mirror of
https://github.com/hashicorp/vault.git
synced 2026-06-13 10:56:26 -04:00
2718994242
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](44c2b7a8a4...a5ac7e51b4)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
115 lines
4.3 KiB
YAML
115 lines
4.3 KiB
YAML
name: Plugin update check
|
|
run-name: ${{ inputs.repo }} update check
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
type: string
|
|
description: 'The owner and repository name as per the github.repository context property.'
|
|
required: true
|
|
plugin_branch:
|
|
type: string
|
|
description: 'The name of the plugin branch.'
|
|
required: true
|
|
|
|
jobs:
|
|
plugin-update-check:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
PLUGIN_REPO: "${{inputs.repo}}"
|
|
PLUGIN_BRANCH: "${{inputs.plugin_branch}}"
|
|
VAULT_BRANCH: "auto-plugin-update/${{inputs.repo}}/${{inputs.plugin_branch}}"
|
|
RUN_ID: "${{github.run_id}}"
|
|
steps:
|
|
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
|
|
with:
|
|
# We don't use the default token so that checks are executed on the resulting PR
|
|
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
|
|
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
|
with:
|
|
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
|
|
go-version-file: .go-version
|
|
|
|
- name: update plugin
|
|
run: |
|
|
go get "github.com/$PLUGIN_REPO@$PLUGIN_BRANCH"
|
|
go mod tidy
|
|
|
|
- name: detect changes
|
|
id: changes
|
|
run: |
|
|
echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: commit/push
|
|
if: steps.changes.outputs.count > 0
|
|
run: |
|
|
git config user.name hc-github-team-secure-vault-ecosystem
|
|
git config user.email hc-github-team-secure-vault-ecosystem@users.noreply.github.com
|
|
git add .
|
|
git commit -m "Automated dependency upgrades"
|
|
git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
|
|
|
|
- name: Open pull request if needed
|
|
id: pr
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
# Only open a PR if the branch is not attached to an existing one
|
|
run: |
|
|
PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
|
|
|
|
if [ -z "$PR" ]; then
|
|
gh pr create \
|
|
--head "$VAULT_BRANCH" \
|
|
--title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
|
|
--body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
|
|
else
|
|
echo "Pull request already exists, won't create a new one."
|
|
fi
|
|
|
|
echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
|
|
echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Add labels to Vault CI check PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
# this is a different token to the one we have been using that should
|
|
# allow us to add labels
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
continue-on-error: true
|
|
run: |
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
|
|
--add-label "dependencies,pr/no-changelog,pr/no-milestone" \
|
|
--repo hashicorp/vault
|
|
|
|
- name: Comment on plugin PR
|
|
if: steps.changes.outputs.count > 0
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
|
|
run: |
|
|
# get Plugin PR number
|
|
plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
|
|
|
|
if [ -z "$plugin_pr_num" ]; then
|
|
echo "error: no plugin PR found"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
|
|
echo "error: no vault PR found"
|
|
exit 1
|
|
fi
|
|
|
|
# make a comment on the plugin repo's PR
|
|
gh pr comment "$plugin_pr_num" \
|
|
--body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
|
|
--repo "$PLUGIN_REPO"
|