mirror of
https://github.com/hashicorp/vault.git
synced 2025-12-26 20:01:12 +01:00
8a571a3e22
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
110 lines
4.3 KiB
YAML
110 lines
4.3 KiB
YAML
name: Plugin update
|
|
run-name: Update ${{ inputs.repo }} by @${{ github.actor }}
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: string
|
|
description: 'The owner and repository name. Ex: hashicorp/vault-plugin-auth-jwt'
|
|
required: true
|
|
plugin_tag:
|
|
type: string
|
|
description: 'The name of the plugin tag. Ex: v0.5.1'
|
|
required: true
|
|
|
|
jobs:
|
|
plugin-update:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
VAULT_BRANCH: "update/${{ inputs.repo }}/${{ inputs.plugin_tag }}"
|
|
steps:
|
|
- run: echo "Branch ${{ inputs.plugin_tag }} of ${{ inputs.repo }}"
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
# We don't use the default token so that checks are executed on the resulting PR
|
|
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
|
|
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
|
|
go-version-file: .go-version
|
|
|
|
- name: update plugin
|
|
run: |
|
|
go get "github.com/${{ inputs.repo }}@${{ inputs.plugin_tag }}"
|
|
go mod tidy
|
|
|
|
- name: detect changes
|
|
run: |
|
|
count=$(git status --porcelain=v1 2>/dev/null | wc -l)
|
|
if [ "$count" -eq 0 ]; then
|
|
echo "error: no updates were made for repo ${{ inputs.repo }} with tag ${{ inputs.plugin_tag }}"
|
|
exit 1
|
|
fi
|
|
|
|
- name: commit/push
|
|
run: |
|
|
git config user.name hc-github-team-secure-vault-ecosystem
|
|
git config user.email hc-github-team-secure-vault-ecosystem@users.noreply.github.com
|
|
git add go.mod go.sum
|
|
git commit -m "Automated dependency upgrades"
|
|
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
|
|
|
|
- name: Open pull request if needed
|
|
id: pr
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
# Only open a PR if the branch is not attached to an existing one
|
|
run: |
|
|
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
|
|
|
|
if [ -z "$PR" ]; then
|
|
gh pr create \
|
|
--head "$VAULT_BRANCH" \
|
|
--reviewer "${{ github.actor }}" \
|
|
--title "Update ${{ inputs.repo }} to ${{ inputs.plugin_tag }}" \
|
|
--body "This PR was generated by a GitHub Action. Full log: https://github.com/hashicorp/vault/actions/runs/${{ github.run_id }}"
|
|
|
|
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
|
|
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "Pull request already exists, won't create a new one."
|
|
fi
|
|
|
|
- name: Add changelog
|
|
if: steps.pr.outputs.vault_pr_num != ''
|
|
run: |
|
|
# strip "hashicorp/" from repo name
|
|
PLUGIN=$(echo ${{ inputs.repo }} | awk -F/ '{print $NF}')
|
|
echo "plugin: $PLUGIN"
|
|
|
|
# plugin type is one of auth/secrets/database
|
|
PLUGIN_TYPE=$(echo "$PLUGIN" | awk -F- '{print $3}')
|
|
echo "plugin type: $PLUGIN_TYPE"
|
|
|
|
# plugin service is the rest of the repo name
|
|
PLUGIN_SERVICE=$(echo "$PLUGIN" | cut -d- -f 4-)
|
|
echo "plugin service: $PLUGIN_SERVICE"
|
|
|
|
echo "\`\`\`release-note:change
|
|
${PLUGIN_TYPE}/${PLUGIN_SERVICE}: Update plugin to ${{ inputs.plugin_tag }}
|
|
\`\`\`" > "changelog/${{ steps.pr.outputs.vault_pr_num }}.txt"
|
|
|
|
git add changelog/
|
|
git commit -m "Add changelog"
|
|
git push origin ${{ github.ref_name }}:"$VAULT_BRANCH"
|
|
|
|
- name: Add labels to Vault PR
|
|
if: steps.pr.outputs.vault_pr_num != ''
|
|
env:
|
|
# this is a different token to the one we have been using that should
|
|
# allow us to add labels
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
continue-on-error: true
|
|
run: |
|
|
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
|
|
--add-label "dependencies" \
|
|
--repo hashicorp/vault
|