Create pull request to repository #405
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create pull request to repository | |
on: | |
workflow_dispatch: | |
inputs: | |
should_create_pr: | |
description: "Should create pull request" | |
required: true | |
type: boolean | |
target_repo: | |
description: "Repository to create pull request for" | |
required: true | |
type: string | |
file_to_modify_path: | |
description: "File to modify" | |
required: true | |
type: string | |
script: | |
description: "Script to run" | |
required: true | |
type: string | |
script_params: | |
description: "Parameters to use in the script" | |
required: false | |
step_id: | |
description: "The step ID for the current step. Should match what the script does." | |
required: true | |
type: string | |
team_name: | |
description: "The team name used to create the data-ingestor repo" | |
required: true | |
type: string | |
project_name: | |
description: "The project name used to create the data-ingestor repo" | |
required: true | |
type: string | |
service_account: | |
description: "The GCP service account connected to the identity pool that will be used by Terraform for authentication to GCP." | |
required: true | |
type: string | |
auth_project_number: | |
description: "The GCP Project Number used for authentication. A 12-digit number used as a unique identifier for the project. Used to find workload identity pool." | |
required: true | |
type: string | |
env: | |
GITHUB_TOKEN: ${{ secrets.DASK_ONBOARDING_PAT }} | |
SHOULD_CREATE_PR: ${{ inputs.should_create_pr }} | |
TARGET_REPO: ${{ inputs.target_repo }} | |
FILE_TO_MODIFY_PATH: ${{ inputs.file_to_modify_path }} | |
SCRIPT: ${{ inputs.script }} | |
SCRIPT_PARAMS: ${{ inputs.script_params }} | |
STEP_ID: ${{ inputs.step_id }} # Must match step-id in dask-onboarding-service | |
AUTH_PROJECT_NUMBER: ${{ inputs.auth_project_number }} | |
SERVICE_ACCOUNT: ${{ inputs.service_account }} | |
TEAM_NAME: ${{ inputs.team_name }} # Lowercase-name-for-team | |
PROJECT_NAME: ${{ inputs.project_name }} | |
jobs: | |
create_pull_request: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: Setup Terraform | |
uses: hashicorp/[email protected] | |
with: | |
terraform_wrapper: false | |
- name: Set vars | |
id: set-output | |
run: | | |
PRODUCT_NAME=$(echo $SERVICE_ACCOUNT | sed 's/-deploy.*//') | |
DEFAULT_WORKLOAD_IDENTITY="projects/$AUTH_PROJECT_NUMBER/locations/global/workloadIdentityPools/$PRODUCT_NAME-deploy-pool/providers/github-provider" | |
OVERRIDE=$WORKLOAD_IDENTITY_PROVIDER_OVERRIDE | |
PROVIDER=${OVERRIDE:-$DEFAULT_WORKLOAD_IDENTITY} | |
echo "WORKLOAD_IDENTITY_PROVIDER=$PROVIDER" >> $GITHUB_OUTPUT | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: ${{ steps.set-output.outputs.WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ env.SERVICE_ACCOUNT }} | |
export_environment_variables: true | |
create_credentials_file: true | |
- name: Checkout current repository | |
uses: actions/checkout@v4 | |
with: | |
path: "current-repo" | |
- name: Checkout target repository | |
uses: actions/checkout@v4 | |
with: | |
repository: kartverket/${{ env.TARGET_REPO }} | |
ref: main | |
token: ${{ env.GITHUB_TOKEN }} | |
path: "target-repo" | |
- name: Modify files | |
working-directory: current-repo | |
run: | | |
python scripts/${{ env.SCRIPT }} '../target-repo/${{ env.FILE_TO_MODIFY_PATH }}' '${{ env.SCRIPT_PARAMS }}' | |
- name: Format Terraform Files | |
if: env.SHOULD_CREATE_PR == 'true' | |
working-directory: target-repo | |
run: terraform fmt -recursive | |
- name: Commit and Push to target repository | |
if: env.SHOULD_CREATE_PR == 'true' | |
working-directory: target-repo | |
run: | | |
HASH=$(date +%s | sha256sum | head -c 4) | |
BRANCH_NAME="dask-onboarding-ci-${{ env.PROJECT_NAME }}-${HASH}" | |
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV | |
git config --global user.name "DASK CI" | |
git config --global user.email "[email protected]" | |
git checkout -b $BRANCH_NAME | |
git add . | |
git commit -m "Update files from DASK CI workflow" | |
git push origin $BRANCH_NAME | |
- name: Create Pull Request | |
id: create_pr | |
if: env.SHOULD_CREATE_PR == 'true' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const payload = { | |
method: 'POST', | |
headers: { | |
'Authorization': `token ${{ env.GITHUB_TOKEN }}`, | |
'Accept': 'application/vnd.github.v3+json' | |
}, | |
body: JSON.stringify({ | |
title: 'Add new team from DASK CI workflow', | |
head: '${{ env.BRANCH_NAME }}', | |
base: 'main', | |
draft: true | |
}) | |
}; | |
fetch(`https://api.github.com/repos/kartverket/${{ env.TARGET_REPO }}/pulls`, payload) | |
.then(response => { | |
if (!response.ok) { | |
throw new Error('Pull Request creation failed'); | |
} | |
return response.json(); | |
}) | |
.then(data => { | |
console.log('Pull Request created: ', data.url); | |
core.setOutput('pullRequestUrl', data.url); | |
}) | |
.catch(error => { | |
console.error(error); | |
}); | |
- name: Publish Pull Request URL to Firestore | |
if: env.SHOULD_CREATE_PR == 'true' && steps.create_pr.outputs.pullRequestUrl && env.SCRIPT != 'entra_id_config.py' | |
working-directory: current-repo | |
run: | | |
echo "Pull request URL: ${{ steps.create_pr.outputs.pullRequestUrl }}" | |
pip install google-cloud-firestore | |
python scripts/publish_to_firestore.py | |
env: | |
GCP_PROJECT_ID: ${{ env.GCP_PROJECT_ID }} | |
PULL_REQUEST_URL: ${{ steps.create_pr.outputs.pullRequestUrl }} | |
TEAM_NAME: ${{ env.TEAM_NAME }} | |
STEP_ID: ${{ env.STEP_ID }} | |
send_success_message_to_pubsub: | |
needs: create_pull_request | |
uses: ./.github/workflows/publish-message-pubsub.yml | |
permissions: | |
id-token: write | |
with: | |
auth_project_number: ${{ inputs.auth_project_number }} | |
service_account: ${{ inputs.service_account }} | |
team_name: ${{ inputs.team_name }} | |
step_id: ${{ inputs.step_id }} | |
params: ${{ inputs.script_params }} |