From 29d04342d0bd6047538dd7f52a7e64a8ca2d4baa Mon Sep 17 00:00:00 2001 From: andy Augustin Date: Wed, 13 Mar 2024 23:24:00 +0100 Subject: [PATCH] feat!: :sparkles: migrate from docker action to composite action (#498) * chore: :bricks: use composite instead of docker * fix: :bug: make files executable * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: * feat: :sparkles: git lfs now with flag * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: * fix: :bug: issue with known hosts Signed-off-by: Andy Augustin * style: :rotating_light: fix lint issues Signed-off-by: Andy Augustin * docs: :memo: document realease notes v2 Signed-off-by: Andy Augustin --------- Signed-off-by: Andy Augustin --- .github/workflows/actions_template_sync.yml | 2 +- README.md | 26 +++++--- action.yml | 66 +++++++++++++-------- src/entrypoint.sh | 35 +++++++---- src/gpg_no_tty.sh | 0 src/sync_template.sh | 4 +- src/test-config.yaml | 0 7 files changed, 84 insertions(+), 49 deletions(-) mode change 100644 => 100755 src/entrypoint.sh mode change 100644 => 100755 src/gpg_no_tty.sh mode change 100644 => 100755 src/sync_template.sh mode change 100644 => 100755 src/test-config.yaml diff --git a/.github/workflows/actions_template_sync.yml b/.github/workflows/actions_template_sync.yml index fd69cebe..460248ef 100644 --- a/.github/workflows/actions_template_sync.yml +++ b/.github/workflows/actions_template_sync.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: AndreasAugustin/template diff --git a/README.md b/README.md index 11ba2cc1..e703debc 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ jobs: # submodules: true - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: source_repo_path: upstream_branch: # defaults to main @@ -133,7 +133,7 @@ jobs: token: ${{ steps.generate_token.outputs.token }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ steps.generate_token.outputs.token }} source_repo_path: @@ -169,7 +169,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # , should be within secrets @@ -223,7 +223,7 @@ jobs: token: ${{ secrets.CUSTOM_GITHUB_PAT }} - name: Test action step PAT - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ secrets.CUSTOM_GITHUB_PAT }} source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # , should be within secrets @@ -244,6 +244,7 @@ jobs: | pr_reviewers | `[optional]` comma separated list of pull request reviewers. | `false` | | | pr_commit_msg | `[optional]` commit message in the created pull request | `false` | `chore(template): merge template changes :up:` | | hostname | `[optional]` the hostname of the repository | `false` | `github.com` | +| is_git_lfs | `[optional]` set to `true` if you want to enalbe git lfs | `false` | `false` | | is_dry_run | `[optional]` set to `true` if you do not want to push the changes and not want to create a PR | `false` | | | is_allow_hooks | `[optional]` set to `true` if you want to enable lifecycle hooks. Use this with caution! | `false` | `false` | | hooks | `[optional]` please check the lifecycle hooks section below | `false` | | @@ -371,7 +372,7 @@ jobs: uses: actions/checkout@v4 - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: @@ -407,7 +408,7 @@ E.q. for the installation phase you need to use commands like `apk add --update ```yml - name: Test action step - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 env: MY_VAR: "foo" # possible to define envrionment variables with: @@ -428,7 +429,7 @@ E.q. for the installation phase you need to use commands like `apk add --update ```yml - name: Test action step - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: source_repo_path: AndreasAugustin/template.git upstream_branch: main @@ -527,7 +528,7 @@ You need to change the default one e.g. to `git_remote_pull_params: --allow-unre token: ${{ secrets. }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v1 + uses: AndreasAugustin/actions-template-sync@v2 with: github_token: ${{ secrets.GITHUB_TOKEN }} source_repo_path: @@ -540,8 +541,13 @@ You need to change the default one e.g. to `git_remote_pull_params: --allow-unre