feat!: ✨ migrate from docker action to composite action

.github/workflows/actions_template_sync.yml

@@ -19,7 +19,7 @@ jobs:
  - name: Checkout
  uses: actions/checkout@v4
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: AndreasAugustin/template

README.md

@@ -94,7 +94,7 @@ jobs:
  # submodules: true
 
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  source_repo_path: <owner/repo>
  upstream_branch: <target_branch> # defaults to main
@@ -133,7 +133,7 @@ jobs:
  token: ${{ steps.generate_token.outputs.token }}
 
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ steps.generate_token.outputs.token }}
  source_repo_path: <owner/repo>
@@ -169,7 +169,7 @@ jobs:
  token: ${{ secrets.GITHUB_TOKEN }}
 
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # <owner/repo>, should be within secrets
@@ -223,7 +223,7 @@ jobs:
  token: ${{ secrets.CUSTOM_GITHUB_PAT }}
 
  - name: Test action step PAT
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ secrets.CUSTOM_GITHUB_PAT }}
  source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # <owner/repo>, should be within secrets
@@ -244,6 +244,7 @@ jobs:
 | pr_reviewers | `[optional]` comma separated list of pull request reviewers. | `false` | |
 | pr_commit_msg | `[optional]` commit message in the created pull request | `false` | `chore(template): merge template changes :up:` |
 | hostname | `[optional]` the hostname of the repository | `false` | `github.com` |
+| is_git_lfs | `[optional]` set to `true` if you want to enalbe git lfs | `false` | `false` |
 | is_dry_run | `[optional]` set to `true` if you do not want to push the changes and not want to create a PR | `false` | |
 | is_allow_hooks | `[optional]` set to `true` if you want to enable lifecycle hooks. Use this with caution! | `false` | `false` |
 | hooks | `[optional]` please check the lifecycle hooks section below | `false` | |
@@ -371,7 +372,7 @@ jobs:
  uses: actions/checkout@v4
 
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: <owner/repo>
@@ -407,7 +408,7 @@ E.q. for the installation phase you need to use commands like `apk add --update
 
 ```yml
 - name: Test action step
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  env:
  MY_VAR: "foo" # possible to define envrionment variables
  with:
@@ -428,7 +429,7 @@ E.q. for the installation phase you need to use commands like `apk add --update
 
 ```yml
 - name: Test action step
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  source_repo_path: AndreasAugustin/template.git
  upstream_branch: main
@@ -527,7 +528,7 @@ You need to change the default one e.g. to `git_remote_pull_params: --allow-unre
  token: ${{ secrets.<secret_name> }}
 
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1
+ uses: AndreasAugustin/actions-template-sync@v2
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: <owner/repo>
@@ -540,8 +541,13 @@ You need to change the default one e.g. to `git_remote_pull_params: --allow-unre
  Open your project `Settings > Actions > General` and select the checkbox `Allow GitHub Actions to create and approve pull requests`
 under the `Workflow permissions` section.
 
-## Release Updates
+## Release update notes
 
+* `v2`
+ * `git lfs` is no default anymore. Enable with `is_git_lfs` parameter.
+ * infrastructure change: now using [composite action][action-composite] instead of [docker action][action-docker]
+ to be more flexible to combine more actions (file system permissions).
+ * local `git config` now instead of global `git config --global` in respect to be more flexible in chaining actions.
 * :warning: starting with version `v1` (`v1.0.0`) the `upstream_branch` variable default is not `main` anymore. It is now set to the remote default branch.
 * starting with version v0.5.2-draft the `templateversionrc` file is not needed anymore. You can delete that file from the target repositories.
 
