modulesync_config/.github/workflows/update.yml at 765db424d20ffc185c1704a9cd711783317292b2 · kenyon/modulesync_config · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
---
name: Update all Puppet modules

on:
  workflow_dispatch: {}
  push:
    tags:
      - '*'

permissions:
  contents: read

env:
  GIT_AUTHOR_NAME: pccibot
  GIT_AUTHOR_EMAIL: [email protected]
  GIT_COMMITTER_NAME: pccibot
  GIT_COMMITTER_EMAIL: [email protected]
  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
  GITHUB_BASE_URL: https://api.github.com

jobs:
  msync:
    runs-on: ubuntu-latest
    name: Run msync against all modules
    if: ${{ github.repository_owner == 'voxpupuli' }}
    steps:
      - name: checkout code
        # the action has a ssh-key option.
        # when provided, it configures the ssh/git config to authenticate automatically with that key to the source repo
        # the authentication won't be used for other repos (which we need for msync), so we cannot use the option
        # that's the reason for the 'Add SSH key' step
        #
        # the "ref: github.ref" is required for the tag to be properly checked out, as a workaround
        # for https://github.com/actions/checkout/issues/1638
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          fetch-tags: true
          ref: ${{ github.ref }}
      - name: Setup ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ruby
          bundler-cache: true
      - name: Add SSH key
        run: |
            mkdir -p ~/.ssh
            echo "${{ secrets.PCCI_SSH_PRIVATE_KEY }}" > ~/.ssh/github_actions
            chmod 600 ~/.ssh/github_actions
            ssh-agent -a $SSH_AUTH_SOCK > /dev/null
            ssh-add ~/.ssh/github_actions
      - name: set git user & email & commit signing
        run: |
          git config --global user.email "$GIT_AUTHOR_EMAIL"
          git config --global user.name "$GIT_AUTHOR_NAME"
          git config --global gpg.format ssh
          git config --global user.signingkey ~/.ssh/github_actions
          git config --global commit.gpgsign true
      - name: Run msync
        env:
          # https://github.com/voxpupuli/modulesync?tab=readme-ov-file#submitting-prsmrs-to-github-or-gitlab
          GITHUB_TOKEN: '${{ secrets.PCCI_PAT_MODULESYNC_PR }}'
        run: |
          bundle exec msync update --verbose \
            --pr \
            --pr-labels modulesync \
            --pr-title "modulesync $(git describe)" \
            --message "modulesync $(git describe)"