-
Notifications
You must be signed in to change notification settings - Fork 2
184 lines (168 loc) · 6.62 KB
/
create-pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Create pull request to repository
on:
workflow_dispatch:
inputs:
should_create_pr:
description: "Should create pull request"
required: true
type: boolean
target_repo:
description: "Repository to create pull request for"
required: true
type: string
file_to_modify_path:
description: "File to modify"
required: true
type: string
script:
description: "Script to run"
required: true
type: string
script_params:
description: "Parameters to use in the script"
required: false
step_id:
description: "The step ID for the current step. Should match what the script does."
required: true
type: string
team_name:
description: "The team name used to create the data-ingestor repo"
required: true
type: string
project_name:
description: "The project name used to create the data-ingestor repo"
required: true
type: string
service_account:
description: "The GCP service account connected to the identity pool that will be used by Terraform for authentication to GCP."
required: true
type: string
auth_project_number:
description: "The GCP Project Number used for authentication. A 12-digit number used as a unique identifier for the project. Used to find workload identity pool."
required: true
type: string
env:
GITHUB_TOKEN: ${{ secrets.DASK_ONBOARDING_PAT }}
SHOULD_CREATE_PR: ${{ inputs.should_create_pr }}
TARGET_REPO: ${{ inputs.target_repo }}
FILE_TO_MODIFY_PATH: ${{ inputs.file_to_modify_path }}
SCRIPT: ${{ inputs.script }}
SCRIPT_PARAMS: ${{ inputs.script_params }}
STEP_ID: ${{ inputs.step_id }} # Must match step-id in dask-onboarding-service
AUTH_PROJECT_NUMBER: ${{ inputs.auth_project_number }}
SERVICE_ACCOUNT: ${{ inputs.service_account }}
TEAM_NAME: ${{ inputs.team_name }} # Lowercase-name-for-team
PROJECT_NAME: ${{ inputs.project_name }}
jobs:
create_pull_request:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_wrapper: false
- name: Set vars
id: set-output
run: |
PRODUCT_NAME=$(echo $SERVICE_ACCOUNT | sed 's/-deploy.*//')
DEFAULT_WORKLOAD_IDENTITY="projects/$AUTH_PROJECT_NUMBER/locations/global/workloadIdentityPools/$PRODUCT_NAME-deploy-pool/providers/github-provider"
OVERRIDE=$WORKLOAD_IDENTITY_PROVIDER_OVERRIDE
PROVIDER=${OVERRIDE:-$DEFAULT_WORKLOAD_IDENTITY}
echo "WORKLOAD_IDENTITY_PROVIDER=$PROVIDER" >> $GITHUB_OUTPUT
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ steps.set-output.outputs.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT }}
export_environment_variables: true
create_credentials_file: true
- name: Checkout current repository
uses: actions/checkout@v4
with:
path: "current-repo"
- name: Checkout target repository
uses: actions/checkout@v4
with:
repository: kartverket/${{ env.TARGET_REPO }}
ref: main
token: ${{ env.GITHUB_TOKEN }}
path: "target-repo"
- name: Modify files
working-directory: current-repo
run: |
python scripts/${{ env.SCRIPT }} '../target-repo/${{ env.FILE_TO_MODIFY_PATH }}' '${{ env.SCRIPT_PARAMS }}'
- name: Format Terraform Files
if: env.SHOULD_CREATE_PR == 'true'
working-directory: target-repo
run: terraform fmt -recursive
- name: Commit and Push to target repository
if: env.SHOULD_CREATE_PR == 'true'
working-directory: target-repo
run: |
HASH=$(date +%s | sha256sum | head -c 4)
BRANCH_NAME="dask-onboarding-ci-${{ env.PROJECT_NAME }}-${HASH}"
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
git config --global user.name "DASK CI"
git config --global user.email "[email protected]"
git checkout -b $BRANCH_NAME
git add .
git commit -m "Update files from DASK CI workflow"
git push origin $BRANCH_NAME
- name: Create Pull Request
id: create_pr
if: env.SHOULD_CREATE_PR == 'true'
uses: actions/github-script@v7
with:
script: |
const payload = {
method: 'POST',
headers: {
'Authorization': `token ${{ env.GITHUB_TOKEN }}`,
'Accept': 'application/vnd.github.v3+json'
},
body: JSON.stringify({
title: 'Add new team from DASK CI workflow',
head: '${{ env.BRANCH_NAME }}',
base: 'main',
draft: true
})
};
fetch(`https://api.github.com/repos/kartverket/${{ env.TARGET_REPO }}/pulls`, payload)
.then(response => {
if (!response.ok) {
throw new Error('Pull Request creation failed');
}
return response.json();
})
.then(data => {
console.log('Pull Request created: ', data.url);
core.setOutput('pullRequestUrl', data.url);
})
.catch(error => {
console.error(error);
});
- name: Publish Pull Request URL to Firestore
if: env.SHOULD_CREATE_PR == 'true' && steps.create_pr.outputs.pullRequestUrl && env.SCRIPT != 'entra_id_config.py'
working-directory: current-repo
run: |
echo "Pull request URL: ${{ steps.create_pr.outputs.pullRequestUrl }}"
pip install google-cloud-firestore
python scripts/publish_to_firestore.py
env:
GCP_PROJECT_ID: ${{ env.GCP_PROJECT_ID }}
PULL_REQUEST_URL: ${{ steps.create_pr.outputs.pullRequestUrl }}
TEAM_NAME: ${{ env.TEAM_NAME }}
STEP_ID: ${{ env.STEP_ID }}
send_success_message_to_pubsub:
needs: create_pull_request
uses: ./.github/workflows/publish-message-pubsub.yml
permissions:
id-token: write
with:
auth_project_number: ${{ inputs.auth_project_number }}
service_account: ${{ inputs.service_account }}
team_name: ${{ inputs.team_name }}
step_id: ${{ inputs.step_id }}
params: ${{ inputs.script_params }}