@@ -637,6 +643,8 @@ specification. Contributions of any kind are welcome!
 [enabling-debug-logging]: https://docs.github.com/en/actions/managing-workflow-runs/enabling-debug-logging
 [deployment-keys]: https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys
 [action-triggers]: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+[action-composite]: https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
+[action-docker]: https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action
 [template]: https://github.com/AndreasAugustin/template
 [marketplace]: https://github.com/marketplace/actions/actions-template-sync
 [self-usage]: https://github.com/AndreasAugustin/actions-template-sync/blob/main/.github/workflows/actions_template_sync.yml

action.yml

@@ -54,6 +54,9 @@ inputs:
  is_force_deletion:
  description: "[optional] set to true if you want to force delete files which are deleted within the source repository even if they contain changes"
  default: "false"
+ is_git_lfs:
+ description: "[optional] set to true if you want to enable git lfs"
+ default: "false"
  git_user_name:
  description: "[optional] set the committer git user.name for the merge commit"
  git_user_email:
@@ -64,30 +67,41 @@ inputs:
  description: "[optional] set the gpg private key if you want to sign your commits"
  gpg_passphrase:
  description: "[optional] set if your private gpg key has a password"
+outputs:
+ pr_branch:
+ description: "The name of the PR branch"
+ value: ${{ steps.sync.outputs.pr_branch }}
 runs:
- using: "docker"
- image: "src/Dockerfile"
- env:
- GITHUB_TOKEN: ${{ inputs.github_token }}
- SOURCE_REPO_PATH: ${{ inputs.source_repo_path }}
- UPSTREAM_BRANCH: ${{ inputs.upstream_branch }}
- SSH_PRIVATE_KEY_SRC: ${{ inputs.source_repo_ssh_private_key }}
- PR_BRANCH_NAME_PREFIX: ${{ inputs.pr_branch_name_prefix }}
- PR_TITLE: ${{ inputs.pr_title }}
- PR_BODY: ${{ inputs.pr_body }}
- PR_LABELS: ${{ inputs.pr_labels }}
- PR_REVIEWERS: ${{ inputs.pr_reviewers }}
- PR_COMMIT_MSG: ${{ inputs.pr_commit_msg }}
- HOSTNAME: ${{ inputs.hostname }}
- IS_DRY_RUN: ${{ inputs.is_dry_run }}
- IS_ALLOW_HOOKS: ${{ inputs.is_allow_hooks }}
- HOOKS: ${{ inputs.hooks }}
- IS_FORCE_PUSH_PR: ${{ inputs.is_force_push_pr }}
- IS_PR_CLEANUP: ${{ inputs.is_pr_cleanup}}
- IS_NOT_SOURCE_GITHUB: ${{ inputs.is_not_source_github }}
- IS_FORCE_DELETION: ${{ inputs.is_force_deletion }}
- GIT_USER_NAME: ${{ inputs.git_user_name }}
- GIT_USER_EMAIL: ${{ inputs.git_user_email }}
- GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }}
- GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
- GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }}
+ using: "composite"
+ # image: "src/Dockerfile"
+ steps:
+ - name: github sync
+ run: ${{github.action_path}}/src/entrypoint.sh
+ # working-directory: src/
+ shell: bash
+ id: sync
+ env:
+ GITHUB_TOKEN: ${{ inputs.github_token }}
+ SOURCE_REPO_PATH: ${{ inputs.source_repo_path }}
+ UPSTREAM_BRANCH: ${{ inputs.upstream_branch }}
+ SSH_PRIVATE_KEY_SRC: ${{ inputs.source_repo_ssh_private_key }}
+ PR_BRANCH_NAME_PREFIX: ${{ inputs.pr_branch_name_prefix }}
+ PR_TITLE: ${{ inputs.pr_title }}
+ PR_BODY: ${{ inputs.pr_body }}
+ PR_LABELS: ${{ inputs.pr_labels }}
+ PR_REVIEWERS: ${{ inputs.pr_reviewers }}
+ PR_COMMIT_MSG: ${{ inputs.pr_commit_msg }}
+ HOSTNAME: ${{ inputs.hostname }}
+ IS_DRY_RUN: ${{ inputs.is_dry_run }}
+ IS_ALLOW_HOOKS: ${{ inputs.is_allow_hooks }}
+ HOOKS: ${{ inputs.hooks }}
+ IS_FORCE_PUSH_PR: ${{ inputs.is_force_push_pr }}
+ IS_GIT_LFS: ${{ inputs.is_git_lfs }}
+ IS_PR_CLEANUP: ${{ inputs.is_pr_cleanup}}
+ IS_NOT_SOURCE_GITHUB: ${{ inputs.is_not_source_github }}
+ IS_FORCE_DELETION: ${{ inputs.is_force_deletion }}
+ GIT_USER_NAME: ${{ inputs.git_user_name }}
+ GIT_USER_EMAIL: ${{ inputs.git_user_email }}
+ GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }}
+ GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
+ GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }}

