fix: trigger sync-workflows.yml #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # This GitHub Actions workflow syncs workflows from a central repository to other repositories when a pull request is merged. | |
| # Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally. | |
| name: Sync Workflows | |
| on: | |
| pull_request: | |
| branches: [ "dev" ] # The branches below must be a subset of the branches above. | |
| workflow_dispatch: | |
| jobs: | |
| Sync_All_Repos_Common_Workflows: | |
| if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' | |
| runs-on: ubuntu-latest # Use the latest Ubuntu runner for the job | |
| steps: | |
| - name: Checkout Central Workflows Repo # Step to checkout the repository containing the central workflows | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Git # Step to configure Git with necessary details | |
| run: | | |
| git config --global user.name 'github-actions' | |
| git config --global user.email 'github-actions@github.com' | |
| git config --global credential.helper store | |
| - name: Install GitHub CLI # Step to install GitHub CLI for creating pull requests | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y curl | |
| curl -fsSL https://github.com/cli/cli/releases/download/v2.14.7/gh_2.14.7_linux_amd64.tar.gz -o ghcli.tar.gz | |
| tar -xzf ghcli.tar.gz | |
| sudo cp gh_2.14.7_linux_amd64/bin/gh /usr/local/bin/ | |
| - name: Get PR author details # Step to get the details of the pull request author | |
| id: pr_author | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| PR_AUTHOR_NAME=$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" --jq '.user.login') | |
| PR_AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') | |
| PR_AUTHOR_NAME_FULL=$(git log -1 --pretty=format:'%an') | |
| echo "PR_AUTHOR_NAME=${PR_AUTHOR_NAME}" >> $GITHUB_ENV | |
| echo "PR_AUTHOR_EMAIL=${PR_AUTHOR_EMAIL}" >> $GITHUB_ENV | |
| echo "PR_AUTHOR_NAME_FULL=${PR_AUTHOR_NAME_FULL}" >> $GITHUB_ENV | |
| - name: Sync Workflows to Other Repos # Step to sync workflows to other repositories | |
| env: | |
| REPOS: | # List of repositories to sync workflows to | |
| relay-service | |
| auth-service | |
| typology-processor | |
| event-director | |
| event-sidecar | |
| lumberjack | |
| nats-utilities | |
| batch-ppa | |
| admin-service | |
| tms-service | |
| transaction-aggregation-decisioning-processor | |
| Full-Stack-Docker-Tazama | |
| rule-executer | |
| event-flow | |
| frms-coe-lib | |
| frms-coe-startup-lib | |
| auth-lib | |
| rule-901 | |
| SPECIFIC_FILES: dockerhub-image-build.yml # List of specific files not to copy to certain repositories | |
| SPECIFIC_REPOS: | # List of specific repositories needing specific files not included | |
| lumberjack | |
| batch-ppa | |
| Full-Stack-Docker-Tazama | |
| rule-executer | |
| frms-coe-lib | |
| frms-coe-startup-lib | |
| auth-lib | |
| rule-901 | |
| PR_REVIEWERS: ${{ secrets.GH_USERNAME }} # List of reviewers | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| run: | | |
| SIGNED_OFF_BY="Signed-off-by: ${{ env.PR_AUTHOR_NAME_FULL }} <${{ env.PR_AUTHOR_EMAIL }}>" | |
| for repo in $REPOS; do | |
| git clone https://github.com/frmscoe/$repo.git | |
| cd $repo | |
| git remote set-url origin https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/frmscoe/$repo.git | |
| if git ls-remote --heads origin sync-workflows-update | grep sync-workflows-update; then | |
| # Branch exists, pull the latest changes | |
| git checkout sync-workflows-update | |
| git pull origin sync-workflows-update | |
| else | |
| # Branch does not exist, create it | |
| git checkout -b sync-workflows-update | |
| fi | |
| cd .. | |
| mkdir -p temp-workflows | |
| cp -r .github/workflows/* temp-workflows/ | |
| rm temp-workflows/sync-workflows.yml # Remove the sync-workflows.yml to avoid recursive syncing | |
| rm temp-workflows/node.js.yml # Remove the node.js.yml to avoid removing benchmarking tests specific for each repo | |
| mkdir -p $repo/.github/workflows # Create the workflows directory if it does not exist | |
| # Copy all files except the specific ones to certain repos | |
| if [[ " ${SPECIFIC_REPOS} " =~ " ${repo} " ]]; then | |
| for file in temp-workflows/*; do | |
| if ! [[ " ${SPECIFIC_FILES} " =~ " $(basename $file) " ]]; then | |
| cp -r $file $repo/.github/workflows/ | |
| fi | |
| done | |
| else | |
| cp -r temp-workflows/* $repo/.github/workflows/ | |
| fi | |
| cd $repo | |
| git add . | |
| git commit -m "ci: sync workflows from central-workflows ${SIGNED_OFF_BY}" || echo "No changes to commit" | |
| git push origin sync-workflows-update || git push origin sync-workflows-update --force | |
| # Clear the GITHUB_TOKEN environment variable and use a temporary file for gh authentication | |
| echo "${{ secrets.GH_TOKEN }}" > /tmp/gh_token | |
| unset GITHUB_TOKEN | |
| gh auth login --with-token < /tmp/gh_token | |
| # Create the PR with reviewers | |
| IFS=',' read -ra REVIEWERS <<< "${PR_REVIEWERS}" | |
| REVIEWERS_ARGS="" | |
| for reviewer in "${REVIEWERS[@]}"; do | |
| REVIEWERS_ARGS+="--reviewer $reviewer " | |
| done | |
| gh pr create --title "ci: sync workflows from central-workflows" --body "This PR syncs workflows from the central-workflows repository. ${SIGNED_OFF_BY}" --base dev --head sync-workflows-update $REVIEWERS_ARGS || echo "PR already exists, updating existing PR" | |
| # Cleanup | |
| rm /tmp/gh_token | |
| cd .. | |
| done |