Bump webhook in rancher/rancher #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bump webhook in rancher/rancher | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| rancher_ref: | |
| description: "Submit PR against the following rancher/rancher branch (eg: main)" | |
| required: true | |
| default: "main" | |
| prev_webhook: | |
| description: "Previous Webhook version (eg: v0.5.0-rc.13)" | |
| required: true | |
| default: "" | |
| new_webhook: | |
| description: "New Webhook version (eg: v0.5.0-rc.14)" | |
| required: true | |
| default: "" | |
| env: | |
| RANCHER_REF: ${{ github.event.inputs.rancher_ref }} | |
| WEBHOOK_REF: "${{ github.ref_name }}" | |
| PREV_WEBHOOK: ${{ github.event.inputs.prev_webhook }} | |
| NEW_WEBHOOK: ${{ github.event.inputs.new_webhook }} | |
| jobs: | |
| create-rancher-pr: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # Required for vault | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: "${{ env.WEBHOOK_REF }}" | |
| path: webhook | |
| - uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ; | |
| secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY | |
| # Fetch github token just for the rancher repository | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.APP_ID }} | |
| private-key: ${{ env.PRIVATE_KEY }} | |
| repositories: | | |
| rancher | |
| - name: Checkout rancher repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.repository_owner }}/rancher | |
| ref: "${{ env.RANCHER_REF }}" | |
| token: ${{ steps.app-token.outputs.token }} | |
| path: rancher | |
| # Allow making git push request later on | |
| persist-credentials: true | |
| - name: Configure the committer | |
| run: | | |
| cd rancher | |
| user_id=$(gh api "/users/$APP_USER" --jq .id) | |
| git config --global user.name "$APP_USER" | |
| git config --global user.email "${user_id}+${APP_USER}@users.noreply.github.com" | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| APP_USER: "${{ steps.app-token.outputs.app-slug }}[bot]" | |
| - name: Install dependencies | |
| run: sudo snap install yq --channel=v4/stable | |
| - name: Run release script | |
| run: | | |
| cd rancher | |
| BRANCH="bump-webhook-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" | |
| echo "BRANCH=${BRANCH}" >> $GITHUB_ENV | |
| git checkout -b "$BRANCH" "$RANCHER_REF" | |
| ../webhook/.github/workflows/scripts/release-against-rancher.sh . "$NEW_WEBHOOK" | |
| - name: Push and create pull request | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| cd rancher | |
| git push origin $BRANCH | |
| body=$(../webhook/.github/workflows/scripts/release-message.sh "$PREV_WEBHOOK" "$NEW_WEBHOOK") | |
| gh pr create \ | |
| --title "[$RANCHER_REF] Bump rancher-webhook to $NEW_WEBHOOK" \ | |
| --body "$body" \ | |
| --repo ${{ github.repository_owner }}/rancher \ | |
| --head "${{ github.repository_owner }}:$BRANCH" \ | |
| --base "$RANCHER_REF" |