src/entrypoint.sh

@@ -3,8 +3,10 @@ set -e
 # set -u
 # set -x
 
+SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
+
 # shellcheck source=src/sync_common.sh
-source sync_common.sh
+source "${SCRIPT_DIR}/sync_common.sh"
 
 ###########################################
 # Precheks
@@ -20,6 +22,11 @@ if [[ -z "${SOURCE_REPO_PATH}" ]]; then
  exit 1
 fi
 
+if [[ -z "${HOME}" ]]; then
+ err "Missing env variable HOME.";
+ exit 1
+fi
+
 ############################################
 # Variables
 ############################################
@@ -109,9 +116,9 @@ function gpg_setup() {
  for fpr in $(gpg --list-key --with-colons "${git_user_email}" | awk -F: '/fpr:/ {print $10}' | sort -u); do echo -e "5\ny\n" | gpg --no-tty --command-fd 0 --expert --edit-key "$fpr" trust; done
 
  KEY_ID="$(gpg --list-secret-key --with-colons "${git_user_email}" | awk -F: '/sec:/ {print $5}')"
- git config --global user.signingkey "${KEY_ID}"
- git config --global commit.gpgsign true
- git config --global gpg.program /bin/gpg_no_tty.sh
+ git config user.signingkey "${KEY_ID}"
+ git config commit.gpgsign true
+ git config gpg.program "${SCRIPT_DIR}/gpg_no_tty.sh"
 
  info "done prepare gpg"
  echo "::endgroup::"
@@ -133,16 +140,20 @@ function git_init() {
  local git_user_name=$2
  local source_repo_hostname=$3
 
- git config --global user.email "${git_user_email}"
- git config --global user.name "${git_user_name}"
- git config --global pull.rebase false
- git config --global --add safe.directory /github/workspace
- # TODO(anau) think about git lfs
- git lfs install
+ git config user.email "${git_user_email}"
+ git config user.name "${git_user_name}"
+ git config pull.rebase false
+ git config --add safe.directory /github/workspace
+
+ if [[ "${IS_GIT_LFS}" == 'true' ]]; then
+ info "enable git lfs."
+ git lfs install
+ fi
 
  if [[ "${IS_NOT_SOURCE_GITHUB}" == 'true' ]]; then
  info "the source repository is not located within GitHub."
- ssh-keyscan -t rsa "${source_repo_hostname}" >> /root/.ssh/known_hosts
+ mkdir -p "${HOME}"/.ssh
+ ssh-keyscan -t rsa "${source_repo_hostname}" >> "${HOME}"/.ssh/known_hosts
  else
  info "the source repository is located within GitHub."
  gh auth setup-git --hostname "${source_repo_hostname}"
@@ -171,4 +182,4 @@ if [[ -n "${GPG_PRIVATE_KEY}" ]] &>/dev/null; then
 fi
 
 # shellcheck source=src/sync_template.sh
-source sync_template.sh
+source "${SCRIPT_DIR}/sync_template.sh"

src/sync_template.sh

@@ -4,8 +4,10 @@ set -e
 # set -u
 # set -x
 
+SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
+
 # shellcheck source=src/sync_template.sh
-source sync_common.sh
+source "${SCRIPT_DIR}/sync_common.sh"
 
 ############################################
 # Prechecks