-
Notifications
You must be signed in to change notification settings - Fork 1
197 lines (197 loc) · 8.01 KB
/
update-stores.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#name: Create Cert Store Update Pull Request
#
#on:
# repository_dispatch:
# types: targetRepo-event
# workflow_dispatch:
# inputs:
# targetRepo:
# description: 'Target repository for workflow_dispatch'
# default: 'all'
# targetRef:
# description: 'Target ref for workflow_dispatch'
# default: 'latest'
#
#jobs:
# create_pull_request:
# runs-on: ubuntu-latest
# steps:
# - name: Set TARGET_REPO_BRANCH from workflow_dispatch input
# if: github.event_name == 'workflow_dispatch'
# id: set-local-env-vars
# run: |
# echo "TARGET_REPO_BRANCH=${{ inputs.targetRef }}" | tee -a $GITHUB_ENV
# echo "KFUTIL_ARG=${{ inputs.targetRepo }}" | tee -a $GITHUB_ENV
# - name: Set TARGET_REPO_BRANCH from repository_dispatch input
# if: github.event_name == 'repository_dispatch'
# id: set-env-vars-from-payload
# run: |
# echo "TARGET_REPO_BRANCH=${{ github.event.client_payload.targetRef }}" | tee -a $GITHUB_ENV
# echo "KFUTIL_ARG=${{ github.event.client_payload.targetRepo }}" | tee -a $GITHUB_ENV
# - name: Check Open PRs for Existing Branch
# id: check-branch
# uses: actions/github-script@v7
# with:
# script: |
# // Look for open pull requests
# const owner = context.repo.owner;
# const repo = context.repo.repo;
# const pulls = await github.rest.pulls.list({
# owner,
# repo,
# state: "open"
# });
# // Filter out ones matching the KFUTIL_ARG from payload (repository_dispatch) or input (workflow_dispatch)
# const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.KFUTIL_ARG }}'); // Look for an existing branch with the orchestrator repo name
# const isBranch = (filteredData.length > 0)
# if (isBranch) {
# const {
# head: { ref: incomingBranch }, base: { ref: baseBranch }
# } = pulls.data[0]
# core.setOutput('PR_BRANCH', 'commit'); // Just commit since the branch exists
# console.log(`incomingBranch: ${incomingBranch}`)
# console.log(`baseBranch: ${baseBranch}`)
# } else {
# core.setOutput('PR_BRANCH', 'create') // No branch, create one
# }
# console.log(`Branch exists?`)
# console.log(filteredData.length > 0)
# console.log(`targetRepo: ${{env.KFUTIL_ARG}}`)
# - name: set env.PR_BRANCH value for jobs
# run: |
# echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV
#
## If the branch with an open PR already exists, first check out that branch from kfutil
# - name: Check out existing repo merge branch
# if: env.PR_BRANCH == 'commit'
# uses: actions/checkout@v4
# with:
# repository: 'keyfactor/kfutil'
# sparse-checkout: |
# .github
# path: './merge-folder/'
# token: ${{ secrets.V2BUILDTOKEN }}
# ref: '${{env.KFUTIL_ARG}}'
#
## If the branch does not exist, first check out the main branch from kfutil.
# - name: Check out main
# if: env.PR_BRANCH == 'create'
# uses: actions/checkout@v4
# with:
# repository: 'keyfactor/kfutil'
# sparse-checkout: |
# .github
# path: './merge-folder/'
# token: ${{ secrets.V2BUILDTOKEN }}
#
## Save a copy of the original json
# - name: Save original store_types.json
# run: |
# echo "Saving original store_types.json as store_types.sav.json"
# cp ./merge-folder/store_types.json ./merge-folder/store_types.sav.json
#
## Checkout and run the python tool
# - name: Check out python merge tool repo
# uses: actions/checkout@v4
# with:
# repository: 'keyfactor/integration-tools'
# path: './tools/'
# token: ${{ secrets.V2BUILDTOKEN }}
#
# - name: Run Python Script
# working-directory: ./tools/store-type-merge
# run: |
# python main.py --repo-name ${{ env.KFUTIL_ARG }} --ref ${{ env.TARGET_REPO_BRANCH }}
# cat store_types.json
# env:
# GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }}
#
# - name: Save Store Types JSON Artifact
# if: success()
# uses: actions/upload-artifact@v3
# with:
# name: store-types
# path: |
# ./tools/store-type-merge/store_types.json
# ./merge-folder/store_types.sav.json
#
# - name: Save Invalid Store Types JSON Artifact
# if: success()
# uses: actions/upload-artifact@v3
# with:
# name: invalid-repos
# path: ./tools/store-type-merge/invalid_repos.json
#
# - name: Save logs directory
# if: success()
# uses: actions/upload-artifact@v3
# with:
# name: logs
# path: ./tools/store-type-merge/log
#
## Copy the result to the pr commit folder
# - name: Copy store-type-merge results
# run: |
# echo "Saving original store_types.json as store_types.sav.json"
# cp -f ./tools/store-type-merge/store_types.json ./merge-folder/store_types.json
#
## Diff the new json against the saved copy and set an UPDATE_FILE variable
# - name: Diff the results
# run: |
# echo "Diff the results"
# echo "Set UPDATE_FILE=1 if differences"
# if cmp -s ./merge-folder/store_types.json ./merge-folder/store_types.sav.json ;
# then echo "UPDATE_FILE=F" | tee -a $GITHUB_ENV;
# else echo "UPDATE_FILE=T" | tee -a $GITHUB_ENV;
# fi
# diff ./merge-folder/store_types.json ./merge-folder/store_types.sav.json || true
#
## There are two different steps with a condition to check the PR_BRANCH env var
## Both steps will contain a check for the UPDATE_FILE variable before running
# - name: Add and Commit to newly created branch
# if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create' }}
# uses: Keyfactor/add-and-commit@v9.1.3
# env:
# GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
# with:
# add: store_types.json --force
# message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}
# author_name: Keyfactor
# author_email: keyfactor@keyfactor.github.io
# cwd: './merge-folder/'
# new_branch: ${{env.KFUTIL_ARG}}
#
# - name: Add and Commit to existing branch
# if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }}
# uses: Keyfactor/add-and-commit@v9.1.3
# env:
# GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
# with:
# add: store_types.json --force
# message: Update store_types.json for ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}
# author_name: Keyfactor
# author_email: keyfactor@keyfactor.github.io
# cwd: './merge-folder/'
#
# - name: Create new PR for the newly created branch
# if: env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create'
# uses: actions/github-script@v7
# with:
# script: |
# console.log(`Created ${{env.KFUTIL_ARG}} `)
# console.log("Commit to ${{env.KFUTIL_ARG}} for PR")
# const owner = context.repo.owner;
# const repo = context.repo.repo;
# const baseBranch = 'main';
# const newBranch = '${{env.KFUTIL_ARG}}';
# const response = await github.rest.pulls.create({
# owner,
# repo,
# title: 'New Pull Request - ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}',
# head: newBranch,
# base: baseBranch,
# body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.',
# });
# console.log(`Pull request created: ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} : ${response.data.html_url}`);
# env:
# GITHUB_TOKEN: ${{ secrets.V2BUILDTOKEN }}