Plugin update check #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| inputs: | |
| repo: | |
| type: string | |
| description: the plugin repo that is updated (ex. vault-plugin-database-snowflake) - github.com/hashicorp will be prepended | |
| required: true | |
| sha: | |
| type: string | |
| description: the hash of the plugin repo commit to use | |
| required: true | |
| jobs: | |
| plugin-update-check: | |
| runs-on: ubuntu-latest | |
| env: | |
| # In the case of a curl call, the input json will look like: | |
| # e.g., | |
| # { | |
| # "ref": "some-branch", | |
| # "inputs": { | |
| # "sha":"abcdef", | |
| # "repo":"vault-plugin-database-snowflake" | |
| # } | |
| # } | |
| COMMIT_SHA: "${{inputs.sha}}" | |
| REPO_NAME: "${{inputs.repo}}" | |
| BRANCH_NAME: "plugin-update-${{inputs.repo}}-${{inputs.sha}}" | |
| steps: | |
| - run: echo "would use $COMMIT_SHA of $REPO_NAME" | |
| # checkout | |
| - uses: actions/checkout@v3 # should be a sha, but eh | |
| # activate go | |
| - uses: actions/setup-go@v4 | |
| - name: update plugin | |
| run: | | |
| go get "github.com/hashicorp/$REPO_NAME@$COMMIT_SHA" | |
| go mod tidy | |
| - name: detect changes | |
| id: changes | |
| run: | | |
| echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT" | |
| - name: commit/push | |
| if: steps.changes.outputs.count > 0 | |
| run: | | |
| git config user.name hc-github-team-secure-vault-ecosystem | |
| git config user.email [email protected] | |
| git add . | |
| git commit -m "Automated dependency upgrades" | |
| git push -f origin ${{ github.ref_name }}:"$BRANCH_NAME" | |
| - name: Open pull request if needed | |
| if: steps.changes.outputs.count > 0 | |
| # Only open a PR if the branch is not attached to an existing one | |
| run: | | |
| PR=$(gh pr list --head "$BRANCH_NAME" --json number -q '.[0].number') | |
| # currently unable to set team as reviewer in GHA | |
| # see https://github.com/cli/cli/issues/6395 | |
| reviewers="fairclothjm,kpcraig" | |
| if [ -z "$PR" ]; then | |
| gh pr create \ | |
| --head "$BRANCH_NAME" \ | |
| --title "Automated plugin update check" \ | |
| --reviewer "$reviewers" \ | |
| --label "dependencies" \ | |
| --body "Updates $REPO_NAME to verify vault CI | |
| Full log: https://github.com/hashicorp/vault/actions/runs/${{github.run_id}}" | |
| else | |
| echo "Pull request already exists, won't create a new one." | |
| exit 1 | |
| fi |