From 2c0fdc5b61d5c9dfa72228097679a3f86d1ca7b9 Mon Sep 17 00:00:00 2001 From: Manuel Amador Date: Wed, 22 Jan 2025 17:57:39 +0100 Subject: [PATCH] Test this stuff. --- .github/workflows/rollout-dashboard.yaml | 15 +++---------- .../update-k8s-deployments/action.yaml | 22 ++++++------------- 2 files changed, 10 insertions(+), 27 deletions(-) diff --git a/.github/workflows/rollout-dashboard.yaml b/.github/workflows/rollout-dashboard.yaml index ede9cc6..f501212 100644 --- a/.github/workflows/rollout-dashboard.yaml +++ b/.github/workflows/rollout-dashboard.yaml @@ -109,7 +109,8 @@ jobs: context: rollout-dashboard publish-rollout-dashboard-container: name: Publish rollout dashboard container - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + # if: github.event_name == 'push' && github.ref == 'refs/heads/main' + if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -142,14 +143,4 @@ jobs: with: files-to-update: bases/apps/rollout-dashboard/core/deployment.yaml component: rollout-dashboard - - login-to-publish-rollout-dashboard-container: - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - steps: - - name: Create GitHub app token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} - private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} + push-token: ${{ secrets.K8S_API_TOKEN }} diff --git a/.github/workflows/update-k8s-deployments/action.yaml b/.github/workflows/update-k8s-deployments/action.yaml index 6c48a96..f94f639 100644 --- a/.github/workflows/update-k8s-deployments/action.yaml +++ b/.github/workflows/update-k8s-deployments/action.yaml @@ -8,35 +8,28 @@ inputs: component: description: "Which component to update" required: true + push-token: + description: "The Github token needed to create PRs" + required: true runs: using: composite steps: - # The GitHub App token is necessary for pushing changed files back to the repository - # If regular secrets.GITHUB_TOKEN is used instead, the push will not trigger any actions - # https://github.com/orgs/community/discussions/25702 - - name: Create GitHub app token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} - private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} - - name: "Create rollout commit with updated container images" id: "create-rollout-commit" env: - GITHUB_API_TOKEN_FOR_K8S: ${{ steps.app-token.outputs.token }} + PUSH_TOKEN: ${{ inputs.push-token }} FILES_TO_UPDATE: ${{ inputs.files-to-update }} COMPONENT: ${{ inputs.component }} shell: bash run: | - set -eExou pipefail + set -eExu -o pipefail tmpdir=$(mktemp) trap 'rm -rf "$tmpdir"' EXIT # checkout branch - git clone --depth 10 --branch "main" "https://${GITHUB_API_TOKEN_FOR_K8S}@github.com/dfinity-ops/k8s.git" + git clone --depth 10 --branch "main" "https://${PUSH_TOKEN}@github.com/dfinity-ops/k8s.git" cd k8s git config user.email "idx@dfinity.org" @@ -65,14 +58,13 @@ runs: echo "k8s_branch=$K8S_REPO_BRANCH" >> $GITHUB_OUTPUT echo "source_branch=$SOURCE_BRANCH" >> $GITHUB_OUTPUT - - name: "Create PR to roll out with updated container images" id: create-rollout-pr if: ${{ steps.create-rollout-commit.outputs.k8s_branch != '' }} uses: actions/github-script@v7 continue-on-error: true with: - github-token: ${{ steps.app-token.outputs.token }} + github-token: ${{ inputs.push-token }} script: | const result = await github.rest.pulls.create({ title: '[nomrbot] - New ${{ inputs.component }} release from the dre-airflow repo',