-
Notifications
You must be signed in to change notification settings - Fork 2
91 lines (77 loc) · 3.69 KB
/
reverse-config-label-sync.yml
File metadata and controls
91 lines (77 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Reverse-Config-Label-Sync
on:
push:
paths:
- "config/labels.jsonc"
permissions:
contents: read
jobs:
reverse-sync:
if: ${{ github.ref_name == github.event.repository.default_branch }}
runs-on: ubuntu-latest
steps:
- name: Check out triggering commit
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
fetch-depth: 2
- name: Check triggering commit
id: trigger
shell: bash
run: |
author_name="$(git show -s --format='%an' HEAD)"
author_email="$(git show -s --format='%ae' HEAD)"
committer_name="$(git show -s --format='%cn' HEAD)"
committer_email="$(git show -s --format='%ce' HEAD)"
changed_files="$(git diff-tree --no-commit-id --name-only -r -m HEAD)"
is_bot_commit=false
case "${author_name}|${author_email}|${committer_name}|${committer_email}" in
*"[bot]"*|*"github-actions[bot]"*|*"41898282+github-actions[bot]@users.noreply.github.com"*)
is_bot_commit=true
;;
esac
has_labels_change=false
if echo "${changed_files}" | grep -qx 'config/labels\.jsonc'; then
has_labels_change=true
fi
echo "Commit author: ${author_name} <${author_email}>"
echo "Commit committer: ${committer_name} <${committer_email}>"
echo "config/labels.jsonc changed: ${has_labels_change}"
echo "Bot commit: ${is_bot_commit}"
echo "has_labels_change=${has_labels_change}" >> "${GITHUB_OUTPUT}"
echo "is_bot_commit=${is_bot_commit}" >> "${GITHUB_OUTPUT}"
- name: Set up Node.js
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' }}
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Load properties
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' }}
id: properties
env:
GITHUB_REPOSITORY: ${{ github.repository }}
run: node scripts/export-properties.mjs
- name: Resolve PAT auth token
id: pat_auth
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' && steps.properties.outputs.auth_mode == 'pat' }}
env:
AUTH_MODE: pat
PAT_TOKEN: ${{ secrets[steps.properties.outputs.pat_token_secret_name] }}
run: node scripts/create-github-auth-token.mjs
- name: Resolve GitHub App auth token
id: app_auth
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' && steps.properties.outputs.auth_mode == 'githubApp' }}
env:
AUTH_MODE: githubApp
GITHUB_APP_ID: ${{ secrets[steps.properties.outputs.github_app_id_secret_name] }}
GITHUB_APP_PRIVATE_KEY: ${{ secrets[steps.properties.outputs.github_app_private_key_secret_name] }}
GITHUB_APP_INSTALLATION_ID: ${{ secrets[steps.properties.outputs.github_app_installation_id_secret_name] }}
run: node scripts/create-github-auth-token.mjs
- name: Validate config
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' }}
run: node scripts/reverse-config-label-sync.mjs --validate-only
- name: Sync config into source repo labels
if: ${{ steps.trigger.outputs.has_labels_change == 'true' && steps.trigger.outputs.is_bot_commit != 'true' }}
env:
SOURCE_REPOSITORY: ${{ steps.properties.outputs.source_repository }}
run: node scripts/reverse-config-label-sync.mjs