-
Notifications
You must be signed in to change notification settings - Fork 0
115 lines (106 loc) · 3.93 KB
/
sync_templates.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Synchronize Templates
on:
workflow_call:
inputs:
committer:
default: "GitHub <[email protected]>"
type: string
description: "Committer to use for the PR in the format: 'username <[email protected]>'"
required: false
secrets:
PAT:
required: true
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
jobs:
setup:
name: "Setup"
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.setVariables.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: setVariables
run: |
repos=$(jq '.repos | keys' -c .gerp/config.json)
echo "::set-output name=matrix::$repos"
- run: |
echo '### Template synchronization' >> $GITHUB_STEP_SUMMARY
echo 'Started template synchronization' >> $GITHUB_STEP_SUMMARY
echo 'Created pull requests will be shown below' >> $GITHUB_STEP_SUMMARY
make-pr:
name: "Make PR on ${{matrix.repo}}"
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
repo: ${{fromJson(needs.setup.outputs.matrix)}}
steps:
- name: Checkout template repository
uses: actions/checkout@v3
with:
path: "template-repo"
- name: Checkout target repository
uses: actions/checkout@v3
with:
repository: ${{matrix.repo}}
path: "target-repo"
token: ${{ secrets.PAT }}
- name: Install Mustache
run: npm install -g mustache
- name: Generate files
run: |
repo=${{ matrix.repo }}
jq --arg repo "$repo" '.repos[$repo].inputs' $GITHUB_WORKSPACE/template-repo/.gerp/config.json > inputs.json
for f in $(find $GITHUB_WORKSPACE/template-repo/template -type f); do
outpath=$GITHUB_WORKSPACE/target-repo/${f#./*/}
mkdir -p $(dirname $outpath) && touch $outpath
mustache inputs.json $f > $outpath
echo generated $outpath
done
- name: GPG Secret Check
env:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE}}
gpg_comitter: ${{ inputs.committer}}
if: ${{ env.gpg_private_key == '' || env.gpg_passphrase == '' || env.gpg_committer == '' }}
run: |
echo "SKIPPING GPG, MISSING GPG SECRETS"
- name: Enable GPG Signing
uses: crazy-max/ghaction-import-gpg@v5
env:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE}}
gpg_comitter: ${{ secrets.GPG_COMMITTER }}
if: ${{ env.gpg_private_key != '' && env.gpg_passphrase != '' && env.gpg_committer != 'GitHub <[email protected]>' }}
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
workdir: "target-repo"
- name: Create pull request
id: create-pr
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.PAT }}
path: target-repo
commit-message: "GERP updated files from templates"
title: "GERP sync from ${{ github.REPOSITORY }}"
body: "GERP synchronizing template from [${{ github.REPOSITORY }}](${{ github.GITHUB_SERVER_URL }}/${{ github.REPOSITORY }})"
delete-branch: true
committer: ${{ inputs.committer }}
- name: Print Failed Summary
if: ${{ failure() }}
run: echo "- Failed to sync template for ${{ matrix.repo }} :x:" >> $GITHUB_STEP_SUMMARY
- name: Print Succeeded Summary
run: echo "- ${{ steps.create-pr.outputs.pull-request-url }}" >> $GITHUB_STEP_SUMMARY
finish:
name: "Finish"
needs: make-pr
runs-on: ubuntu-latest
steps:
- run: echo 'Finished template synchronization' >> $GITHUB_STEP_SUMMARY