ROSAENG-57757 | fix: apply trust_policy_external_id to support role trust policy #82
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate terraform docs | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| docs: | |
| # Mintmaker / Konflux dependency update PRs | |
| if: startsWith(github.head_ref, 'konflux/mintmaker/') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 | |
| id: app-token | |
| with: | |
| client-id: ${{ vars.REDHAT_GITHUB_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.REDHAT_GITHUB_APP_PRIVATE_KEY }} | |
| permission-contents: write | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| # Installation token (not GITHUB_TOKEN) so git operations are as the GitHub App | |
| token: ${{ steps.app-token.outputs.token }} | |
| ref: ${{ github.head_ref }} | |
| - name: Install terraform-docs | |
| run: make terraform-docs-bin | |
| # Commits are created via the GitHub Git Database API (not git commit) so GitHub can | |
| # attribute and verify them for the authenticated GitHub App installation. | |
| - name: Render terraform docs and push changes | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| REPOSITORY: ${{ github.repository }} | |
| BRANCH: ${{ github.head_ref }} | |
| COMMIT_MESSAGE: "OCM-00000 | docs: update terraform-docs after deps bump" | |
| run: | | |
| make terraform-docs | |
| files=() | |
| while IFS= read -r -d '' f; do files+=("$f"); done < <(git ls-files -z -m -o --exclude-standard) | |
| if [ "${#files[@]}" -eq 0 ]; then | |
| echo "No terraform-docs changes to commit." | |
| exit 0 | |
| fi | |
| echo "Starting the commit" | |
| bash scripts/github-app-single-commit.sh "${files[@]}" | |
| cat github-app-single-commit.out |