Skip to content
Plugin update check

hashicorp/vault-plugin-auth-gcp update check #368

Sign in to view logs

hashicorp/vault-plugin-auth-gcp update check

hashicorp/vault-plugin-auth-gcp update check #368

Workflow file for this run

.github/workflows/plugin-update-check.yml at 28ca1ef
name: Plugin update check
run-name: ${{ inputs.repo }} update check
on:
workflow_dispatch:
inputs:
repo:
type: string
description: 'The owner and repository name as per the github.repository context property.'
required: true
plugin_branch:
type: string
description: 'The name of the plugin branch.'
required: true
jobs:
plugin-update-check:
runs-on: ubuntu-latest
env:
PLUGIN_REPO: "${{inputs.repo}}"
PLUGIN_BRANCH: "${{inputs.plugin_branch}}"
VAULT_BRANCH: "auto-plugin-update/${{inputs.repo}}/${{inputs.plugin_branch}}"
RUN_ID: "${{github.run_id}}"
steps:
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# We don't use the default token so that checks are executed on the resulting PR
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version
- name: update plugin
run: |
go get "github.com/$PLUGIN_REPO@$PLUGIN_BRANCH"
go mod tidy
- name: detect changes
id: changes
run: |
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
- name: commit/push
if: steps.changes.outputs.count > 0
run: |
git config user.name hc-github-team-secure-vault-ecosystem
git config user.email [email protected]
git add .
git commit -m "Automated dependency upgrades"
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
- name: Open pull request if needed
id: pr
if: steps.changes.outputs.count > 0
env:
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
# Only open a PR if the branch is not attached to an existing one
run: |
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
if [ -z "$PR" ]; then
gh pr create \
--head "$VAULT_BRANCH" \
--title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
--body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
else
echo "Pull request already exists, won't create a new one."
fi
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
- name: Add labels to Vault CI check PR
if: steps.changes.outputs.count > 0
env:
# this is a different token to the one we have been using that should
# allow us to add labels
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
continue-on-error: true
run: |
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
echo "error: no vault PR found"
exit 1
fi
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
--add-label "dependencies,pr/no-changelog,pr/no-milestone" \
--repo hashicorp/vault
- name: Comment on plugin PR
if: steps.changes.outputs.count > 0
env:
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
run: |
# get Plugin PR number
plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
if [ -z "$plugin_pr_num" ]; then
echo "error: no plugin PR found"
exit 1
fi
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
echo "error: no vault PR found"
exit 1
fi
# make a comment on the plugin repo's PR
gh pr comment "$plugin_pr_num" \
--body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
--repo "$PLUGIN_REPO"