../build-definitions | |
working-directory: ec-cli | |
- name: Display diff | |
run: git diff | |
working-directory: build-definitions | |
- name: Checkout infra-deployments-ci | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: infra-deployments-ci | |
- name: Create PR in build-definitions | |
env: | |
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }} | |
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_BUILD_DEFINITIONS }} | |
APP_INSTALL_ID: 32872589 | |
run: | | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
function createJWT() { | |
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local now_utc=$(date --utc +%s) | |
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//) | |
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_') | |
echo "${header}.${payload}.${signature}" | |
} | |
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \ | |
./hack/create-pr.sh [email protected]:enterprise-contract/build-definitions.git ../build-definitions | |
working-directory: infra-deployments-ci |