-
Notifications
You must be signed in to change notification settings - Fork 11
133 lines (119 loc) · 5.4 KB
/
update-lib.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
name: Update alz lib
# yamllint disable-line rule:truthy
on:
schedule:
- cron: "0 8 * * 1-5"
workflow_dispatch: {}
permissions:
contents: write
pull-requests: write
env:
remote_repository: "Azure/Enterprise-Scale"
branch_name: "update-lib"
pr_title: "feat: update library (automated)"
pr_body:
"This is an automated 'pull_request' containing updates to the library templates stored in 'lib'.\n
Please review the 'files changed' tab to review changes."
jobs:
update-lib:
name: update
environment: libupdate
runs-on: ubuntu-latest
steps:
- name: Local repository checkout
uses: actions/checkout@v4
with:
path: ${{ github.repository }}
fetch-depth: 0
- name: Remote repository checkout
uses: actions/checkout@v4
with:
repository: ${{ env.remote_repository }}
path: ${{ env.remote_repository }}
ref: main
- uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.TOKEN_APP_ID }}
private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
- name: Configure local git
run: |
git config user.name github-actions
git config user.email [email protected]
working-directory: ${{ github.repository }}
- name: Create and checkout branch
run: |
BRANCH_URL="repos/${{ github.repository }}/branches"
JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
if [ -z "$CHECK_BRANCH_ORIGIN" ]
then
echo "Checkout local branch (create new, no origin)..."
git checkout -b ${{ env.branch_name }}
else
echo "Checkout local branch (create new, track from origin)..."
git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
fi
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
- name: Update library templates
uses: azure/powershell@v1
with:
inlineScript: |
Write-Information "==> Running policy definitions script..." -InformationAction Continue
${{ github.workspace }}/${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
-AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}/platform/alz" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" `
-Reset
Write-Information "==> Running policy assignments script..." -InformationAction Continue
${{ github.workspace }}/${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignments.ps1 `
-AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}/platform/alz" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
Write-Information "==> Running archetypes script..." -InformationAction Continue
${{ github.workspace }}/${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
-AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-TargetPath "${{ github.workspace }}/${{ github.repository }}/platform/alz" `
-SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
azPSVersion: "latest"
- name: Check for changes
id: git_status
run: |
mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
printf "%s\n" "${CHECK_GIT_STATUS[@]}"
echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
working-directory: ${{ github.repository }}
- name: Add files, commit and push
if: steps.git_status.outputs.changes > 0
run: |
echo "Pushing changes to origin..."
git add platform/alz
git commit -m '${{ env.pr_title }}'
git push origin ${{ env.branch_name }}
working-directory: ${{ github.repository }}
- name: Create pull request
if: steps.git_status.outputs.changes > 0
run: |
HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
if [ -z "$CHECK_PULL_REQUEST_URL" ]
then
CHECK_PULL_REQUEST_URL=$(gh pr create \
--title "${{ env.pr_title }}" \
--body "${{ env.pr_body }}" \
--base "${{ github.ref }}" \
--head "${{ env.branch_name }}" \
--draft)
echo "Created new PR: $CHECK_PULL_REQUEST_URL"
else
echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
fi
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}