diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..aed30b76 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @phylum-dev/engineering diff --git a/.github/workflows/update_submodule.yml b/.github/workflows/update_submodule.yml new file mode 100644 index 00000000..329bfef9 --- /dev/null +++ b/.github/workflows/update_submodule.yml @@ -0,0 +1,70 @@ +# This is a workflow for updating the external repositories contained in this repository as git submodules. +# +# It is configured to be triggered by repository dispatch events which come from outside of this repository. +# It requires write access to the repository by providing a personal access token (PAT) with `repo` scope. +# +# The `event_type` parameter is expected to be `trigger-update-submodule`. +# The `client_payload` parameter is expected to contain the following data: +# * `repo_name`: a string containing the `phylum-dev` repository name to update +# * `tag_name`: a string containing the release tag to use for updating the git submodule +# +# Here is an example repository dispatch event, triggered with `curl` from the command line: +# +# curl \ +# -X POST \ +# --fail-with-body \ +# -H "Accept: application/vnd.github+json" \ +# -H "X-GitHub-Api-Version: 2022-11-28" \ +# -H "Authorization: token " \ +# -d '{"event_type":"trigger-update-submodule","client_payload":{"repo_name":"cli","tag_name":"v6.0.1"}}' \ +# https://api.github.com/repos/phylum-dev/documentation/dispatches +# +# References: +# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#repository_dispatch +# https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event +--- +name: Update Submodules + +on: + repository_dispatch: + types: [trigger-update-submodule] + +jobs: + bump: + name: Update submodules and create PR + runs-on: ubuntu-latest + env: + REPO_NAME: ${{ github.event.client_payload.repo_name }} + TAG_NAME: ${{ github.event.client_payload.tag_name }} + steps: + - name: Checkout the repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Update submodule + run: git -C "ext/${REPO_NAME}" checkout "${TAG_NAME}" + + - name: Commit changes + run: | + git config user.name 'phylum-bot' + git config user.email '69485888+phylum-bot@users.noreply.github.com' + git add "ext/${REPO_NAME}" + git commit -m "build: update \`${REPO_NAME}\` submodule to \`${TAG_NAME}\`" + git push --force origin "HEAD:update-${REPO_NAME}-submodule" + + - name: Create Pull Request + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GH_RELEASE_PAT }} + script: | + const repo = process.env.REPO_NAME; + const tag = process.env.TAG_NAME; + const response = await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + head: "update-" + repo + "-submodule", + base: context.ref, + title: "build: update `" + repo + "` submodule to `" + tag + "`", + body: "This submodule update was triggered by a " + repo + " release " + + "and ensures the documentation stays current.", + }); + console.log(response);