-
Notifications
You must be signed in to change notification settings - Fork 134
145 lines (142 loc) · 5.8 KB
/
initiateNewVote.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Initiate new vote
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- votes/initiateNewVote/_EDIT_ME.yml
push:
branches:
- initiateNewVote
permissions:
contents: read
jobs:
lint-vote-init-file:
if: github.event.pull_request && github.event.pull_request.draft == false
permissions:
contents: write
pull-requests: write
repository-projects: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
persist-credentials: false
# If the subject is still REPLACEME, that would mean it's a PR to modify
# the sample file, not a PR initializing a vote.
- run: '! grep -q "subject: REPLACEME" votes/initiateNewVote.yml'
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: lts/*
- name: Validate YAML and ensure there are more than 1 candidate
run:
npx js-yaml votes/initiateNewVote.yml | jq '.candidates | unique |
length > 1 or error("Not enough candidates")'
- name: Change base branch
if: github.base_ref == github.event.repository.default_branch
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/git/refs \
-f ref='refs/heads/initiateNewVote' \
-f sha='${{ github.event.pull_request.base.sha }}'
gh pr edit ${{ github.event.pull_request.html_url }} --base 'initiateNewVote'
env:
GH_TOKEN: ${{ github.token }}
initiate-new-vote:
if: github.event.pusher
permissions:
contents: write
pull-requests: write
repository-projects: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
persist-credentials: true # we need the credentials to push the new vote branch
- name: Install Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: lts/*
- name: Extract info from the pushed file
id: data
run: |
npx js-yaml votes/initiateNewVote/_EDIT_ME.yml > data.json
echo "json_data<<EOF" >> "$GITHUB_OUTPUT"
cat data.json >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
echo "branchName=votes/$(node -p 'require("./data.json")["path-friendly-id"] || crypto.randomUUID()')" >> "$GITHUB_OUTPUT"
node >> "$GITHUB_ENV" <<'EOF'
'use strict';
const { createHash } = require('node:crypto');
const { candidates } = require("./data.json");
for (let i = 0; i < candidates.length; i++) {
const delimiter = createHash('sha256').update(candidates[i], 'utf8').digest('base64');
console.log(`__CANDIDATES_${i}<<${delimiter}`)
process.stdout.write(candidates[i]);
process.stdout.write(`\n${delimiter}\n`);
}
console.log('__CANDIDATES<<EOF');
for (let i = 0; i < candidates.length; i++) {
console.log(`--candidate "$__CANDIDATES_${i}" \\`);
}
if (candidates.length) console.log('');
console.log('EOF');
EOF
- name: Reset to the base branch
run: git fetch origin HEAD && git reset FETCH_HEAD --hard
- name: Install npm dependencies
run: npm install @node-core/caritat
- name: Configure git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Node.js GitHub Bot"
- name: Configure and (re)start GPG agent
shell: bash
run: |
if [ -f /usr/lib/systemd/user/gpg-agent.service ]; then
mkdir ~/.gnupg
cat <<EOT >> ~/.gnupg/gpg-agent.conf
allow-preset-passphrase
default-cache-ttl 60
max-cache-ttl 50
EOT
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
systemctl --user restart gpg-agent
else
gpg-agent --daemon --allow-preset-passphrase \
--default-cache-ttl 60 --max-cache-ttl 60
fi
- name: Generate the vote branch and PR
run: |
./votes/initiateNewVote/generateNewVotePR.mjs \
--remote origin \
--github-repo-name "$GITHUB_REPOSITORY" \
--vote-repository-path . \
--branch "$__BRANCH" \
--subject "$__SUBJECT" \
${{ env.__CANDIDATES }} \
--shuffle-candidates "$__SHUFFLE_CANDIDATES" \
--header-instructions "$__HEADER_INSTRUCTIONS" \
--footer-instructions "$__FOOTER_INSTRUCTIONS" \
--create-pull-request --pr-intro "$__PR_INTRO"
env:
GH_TOKEN: ${{ github.token }}
__BRANCH: ${{ steps.data.outputs.branchName }}
__SUBJECT: ${{ fromJSON(steps.data.outputs.json_data).subject }}
__SHUFFLE_CANDIDATES: ${{ fromJSON(steps.data.outputs.json_data).canShuffleCandidates }}
__HEADER_INSTRUCTIONS: ${{ fromJSON(steps.data.outputs.json_data).headerInstructions }}
__FOOTER_INSTRUCTIONS: ${{ fromJSON(steps.data.outputs.json_data).footerInstructions }}
__PR_INTRO: ${{ fromJSON(steps.data.outputs.json_data).prBody }}
- name: Remove initiateNewVote branch
run: |
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/$GITHUB_REPOSITORY/git/$GITHUB_REF"
env:
GH_TOKEN: ${{ github.token }}