Open your project `Settings > Actions > General` and select the checkbox `Allow GitHub Actions to create and approve pull requests` under the `Workflow permissions` section. -## Release Updates +## Release update notes +* `v2` + * `git lfs` is no default anymore. Enable with `is_git_lfs` parameter. + * infrastructure change: now using [composite action][action-composite] instead of [docker action][action-docker] + to be more flexible to combine more actions (file system permissions). + * local `git config` now instead of global `git config --global` in respect to be more flexible in chaining actions. * :warning: starting with version `v1` (`v1.0.0`) the `upstream_branch` variable default is not `main` anymore. It is now set to the remote default branch. * starting with version v0.5.2-draft the `templateversionrc` file is not needed anymore. You can delete that file from the target repositories. @@ -637,6 +643,8 @@ specification. Contributions of any kind are welcome! [enabling-debug-logging]: https://docs.github.com/en/actions/managing-workflow-runs/enabling-debug-logging [deployment-keys]: https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys [action-triggers]: https://docs.github.com/en/actions/reference/events-that-trigger-workflows +[action-composite]: https://docs.github.com/en/actions/creating-actions/creating-a-composite-action +[action-docker]: https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action [template]: https://github.com/AndreasAugustin/template [marketplace]: https://github.com/marketplace/actions/actions-template-sync [self-usage]: https://github.com/AndreasAugustin/actions-template-sync/blob/main/.github/workflows/actions_template_sync.yml diff --git a/action.yml b/action.yml index 9483449f..b781053b 100644 --- a/action.yml +++ b/action.yml @@ -54,6 +54,9 @@ inputs: is_force_deletion: description: "[optional] set to true if you want to force delete files which are deleted within the source repository even if they contain changes" default: "false" + is_git_lfs: + description: "[optional] set to true if you want to enable git lfs" + default: "false" git_user_name: description: "[optional] set the committer git user.name for the merge commit" git_user_email: @@ -64,30 +67,41 @@ inputs: description: "[optional] set the gpg private key if you want to sign your commits" gpg_passphrase: description: "[optional] set if your private gpg key has a password" +outputs: + pr_branch: + description: "The name of the PR branch" + value: ${{ steps.sync.outputs.pr_branch }} runs: - using: "docker" - image: "src/Dockerfile" - env: - GITHUB_TOKEN: ${{ inputs.github_token }} - SOURCE_REPO_PATH: ${{ inputs.source_repo_path }} - UPSTREAM_BRANCH: ${{ inputs.upstream_branch }} - SSH_PRIVATE_KEY_SRC: ${{ inputs.source_repo_ssh_private_key }} - PR_BRANCH_NAME_PREFIX: ${{ inputs.pr_branch_name_prefix }} - PR_TITLE: ${{ inputs.pr_title }} - PR_BODY: ${{ inputs.pr_body }} - PR_LABELS: ${{ inputs.pr_labels }} - PR_REVIEWERS: ${{ inputs.pr_reviewers }} - PR_COMMIT_MSG: ${{ inputs.pr_commit_msg }} - HOSTNAME: ${{ inputs.hostname }} - IS_DRY_RUN: ${{ inputs.is_dry_run }} - IS_ALLOW_HOOKS: ${{ inputs.is_allow_hooks }} - HOOKS: ${{ inputs.hooks }} - IS_FORCE_PUSH_PR: ${{ inputs.is_force_push_pr }} - IS_PR_CLEANUP: ${{ inputs.is_pr_cleanup}} - IS_NOT_SOURCE_GITHUB: ${{ inputs.is_not_source_github }} - IS_FORCE_DELETION: ${{ inputs.is_force_deletion }} - GIT_USER_NAME: ${{ inputs.git_user_name }} - GIT_USER_EMAIL: ${{ inputs.git_user_email }} - GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }} - GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }} - GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }} + using: "composite" + # image: "src/Dockerfile" + steps: + - name: github sync + run: ${{github.action_path}}/src/entrypoint.sh + # working-directory: src/ + shell: bash + id: sync + env: + GITHUB_TOKEN: ${{ inputs.github_token }} + SOURCE_REPO_PATH: ${{ inputs.source_repo_path }} + UPSTREAM_BRANCH: ${{ inputs.upstream_branch }} + SSH_PRIVATE_KEY_SRC: ${{ inputs.source_repo_ssh_private_key }} + PR_BRANCH_NAME_PREFIX: ${{ inputs.pr_branch_name_prefix }} + PR_TITLE: ${{ inputs.pr_title }} + PR_BODY: ${{ inputs.pr_body }} + PR_LABELS: ${{ inputs.pr_labels }} + PR_REVIEWERS: ${{ inputs.pr_reviewers }} + PR_COMMIT_MSG: ${{ inputs.pr_commit_msg }} + HOSTNAME: ${{ inputs.hostname }} + IS_DRY_RUN: ${{ inputs.is_dry_run }} + IS_ALLOW_HOOKS: ${{ inputs.is_allow_hooks }} + HOOKS: ${{ inputs.hooks }} + IS_FORCE_PUSH_PR: ${{ inputs.is_force_push_pr }} + IS_GIT_LFS: ${{ inputs.is_git_lfs }} + IS_PR_CLEANUP: ${{ inputs.is_pr_cleanup}} + IS_NOT_SOURCE_GITHUB: ${{ inputs.is_not_source_github }} + IS_FORCE_DELETION: ${{ inputs.is_force_deletion }} + GIT_USER_NAME: ${{ inputs.git_user_name }} + GIT_USER_EMAIL: ${{ inputs.git_user_email }} + GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }} + GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }} + GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }} diff --git a/src/entrypoint.sh b/src/entrypoint.sh old mode 100644 new mode 100755 index 1fedf364..857c5ad7 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -3,8 +3,10 @@ set -e # set -u # set -x +SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" + # shellcheck source=src/sync_common.sh -source sync_common.sh +source "${SCRIPT_DIR}/sync_common.sh" ########################################### # Precheks @@ -20,6 +22,11 @@ if [[ -z "${SOURCE_REPO_PATH}" ]]; then exit 1 fi +if [[ -z "${HOME}" ]]; then + err "Missing env variable HOME."; + exit 1 +fi + ############################################ # Variables ############################################ @@ -109,9 +116,9 @@ function gpg_setup() { for fpr in $(gpg --list-key --with-colons "${git_user_email}" | awk -F: '/fpr:/ {print $10}' | sort -u); do echo -e "5\ny\n" | gpg --no-tty --command-fd 0 --expert --edit-key "$fpr" trust; done KEY_ID="$(gpg --list-secret-key --with-colons "${git_user_email}" | awk -F: '/sec:/ {print $5}')" - git config --global user.signingkey "${KEY_ID}" - git config --global commit.gpgsign true - git config --global gpg.program /bin/gpg_no_tty.sh + git config user.signingkey "${KEY_ID}" + git config commit.gpgsign true + git config gpg.program "${SCRIPT_DIR}/gpg_no_tty.sh" info "done prepare gpg" echo "::endgroup::" @@ -133,16 +140,20 @@ function git_init() { local git_user_name=$2 local source_repo_hostname=$3 - git config --global user.email "${git_user_email}" - git config --global user.name "${git_user_name}" - git config --global pull.rebase false - git config --global --add safe.directory /github/workspace - # TODO(anau) think about git lfs - git lfs install + git config user.email "${git_user_email}" + git config user.name "${git_user_name}" + git config pull.rebase false + git config --add safe.directory /github/workspace + + if [[ "${IS_GIT_LFS}" == 'true' ]]; then + info "enable git lfs." + git lfs install + fi if [[ "${IS_NOT_SOURCE_GITHUB}" == 'true' ]]; then info "the source repository is not located within GitHub." - ssh-keyscan -t rsa "${source_repo_hostname}" >> /root/.ssh/known_hosts + mkdir -p "${HOME}"/.ssh + ssh-keyscan -t rsa "${source_repo_hostname}" >> "${HOME}"/.ssh/known_hosts else info "the source repository is located within GitHub." gh auth setup-git --hostname "${source_repo_hostname}" @@ -171,4 +182,4 @@ if [[ -n "${GPG_PRIVATE_KEY}" ]] &>/dev/null; then fi # shellcheck source=src/sync_template.sh -source sync_template.sh +source "${SCRIPT_DIR}/sync_template.sh" diff --git a/src/gpg_no_tty.sh b/src/gpg_no_tty.sh old mode 100644 new mode 100755 diff --git a/src/sync_template.sh b/src/sync_template.sh old mode 100644 new mode 100755 index 36eee606..3b2036a5 --- a/src/sync_template.sh +++ b/src/sync_template.sh @@ -4,8 +4,10 @@ set -e # set -u # set -x +SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" + # shellcheck source=src/sync_template.sh -source sync_common.sh +source "${SCRIPT_DIR}/sync_common.sh" ############################################ # Prechecks diff --git a/src/test-config.yaml b/src/test-config.yaml old mode 100644 new mode 100755