Skip to content

create-pr

create-pr #89

Workflow file for this run

---
name: create-pr
on:
workflow_dispatch:
inputs:
run_for:
type: choice
description: What to update
options:
- infra-deployments
- build-definitions
- tenants-config
- all
schedule:
# At 09:00 UTC on Tuesday
- cron: '0 9 * * 2'
permissions:
contents: read
jobs:
create-tenants-config-pr:
if: >
inputs.run_for == 'tenants-config' || inputs.run_for == 'all' || inputs.run_for == ''
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-telemetry: true
# this is the repo we want to update
- name: Checkout tenants-config
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: redhat-appstudio/tenants-config
ref: main
path: tenants-config
- name: Checkout ec-policies
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/ec-policies
ref: main
path: ec-policies
# ./hack/update-infra-deployments.sh ../tenants-config will update any files under tenants-config to the latest release policy
- name: Update policies in tenants-config
run: ./hack/update-infra-deployments.sh ../tenants-config
working-directory: ec-policies
- name: Run kustomize to populate the auto-generated files
run: ./build-manifests.sh
working-directory: tenants-config
# checkout this repo to run create-pr.sh
- name: Checkout infra-deployments-ci
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: infra-deployments-ci
# create-pr.sh changes directory to the upstream tenants-config, creates a remote from the fork and pushes the changes to the fork
- name: Create PR in tenants-config
env:
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_TENANTS_CONFIG }}
APP_INSTALL_ID: 32872589
run: |
set -o errexit
set -o pipefail
set -o nounset
function createJWT() {
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local now_utc=$(date --utc +%s)
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_')
echo "${header}.${payload}.${signature}"
}
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \
./hack/create-pr.sh [email protected]:enterprise-contract/tenants-config.git ../tenants-config
working-directory: infra-deployments-ci
create-infra-deployments-pr:
# also run by default
if: >
inputs.run_for == 'infra-deployments' || inputs.run_for == 'all' || inputs.run_for == ''
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-telemetry: true
- name: Checkout infra-deployments
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: redhat-appstudio/infra-deployments
ref: main
path: infra-deployments
- name: Checkout ec-cli
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/ec-cli
ref: main
path: ec-cli
- name: Update ec-cli
run: ./hack/update-infra-deployments.sh ../infra-deployments
working-directory: ec-cli
- name: Checkout ec-policies
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/ec-policies
ref: main
path: ec-policies
- name: Update ec-policies
run: ./hack/update-infra-deployments.sh ../infra-deployments
working-directory: ec-policies
- name: Checkout enterprise-contract-controller
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/enterprise-contract-controller
ref: main
path: enterprise-contract-controller
- name: Update enterprise-contract-controller
run: ./hack/update-infra-deployments.sh ../infra-deployments
working-directory: enterprise-contract-controller
- name: Checkout ec-config
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/config
ref: main
path: ec-config
- name: Update ec-config
env:
GH_TOKEN: ${{ github.token }}
run: ./hack/update-infra-deployments.sh ../infra-deployments
working-directory: ec-config
- name: Display diff
run: git diff
working-directory: infra-deployments
- name: Checkout infra-deployments-ci
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: infra-deployments-ci
- name: Create PR in infra-deployments
env:
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
APP_INSTALL_ID: 32872589
run: |
set -o errexit
set -o pipefail
set -o nounset
function createJWT() {
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local now_utc=$(date --utc +%s)
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_')
echo "${header}.${payload}.${signature}"
}
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \
./hack/create-pr.sh [email protected]:enterprise-contract/infra-deployments.git ../infra-deployments
working-directory: infra-deployments-ci
create-build-definitions-pr:
if: >
inputs.run_for == 'build-definitions' || inputs.run_for == 'all'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
disable-telemetry: true
- name: Checkout build-definitions
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: redhat-appstudio/build-definitions
ref: main
path: build-definitions
- name: Checkout ec-cli
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: enterprise-contract/ec-cli
ref: main
path: ec-cli
- name: Update ec-cli
env:
KEEP_TAG: 1
run: ./hack/update-build-definitions.sh ../build-definitions
working-directory: ec-cli
- name: Display diff
run: git diff
working-directory: build-definitions
- name: Checkout infra-deployments-ci
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: infra-deployments-ci
- name: Create PR in build-definitions
env:
EC_AUTOMATION_KEY: ${{ secrets.EC_AUTOMATION_KEY }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY_BUILD_DEFINITIONS }}
APP_INSTALL_ID: 32872589
run: |
set -o errexit
set -o pipefail
set -o nounset
function createJWT() {
local header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local now_utc=$(date --utc +%s)
local payload=$(echo -n '{"iat":'$((now_utc - 60))',"exp":'$((now_utc + 120))',"iss":245286}' | base64 | sed s/\+/-/ | sed -E s/=+$//)
local signature=$(echo -n "${header}.${payload}" | openssl dgst -sha256 -binary -sign <(echo "${EC_AUTOMATION_KEY}")| base64 | tr -d '\n=' | tr -- '+/' '-_')
echo "${header}.${payload}.${signature}"
}
GITHUB_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $(createJWT)" -H "Accept: application/vnd.github+json" "https://api.github.com/app/installations/${APP_INSTALL_ID}/access_tokens" | jq -r .token) \
./hack/create-pr.sh [email protected]:enterprise-contract/build-definitions.git ../build-definitions
working-directory: infra-deployments-ci