[TT-13258] TykTechnologies/tyk-analytics: titpetric running workflow-lint #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yamllint disable rule:line-length | |
| --- | |
| name: Workflow Lint | |
| # This workflow keeps other workflows actions updated to the latest | |
| # known version, either from what's defined in the actions, or | |
| # the internal known-latest-at-this-time versions. | |
| # | |
| # It ignores `release.yml` as it's templated and updating the | |
| # actions versions there needs to be handled at source (gromit). | |
| # | |
| # See https://github.com/TykTechnologies/exp/tree/main/cmd/workflow-lint. | |
| run-name: '[${{ inputs.jira }}] ${{ inputs.repository }}: ${{ github.actor }} running workflow-lint' | |
| on: # yamllint disable-line rule:truthy | |
| workflow_dispatch: | |
| inputs: | |
| jira: | |
| description: 'JIRA ID (MM-NNNN or permalink)' | |
| required: true | |
| default: '' | |
| branch: | |
| description: 'Base branch' | |
| required: true | |
| default: 'master' | |
| repository: | |
| description: 'Repository' | |
| type: choice | |
| options: | |
| - 'TykTechnologies/tyk' | |
| - 'TykTechnologies/tyk-analytics' | |
| env: | |
| GOPRIVATE: github.com/TykTechnologies | |
| jobs: | |
| sanitize: | |
| name: Sanitize inputs | |
| runs-on: ubuntu-latest | |
| outputs: | |
| jira: ${{ steps.collect.outputs.jira }} | |
| steps: | |
| - name: Sanitize JIRA input | |
| id: collect | |
| run: | | |
| jira=$(echo '${{ github.event.inputs.jira }}' | sed -e 's/?.*//g' | xargs -n1 basename) | |
| if [ "$jira" == *"-"* ]; then | |
| echo "No valid JIRA ID found (no dash in JIRA ID)" | |
| exit 1 | |
| fi | |
| echo "jira=$jira" >> $GITHUB_OUTPUT | |
| workflow-lint: | |
| runs-on: ubuntu-latest | |
| needs: [sanitize] | |
| steps: | |
| - name: Checkout PR | |
| uses: actions/checkout@v4.2.1 | |
| with: | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| - name: Set up env | |
| run: | | |
| echo "jira=${{ needs.sanitize.outputs.jira }}" >> $GITHUB_ENV | |
| - name: 'Extract tykio/ci-tools:latest' | |
| uses: shrink/actions-docker-extract@v3.0.1 | |
| with: | |
| image: tykio/ci-tools:latest | |
| path: /usr/local/bin/workflow-lint | |
| destination: /usr/local/bin | |
| - name: Checkout repository | |
| uses: actions/checkout@v4.2.1 | |
| with: | |
| repository: ${{ github.event.inputs.repository }} | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| ref: ${{ github.event.inputs.branch }} | |
| path: ./src | |
| - name: Configure git | |
| env: | |
| TOKEN: '${{ secrets.ORG_GH_TOKEN }}' | |
| run: > | |
| git config --global url."https://${TOKEN}@github.com/TykTechnologies".insteadOf "https://github.com/TykTechnologies" | |
| - name: Run workflow-lint --fix | |
| id: lint_run | |
| working-directory: ./src | |
| run: | | |
| workflow-lint --fix --ignore release.yml | tee /tmp/output.log | |
| echo 'report<<EOF' >> $GITHUB_OUTPUT | |
| cat /tmp/output.log >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Raise PR | |
| uses: peter-evans/create-pull-request@v7.0.5 | |
| with: | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| commit-message: Workflow lint autofix | |
| title: '[${{ env.jira }}] exp/workflow-lint: Update to latest known actions' | |
| body: | | |
| Triggered by: ${{ github.actor }} | |
| ~~~ | |
| ${{ steps.lint_run.outputs.report }} | |
| ~~~ | |
| JIRA: https://tyktech.atlassian.net/browse/${{ env.jira }} | |
| branch: update/${{ env.jira }}/semgrep-check | |
| path: ./src | |
| delete-branch: true |