forked from coreos/fedora-coreos-config
-
Notifications
You must be signed in to change notification settings - Fork 0
93 lines (87 loc) · 3.85 KB
/
add-override.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
---
name: Add package override
on:
workflow_dispatch:
inputs:
target:
description: Target branch
default: testing-devel
what:
description: "Bodhi update (fast-track) or SRPM NVR (pin)"
pin:
description: "Pin (don't remove when stable)"
type: boolean
reason:
description: "Reason URL (optional for routine fast-tracks)"
permissions:
# none at all
contents: none
# This workflow could almost use the default GITHUB_TOKEN, if we were to
# push the branch into this repo. However, GitHub Actions has recursion
# avoidance that would prevent CI from running on the PR:
#
# https://github.com/peter-evans/create-pull-request/blob/28fa4848947e/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
#
# So we create the PR using a separate Personal Access Token in
# COREOSBOT_RELENG_TOKEN, belonging to a machine account. That allows CI to
# run when the PR is first created. However, it's also possible to rerun
# the workflow and have it force-push the branch, reusing the same PR. In
# that case the push also cannot come from GITHUB_TOKEN, or CI will not
# rerun. Thus we also do the push using COREOSBOT_RELENG_TOKEN. Since we
# don't want to give the machine account privileges to this repo, we push
# to a forked repo owned by the machine account.
jobs:
add-override:
name: Add package override
runs-on: ubuntu-latest
container: registry.fedoraproject.org/fedora:latest
steps:
- name: Install dependencies
run: dnf install -y git jq python3-bodhi-client python3-pyyaml
- name: Check out repository
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.target }}
# We need an unbroken commit chain when pushing to the fork. Don't
# make assumptions about which commits are already available there.
fetch-depth: 0
# https://github.com/actions/checkout/issues/766
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Update metadata
env:
TARGET: ${{ github.event.inputs.target }}
WHAT: ${{ github.event.inputs.what }}
PIN: ${{ github.event.inputs.pin }}
REASON: ${{ github.event.inputs.reason }}
run: |
set -euxo pipefail
if [ "${PIN}" = true ]; then
ci/overrides.py pin "${WHAT}" -r "${REASON}"
title="overrides: pin ${WHAT}"
else
ci/overrides.py fast-track "${WHAT}" ${REASON:+-r "${REASON}"}
srpms=$(ci/overrides.py srpms "${WHAT}" | paste -sd,)
title="overrides: fast-track ${srpms//,/, }"
fi
if [ "${TARGET}" = testing-devel ]; then
pr_title="${title}"
else
pr_title="[${TARGET}] ${title}"
fi
branch_name=override-$(echo "${TARGET}:${title}" | sha256sum | cut -c1-8)
echo "BRANCH_NAME=${branch_name}" >> ${GITHUB_ENV}
echo "COMMIT_TITLE=${title}" >> ${GITHUB_ENV}
echo "PR_TITLE=${pr_title}" >> ${GITHUB_ENV}
- name: Open pull request
uses: peter-evans/[email protected]
with:
token: ${{ secrets.COREOSBOT_RELENG_TOKEN }}
branch: ${{ env.BRANCH_NAME }}
commit-message: ${{ env.COMMIT_TITLE }}
push-to-fork: coreosbot-releng/fedora-coreos-config
title: ${{ env.PR_TITLE }}
body: "Requested by @${{ github.actor }} via [GitHub workflow](${{ github.server_url }}/${{ github.repository }}/actions/workflows/add-override.yml) ([source](${{ github.server_url }}/${{ github.repository }}/blob/testing-devel/.github/workflows/add-override.yml))."
committer: "CoreOS Bot <[email protected]>"
author: "CoreOS Bot <[email protected]>"
delete-branch: true