Advance main #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Advance main" | |
| on: | |
| workflow_dispatch: | |
| concurrency: | |
| group: advance-main | |
| cancel-in-progress: false | |
| permissions: {} | |
| jobs: | |
| advance: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Fast-forward main to develop | |
| # Requires RepositoryRole admin bypass actor on the protect-main ruleset. | |
| # Without it, GITHUB_TOKEN cannot update main directly and this step fails. | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| DEVELOP_SHA=$(gh api repos/"$REPO"/git/ref/heads/develop --jq '.object.sha') | |
| # force=false ensures this is always a true fast-forward; rejects if main has diverged | |
| gh api repos/"$REPO"/git/refs/heads/main \ | |
| --method PATCH \ | |
| --field sha="$DEVELOP_SHA" \ | |
| --field force=false | |
| - name: Verify main matches develop | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| MAIN_SHA=$(gh api repos/"$REPO"/git/ref/heads/main --jq '.object.sha') | |
| DEVELOP_SHA=$(gh api repos/"$REPO"/git/ref/heads/develop --jq '.object.sha') | |
| if [[ "$MAIN_SHA" != "$DEVELOP_SHA" ]]; then | |
| echo "ERROR: main ($MAIN_SHA) does not match develop ($DEVELOP_SHA) after advance" | |
| exit 1 | |
| fi | |
| echo "main and develop are in sync at $MAIN_SHA" |