ci: use a GitHub App and repository bypass rules for pushing to protected branch #228
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"on": | |
push: | |
branches: | |
- master | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
workflow_dispatch: {} | |
name: Test | |
jobs: | |
happyPath: | |
name: "[TEST] Update existing pull request" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
id: run | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
commit-message: Just testing [skip ci] | |
- if: ${{ steps.run.outputs.result != 'updated' }} | |
run: >- | |
echo "Action result output is \"${{ steps.run.outputs.result }}\" but | |
expected \"updated\"" && exit 1 | |
- if: ${{ !(steps.run.outputs.pull-request-number > 0) }} | |
run: >- | |
echo "Action pull-request-number output is | |
\"${{steps.run.outputs.pull-request-number}}\" but expected a number" | |
&& exit 1 | |
createNewPullRequest: | |
name: "[TEST] Create new pull request" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
id: run | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request | |
body: This pull request is part of the CI - please ignore. | |
branch: test-create-new-pull-request-${{ github.run_number }} | |
commit-message: Just testing [skip ci] | |
author: J. Doe <j@example.com> | |
labels: test1, test2 | |
assignees: gr2m | |
- run: >- | |
git push | |
https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
:test-create-new-pull-request-${{ github.run_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- if: ${{ steps.run.outputs.result != 'created' }} | |
run: >- | |
echo "result output is \"${{ steps.run.outputs.result }}\" but | |
expected \"created\"" && exit 1 | |
- if: ${{ !(steps.run.outputs.pull-request-number > 0) }} | |
run: >- | |
echo "pull-request-number output is \"${{ | |
steps.run.outputs.pull-request-number }}\" but expected a number" && | |
exit 1 | |
multipleCommits: | |
name: "[TEST] Create multiple commits" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > file1.txt | |
- run: date > file2.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request with multiple commits | |
body: This pull request is part of the CI - please ignore. | |
branch: >- | |
test-create-new-pull-request-with-multiple-commits-${{ | |
github.run_number }} | |
author: J. Doe <j@example.com> | |
path: file1.txt | |
commit-message: file 1 created [skip ci] | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request | |
body: This pull request is part of the CI - please ignore. | |
branch: >- | |
test-create-new-pull-request-with-multiple-commits-${{ | |
github.run_number }} | |
author: J. Doe <j@example.com> | |
path: file2.txt | |
commit-message: file 2 created [skip ci] | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request | |
body: This pull request is part of the CI - please ignore. | |
branch: >- | |
test-create-new-pull-request-with-multiple-commits-${{ | |
github.run_number }} | |
author: J. Doe <j@example.com> | |
path: does_not_exist.txt | |
commit-message: this should fail silently, not commit should be created | |
- run: >- | |
git push | |
https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
:test-create-new-pull-request-with-multiple-commits-${{ | |
github.run_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
autoMerge: | |
name: "[TEST] Auto merge" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request for `auto-merge` option | |
commit-message: Testing auto-merge | |
auto-merge: squash | |
branch: test-auto-merge-${{ github.run_number }} | |
- run: >- | |
git push | |
https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
:test-auto-merge-${{ github.run_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
hiddenFile: | |
name: "[TEST] Create or update pull request for hidden file" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > .github/test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
commit-message: Just testing [skip ci] | |
updatePRTitleAndBody: | |
name: "[TEST] Update PR title and body" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test pull request | |
body: This pull request is part of the CI - please ignore. | |
branch: test-update-pr-title-and-body-${{ github.run_number }} | |
commit-message: Just testing [skip ci] | |
- run: echo updated >> test.txt | |
- uses: ./ | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Skipped Updated test pull request | |
body: >- | |
This Skipped updated pull request is part of the CI - please | |
ignore. | |
branch: test-update-pr-title-and-body-${{ github.run_number }} | |
commit-message: Just testing [skip ci] | |
- run: echo updated >> test.txt | |
- uses: ./ | |
id: run | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Updated test pull request | |
body: This updated pull request is part of the CI - please ignore. | |
branch: test-update-pr-title-and-body-${{ github.run_number }} | |
commit-message: Just testing [skip ci] | |
update-pull-request-title-and-body: true | |
- uses: octokit/request-action@v2.x | |
id: get-pull-request | |
with: | |
route: GET /repos/{owner}/{repo}/pulls/{pull_number} | |
owner: gr2m | |
repo: create-or-update-pull-request-action | |
pull_number: ${{ steps.run.outputs.pull-request-number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: >- | |
git push | |
https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
:test-update-pr-title-and-body-${{ github.run_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- if: >- | |
${{ fromJson(steps.get-pull-request.outputs.data).title != 'Updated | |
test pull request' }} | |
run: >- | |
echo "Pull request title is \"${{ | |
fromJson(steps.get-pull-request.outputs.data).title }}\" but expected | |
\"Updated test pull request\"" && exit 1 | |
addReviewers: | |
name: "[TEST] Add Reviewers" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
- run: date > test.txt | |
- run: npm ci | |
- run: npm run build | |
- uses: ./ | |
id: run | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ACTIONS_STEP_DEBUG: true | |
with: | |
title: Test Add Reviewers | |
body: This pull request is part of the CI - please ignore. | |
branch: test-add-reviewers-${{ github.run_number }} | |
commit-message: Just testing [skip ci] | |
reviewers: gr2m | |
team_reviewers: test-reviewers | |
- uses: octokit/request-action@v2.x | |
id: get-pull-request | |
with: | |
route: GET /repos/{owner}/{repo}/pulls/{pull_number} | |
owner: gr2m | |
repo: create-or-update-pull-request-action | |
pull_number: ${{ steps.run.outputs.pull-request-number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: >- | |
git push | |
https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
:test-add-reviewers-${{ github.run_number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- if: >- | |
${{ | |
!contains(toJson(fromJson(steps.get-pull-request.outputs.data).requested_reviewers.*.login), | |
'gr2m') }} | |
run: >- | |
echo "Requested reviewers are \"${{ | |
toJson(fromJson(steps.get-pull-request.outputs.data).requested_reviewers.*.login) | |
}}\" but expected \"[\n gr2m \n]\"" && exit 1 |