mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-14 20:31:41 +01:00
842dff8342
Update the Github Actions pins to use the next generation of actions that are supported by CRT. In some cases these are simply to resolve Node 16 deprecations. In others, we can now use `action/upload-artifact@v4` and `actions/download-artifact@v4` since the next generation of actions like `hashicorp/actions-docker-build@v2` and `hashicorp/actions-persist-metadata@v2` use the `v4` versions of these. Signed-off-by: Ryan Cragun <me@ryan.ec>
116 lines
4.3 KiB
YAML
116 lines
4.3 KiB
YAML
name: Plugin update check
|
|
run-name: ${{ inputs.repo }} update check
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: string
|
|
description: 'The owner and repository name as per the github.repository context property.'
|
|
required: true
|
|
plugin_branch:
|
|
type: string
|
|
description: 'The name of the plugin branch.'
|
|
required: true
|
|
|
|
jobs:
|
|
plugin-update-check:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
PLUGIN_REPO: "${{inputs.repo}}"
|
|
PLUGIN_BRANCH: "${{inputs.plugin_branch}}"
|
|
VAULT_BRANCH: "auto-plugin-update/${{inputs.repo}}/${{inputs.plugin_branch}}"
|
|
RUN_ID: "${{github.run_id}}"
|
|
steps:
|
|
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
|
|
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
|
with:
|
|
# We don't use the default token so that checks are executed on the resulting PR
|
|
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
|
|
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
|
with:
|
|
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
|
|
go-version-file: .go-version
|
|
|
|
- name: update plugin
|
|
run: |
|
|
go get "github.com/$PLUGIN_REPO@$PLUGIN_BRANCH"
|
|
go mod tidy
|
|
|
|
- name: detect changes
|
|
id: changes
|
|
run: |
|
|
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: commit/push
|
|
if: steps.changes.outputs.count > 0
|
|
run: |
|
|
git config user.name hc-github-team-secure-vault-ecosystem
|
|
git config user.email hc-github-team-secure-vault-ecosystem@users.noreply.github.com
|
|
git add .
|
|
git commit -m "Automated dependency upgrades"
|
|
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
|
|
|
|
- name: Open pull request if needed
|
|
id: pr
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
# Only open a PR if the branch is not attached to an existing one
|
|
run: |
|
|
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
|
|
|
|
if [ -z "$PR" ]; then
|
|
gh pr create \
|
|
--head "$VAULT_BRANCH" \
|
|
--title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
|
|
--body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
|
|
else
|
|
echo "Pull request already exists, won't create a new one."
|
|
fi
|
|
|
|
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
|
|
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Add labels to Vault CI check PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
# this is a different token to the one we have been using that should
|
|
# allow us to add labels
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
continue-on-error: true
|
|
run: |
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
|
|
--add-label "dependencies,pr/no-changelog,pr/no-milestone" \
|
|
--repo hashicorp/vault
|
|
|
|
- name: Comment on plugin PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
run: |
|
|
# get Plugin PR number
|
|
plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
|
|
|
|
if [ -z "$plugin_pr_num" ]; then
|
|
echo "error: no plugin PR found"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
# make a comment on the plugin repo's PR
|
|
gh pr comment "$plugin_pr_num" \
|
|
--body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
|
|
--repo "$PLUGIN_REPO"
|