forked from jozu-ai/kitops
-
Notifications
You must be signed in to change notification settings - Fork 0
86 lines (76 loc) · 2.67 KB
/
test-permissions.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Permissions Testing
# This will test if a Github Action run from a primary repository
# ('kitops') can push to a different repository ('homebrew-kitops')
#
# The test is successful if the workflow completes successfully.
on:
workflow_dispatch:
inputs:
release_tag:
description: 'Release tag'
required: true
type: string
push:
tags:
- 'v*'
env:
GITHUB_TOKEN: ${{ secrets.MY_PAT}}
TAG_NAME: ${{ inputs.release_tag}}
PRIMARY_REPO_OWNER: brett-hodges
PRIMARY_REPO_NAME: kitops
SECONDARY_REPO_OWNER: brett-hodges
SECONDARY_REPO_NAME: homebrew-kitops
permissions:
contents: write
pull-requests: write
packages: write
id-token: write
attestations: write
jobs:
test-permissions:
runs-on: ubuntu-latest
env:
PRIMARY_REPO: $PRIMARY_REPO_OWNER/$PRIMARY_REPO_NAME
SECONDARY_REPO: $SECONDARY_REPO_OWNER/$SECONDARY_REPO_NAME
steps:
# checkout the homebrew-kitops repository (jozu-ai/homebrew-kitops)
- name: Checkout $SECONDARY_REPO from $PRIMARY_REPO
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: $SECONDARY_REPO
ref: 'main'
path: $SECONDARY_REPO_NAME
token: $GITHUB_TOKEN
- name: List contents after checking out $SECONDARY_REPO
run: |
ls
- name: List contents of $SECONDARY_REPO
run: |
shopt -s failglob
pushd $SECONDARY_REPO_NAME
ls
popd
- name: Update Homebrew Formula File
run: |
pushd $SECONDARY_REPO_NAME
date +%s > kitops.rb
popd
- name: Commit Homebrew Formula to Tap
run: |
pushd $SECONDARY_REPO_NAME
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
PR_BRANCH="${{ github.ref_name }}-homebrew-tap-update"
git fetch origin main
git branch "$PR_BRANCH"
git checkout "$PR_BRANCH"
git pull origin --ff-only "${PR_BRANCH}" || true
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
git add --all
git commit -m "homebrew: update Homebrew Tap Formula for ${{ github.ref_name }}"
git config --unset-all http.https://github.com/.extraheader
git push --set-upstream https://user:[email protected]/$SECONDARY_REPO "${PR_BRANCH}"
#git push origin "${PR_BRANCH}"
gh pr create --fill --base main --head "${PR_BRANCH}"
git checkout "${CURRENT_BRANCH}"
popd