Updatecli Workflow #3149
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Updatecli Workflow | |
| on: | |
| # Trigger Updatecli if a new commit land on the main branch | |
| # push: | |
| # branches: [main] | |
| # Trigger Updatecli if a pullrequest is open targeting the main branch. | |
| # This is useful to test Updatecli manifest change | |
| pull_request: | |
| branches: [main] | |
| # Manually trigger Updatecli via GitHub UI | |
| workflow_dispatch: | |
| # Trigger Updatecli once day by a cronjob | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| # Run once a day | |
| - cron: "0 0 * * *" | |
| jobs: | |
| updatecli: | |
| permissions: | |
| contents: read | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Updatecli in the runner | |
| uses: updatecli/updatecli-action@v2 | |
| - name: Set up GPG | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" | gpg --import | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| gpg --list-secret-keys --keyid-format LONG | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: Configure git to use GPG | |
| run: | | |
| git config --global user.signingkey $GPG_KEY_ID | |
| git config --global commit.gpgsign true | |
| git config --global gpg.program gpg | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY }} | |
| - name: "Run updatecli in dryrun" | |
| run: "updatecli compose diff" | |
| env: | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY }} | |
| - uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7 | |
| id: generate_token | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| app-id: ${{ secrets.UPDATECLIBOT_APP_ID }} | |
| private-key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} | |
| - name: "Run updatecli" | |
| if: github.ref == 'refs/heads/main' | |
| run: "updatecli compose apply" | |
| env: | |
| GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }} | |
| GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY }} |