updatecli #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "updatecli" | |
| on: | |
| schedule: | |
| # Runs daily at 12:00 UTC. | |
| - cron: '0 12 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| target: | |
| description: 'Select which updatecli workflow to run or `all` to run all updates.' | |
| required: true | |
| default: 'all' | |
| type: choice | |
| options: | |
| - 'all' | |
| - 'k3s' | |
| - 'k8s' | |
| - 'harvester-docker-machine' | |
| - 'wins-system-agent' | |
| permissions: | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| jobs: | |
| updatecli: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| - name: Install updatecli | |
| uses: updatecli/updatecli-action@b846825b298f5351abd80f94c4f9eab63a38a804 # v2.98.0 | |
| - name: Install Go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Delete leftover updatecli branches | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr list \ | |
| --search "is:closed is:pr head:updatecli_" \ | |
| --json headRefName \ | |
| --jq ".[].headRefName" | sort -u > closed_prs_branches.txt | |
| gh pr list \ | |
| --search "is:open is:pr head:updatecli_" \ | |
| --json headRefName \ | |
| --jq ".[].headRefName" | sort -u > open_prs_branches.txt | |
| for branch in $(comm -23 closed_prs_branches.txt open_prs_branches.txt); do | |
| if (git ls-remote --exit-code --heads origin "${branch}"); then | |
| echo "Deleting leftover updatecli branch - ${branch}"; | |
| git push origin --delete "${branch}"; | |
| fi | |
| done | |
| - name: Get App secrets | |
| uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 | |
| with: | |
| # We use Renovate's App token, because it has the same permissions | |
| # needed and serve the same purpose. | |
| secrets: | | |
| secret/data/github/org/rancher/github/renovate-rancher appId | APP_ID ; | |
| secret/data/github/org/rancher/github/renovate-rancher privateKey | PRIVATE_KEY | |
| - name: Create App token | |
| uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: app-token | |
| with: | |
| app-id: ${{ env.APP_ID }} | |
| private-key: ${{ env.PRIVATE_KEY }} | |
| - name: Apply updatecli | |
| env: | |
| UPDATECLI_GITHUB_ACTOR: ${{ github.actor }} | |
| UPDATECLI_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| # Never use '--debug' or 'manifest show' options, because they will | |
| # leak the GH token. | |
| if [[ "${GITHUB_EVENT_NAME}" = "schedule" ]] || | |
| ([[ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]] && [[ "${{ inputs.target }}" = "all" ]]); | |
| then | |
| echo "Running updatecli on all targets" | |
| updatecli apply --clean --values updatecli/values.d/values.yaml \ | |
| --config updatecli/updatecli.d/ | |
| updatecli apply --values updatecli/values.d/values.yaml \ | |
| --config updatecli/extras/run-go-generate/ | |
| elif [[ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]]; | |
| then | |
| echo "Running updatecli on ${{ inputs.target }} target" | |
| updatecli apply --clean --values updatecli/values.d/values.yaml \ | |
| --config "updatecli/updatecli.d/update-${{ inputs.target }}/" | |
| if [[ "${{ inputs.target }}" = "k8s" ]]; | |
| then | |
| updatecli apply --values updatecli/values.d/values.yaml \ | |
| --config updatecli/extras/run-go-generate/ | |
| fi | |
| else | |
| echo "Invalid event name or target" | |
| fi |