diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6dd457d4..a7973e9b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,9 +14,11 @@ jobs: steps: # To use this repository's private action, you must check out the repository - - name: Checkout + - + name: Checkout uses: actions/checkout@v3 - - name: Test action step + - + name: Test action step uses: ./ # Uses an action in the root directory with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test_pat.yml b/.github/workflows/test_pat.yml new file mode 100644 index 00000000..74ae5d21 --- /dev/null +++ b/.github/workflows/test_pat.yml @@ -0,0 +1,25 @@ +name: test-pat + +on: + pull_request: + push: + # manual trigger + workflow_dispatch: + +jobs: + test-implementation-job: + + runs-on: ubuntu-latest + + steps: + # To use this repository's private action, you must check out the repository + - + name: Checkout + uses: actions/checkout@v3 + - + name: Test action step PAT + uses: ./ # Uses an action in the root directory + with: + github_token: ${{ secrets.SOURCE_REPO_PAT }} + source_repo_path: ${{ secrets.SOURCE_REPO_PATH_TEST }} # , should be within secrets + is_dry_run: true diff --git a/.github/workflows/test_ssh.yml b/.github/workflows/test_ssh.yml index bf098a2a..6a87ed84 100644 --- a/.github/workflows/test_ssh.yml +++ b/.github/workflows/test_ssh.yml @@ -13,9 +13,11 @@ jobs: steps: # To use this repository's private action, you must check out the repository - - name: Checkout + - + name: Checkout uses: actions/checkout@v3 - - name: Test action step ssh + - + name: Test action step ssh uses: ./ # Uses an action in the root directory with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index edac2592..ea676420 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,10 +3,10 @@ ###################################### FROM alpine:3.17.0 as dev -ARG GH_CLI_VER=2.15.0 +ARG GH_CLI_VER=2.21.1 # install packages -RUN apk add --update --no-cache bash make git zsh curl tmux musl openssh git-lfs +RUN apk add --update --no-cache bash make git zsh curl tmux musl openssh git-lfs vim RUN wget https://github.com/cli/cli/releases/download/v${GH_CLI_VER}/gh_${GH_CLI_VER}_linux_386.tar.gz -O ghcli.tar.gz RUN tar --strip-components=1 -xf ghcli.tar.gz @@ -17,6 +17,11 @@ RUN echo "set-option -g default-shell /bin/zsh" >> /root/.tmux.conf # install oh-my-zsh RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" +ADD src/*.sh /bin/ +RUN chmod +x /bin/entrypoint.sh \ + && chmod +x /bin/sync_template.sh \ + && chmod +x /bin/sync_common.sh + RUN mkdir -p /root/.ssh \ && ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts diff --git a/README.md b/README.md index 270db384..96b5b12e 100644 --- a/README.md +++ b/README.md @@ -63,8 +63,7 @@ You will receive a pull request within your repository if there are some changes | github_token | Token for the repo. Can be passed in using `$\{{ secrets.GITHUB_TOKEN }}` | `true` | | | source_repo_path | Repository path of the template | `true` | | | upstream_branch | The target branch | `true` | `main` | -| source_repo_ssh_private_key | `[optional]` private ssh key for the source repository. E.q. useful if using a private template repository. [see](#private-template-repository)| `false` | | -| source_repo_github_token | `[optional]` separate github token to interact with the source repository. | `false` | `$\{{ inputs.github_token }}` | +| source_repo_ssh_private_key | `[optional]` private ssh key for the source repository. [see](#private-template-repository)| `false` | | | pr_branch_name_prefix | `[optional]` the prefix of branches created by this action | `false` | `chore/template_sync` | | pr_title | `[optional]` the title of PRs opened by this action. Must be already created. | `false` | `upstream merge template repository` | | pr_labels | `[optional]` comma separated list. [pull request labels][pr-labels]. Must be already created. | `false` | | @@ -89,7 +88,8 @@ If you have a private template repository. #### Using github app -You can create and use a [GitHub App](https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps#about-github-apps) to handle the access to your private repository. To generate a token for your app you can use a separate action like [tibdex/github-app-token](https://github.com/tibdex/github-app-token). +You can create and use a [GitHub App][github-app] to handle the access to your private repository. +To generate a token for your app you can use a separate action like [tibdex/github-app-token][github-app-token]. ```yaml jobs: @@ -105,10 +105,9 @@ jobs: private_key: ${{ secrets.PRIVATE_KEY }} - name: actions-template-sync - uses: AndreasAugustin/actions-template-sync@v0.5.0-draft + uses: AndreasAugustin/actions-template-sync@v0.5.5-draft with: - github_token: ${{ secrets.GITHUB_TOKEN }} - source_repo_github_token: ${{ steps.generate_token.outputs.token }} + github_token: ${{ steps.generate_token.outputs.token }} source_repo_path: upstream_branch: # defaults to main pr_labels: ,[,...] # optional, no default @@ -143,7 +142,7 @@ jobs: ## Ignore Files -Create a `.templatesyncignore` file. Just like writing a `.gitignore` file, follow the [glob pattern](https://en.wikipedia.org/wiki/Glob_(programming)) +Create a `.templatesyncignore` file. Just like writing a `.gitignore` file, follow the [glob pattern][glob-pattern] in defining the files and folders that should be excluded from syncing with the template repository. It can also be stored inside `.github` folder. @@ -212,3 +211,6 @@ specification. Contributions of any kind welcome! [pr-labels]: https://docs.github.com/en/issues/using-labels-and-milestones-to-track-work/managing-labels [devto-example]: https://dev.to/andreasaugustin/github-actions-template-sync-1g9k [github-example]: https://github.com/AndreasAugustin/teaching/blob/main/docs/git/git_action_sync.md +[github-app]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps#about-github-apps +[glob-pattern]: https://en.wikipedia.org/wiki/Glob_(programming) +[github-app-token]: https://github.com/tibdex/github-app-token diff --git a/action.yml b/action.yml index aadd64c8..99520439 100644 --- a/action.yml +++ b/action.yml @@ -17,8 +17,6 @@ inputs: default: 'main' source_repo_ssh_private_key: description: '[optional] private ssh key for the source repository. E.q. useful if using a private template repository.' - source_repo_github_token: - description: '[optional] Separate github token to interact with the source repository. Using $\{{ inputs.github_token }} by default.' pr_branch_name_prefix: description: '[optional] the prefix of branches created by this action' default: 'chore/template_sync' @@ -40,7 +38,6 @@ runs: image: 'src/Dockerfile' env: GITHUB_TOKEN: ${{ inputs.github_token }} - SOURCE_REPO_GITHUB_TOKEN: ${{ inputs.source_repo_github_token }} SOURCE_REPO_PATH: ${{ inputs.source_repo_path }} UPSTREAM_BRANCH: ${{ inputs.upstream_branch }} SSH_PRIVATE_KEY_SRC: ${{ inputs.source_repo_ssh_private_key }} diff --git a/src/Dockerfile b/src/Dockerfile index c5771a42..40e86931 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.17.0 -ARG GH_CLI_VER=2.15.0 +ARG GH_CLI_VER=2.21.1 # TODO(anau) change user ARG GITHUB_URL="https://github.com/AndreasAugustin/actions-template-sync" diff --git a/src/entrypoint.sh b/src/entrypoint.sh old mode 100755 new mode 100644 index c09a1949..a0bbe910 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -6,14 +6,9 @@ set -x # shellcheck source=src/sync_common.sh source sync_common.sh -[ -z "${GITHUB_TOKEN}" ] && { - err "Missing input 'github_token: \${{ secrets.GITHUB_TOKEN }}'."; - exit 1; -}; - -if [[ -z "${SOURCE_REPO_GITHUB_TOKEN}" ]]; then - echo "::debug::Missing input 'source_repo_github_token: \${{ input.source_repo_github_token }}'. Using github_token as default." - SOURCE_REPO_GITHUB_TOKEN="${GITHUB_TOKEN}" +if [[ -z "${GITHUB_TOKEN}" ]]; then + err "Missing input 'github_token: \${{ secrets.GITHUB_TOKEN }}'."; + exit 1; fi if [[ -z "${SOURCE_REPO_PATH}" ]]; then @@ -21,9 +16,10 @@ if [[ -z "${SOURCE_REPO_PATH}" ]]; then exit 1 fi -SOURCE_REPO_HOSTNAME="${HOSTNAME:-github.com}" +DEFAULT_REPO_HOSTNAME="github.com" +SOURCE_REPO_HOSTNAME="${HOSTNAME:-${DEFAULT_REPO_HOSTNAME}}" -# In case of private template repository this will be overwritten +# In case of ssh template repository this will be overwritten SOURCE_REPO_PREFIX="https://${SOURCE_REPO_HOSTNAME}/" function ssh_setup() { @@ -46,6 +42,9 @@ function ssh_setup() { # Forward to /dev/null to swallow the output of the private key if [[ -n "${SSH_PRIVATE_KEY_SRC}" ]] &>/dev/null; then ssh_setup +elif [[ "${SOURCE_REPO_HOSTNAME}" != "${DEFAULT_REPO_HOSTNAME}" ]]; then + # git config --global "credential.https://${SOURCE_REPO_HOSTNAME}.helper" "!gh auth git-credential" + gh auth login --git-protocol "https" --hostname "${SOURCE_REPO_HOSTNAME}" --with-token <<< "${GITHUB_TOKEN}" fi export SOURCE_REPO="${SOURCE_REPO_PREFIX}${SOURCE_REPO_PATH}" @@ -60,9 +59,8 @@ function git_init() { git config --global --add safe.directory /github/workspace git lfs install - git config --global "credential.https://${SOURCE_REPO_HOSTNAME}.helper" "!gh auth git-credential" - gh auth login --git-protocol "https" --hostname "${SOURCE_REPO_HOSTNAME}" --with-token <<< "${GITHUB_TOKEN}" - + gh auth setup-git --hostname "${SOURCE_REPO_HOSTNAME}" + gh auth status --hostname "${SOURCE_REPO_HOSTNAME}" echo "::endgroup::" } diff --git a/src/sync_template.sh b/src/sync_template.sh old mode 100755 new mode 100644 index f6379169..68f62944 --- a/src/sync_template.sh +++ b/src/sync_template.sh @@ -63,7 +63,7 @@ echo "::group::Pull template" debug "create new branch from default branch with name ${NEW_BRANCH}" git checkout -b "${NEW_BRANCH}" debug "pull changes from template" -gh auth login --git-protocol "https" --hostname "${SOURCE_REPO_HOSTNAME}" --with-token <<< "${SOURCE_REPO_GITHUB_TOKEN}" + # TODO(anau) eventually make squash optional git pull "${SOURCE_REPO}" --allow-unrelated-histories --squash --strategy=recursive -X theirs echo "::endgroup::" @@ -104,11 +104,9 @@ echo "::endgroup::" push_and_create_pr () { if [ "$IS_DRY_RUN" != "true" ]; then - echo "::group::final gh auth login before creating pull request" - gh auth login --git-protocol "https" --hostname "${SOURCE_REPO_HOSTNAME}" --with-token <<< "${GITHUB_TOKEN}" - echo "::endgroup::" echo "::group::push changes and create PR" + debug "push changes" git push --set-upstream origin "${NEW_BRANCH}" gh pr create \