[TT-13258] TykTechnologies/tyk-analytics: titpetric running workflow-lint #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yamllint disable rule:line-length | |
| --- | |
| name: Workflow Lint | |
| # This workflow keeps other workflows actions updated to the latest | |
| # known version, either from what's defined in the actions, or | |
| # the internal known-latest-at-this-time versions. | |
| # | |
| # It ignores `release.yml` as it's templated and updating the | |
| # actions versions there needs to be handled at source (gromit). | |
| # | |
| # See https://github.com/TykTechnologies/exp/tree/main/cmd/workflow-lint. | |
| run-name: '[${{ inputs.jira }}] ${{ inputs.repository }}: ${{ github.actor }} running workflow-lint' | |
| on: # yamllint disable-line rule:truthy | |
| workflow_dispatch: | |
| inputs: | |
| jira: | |
| description: 'JIRA ID (MM-NNNN or permalink)' | |
| required: true | |
| default: '' | |
| branch: | |
| description: 'Base branch' | |
| required: true | |
| default: 'master' | |
| repository: | |
| description: 'Repository' | |
| type: choice | |
| options: | |
| - 'TykTechnologies/tyk' | |
| - 'TykTechnologies/tyk-analytics' | |
| env: | |
| GOPRIVATE: github.com/TykTechnologies | |
| jobs: | |
| sanitize: | |
| name: Sanitize inputs | |
| runs-on: ubuntu-latest | |
| outputs: | |
| jira: ${{ steps.collect.outputs.jira }} | |
| steps: | |
| - name: Sanitize JIRA input | |
| id: collect | |
| run: | | |
| jira=$(echo '${{ github.event.inputs.jira }}' | sed -e 's/?.*//g' | xargs -n1 basename) | |
| if [ "$jira" == *"-"* ]; then | |
| echo "No valid JIRA ID found (no dash in JIRA ID)" | |
| exit 1 | |
| fi | |
| echo "jira=$jira" >> $GITHUB_OUTPUT | |
| workflow-lint: | |
| runs-on: ubuntu-latest | |
| needs: [sanitize] | |
| steps: | |
| - name: Checkout PR | |
| uses: actions/[email protected] | |
| with: | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| - name: Set up env | |
| run: | | |
| echo "jira=${{ needs.sanitize.outputs.jira }}" >> $GITHUB_ENV | |
| - name: 'Extract tykio/ci-tools:latest' | |
| uses: shrink/[email protected] | |
| with: | |
| image: tykio/ci-tools:latest | |
| path: /usr/local/bin/workflow-lint | |
| destination: /usr/local/bin | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| with: | |
| repository: ${{ github.event.inputs.repository }} | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| ref: ${{ github.event.inputs.branch }} | |
| path: ./src | |
| - name: Configure git | |
| env: | |
| TOKEN: '${{ secrets.ORG_GH_TOKEN }}' | |
| run: > | |
| git config --global url."https://${TOKEN}@github.com/TykTechnologies".insteadOf "https://github.com/TykTechnologies" | |
| - name: Run workflow-lint --fix | |
| id: lint_run | |
| working-directory: ./src | |
| run: | | |
| workflow-lint --fix --ignore release.yml | tee /tmp/output.log | |
| echo 'report<<EOF' >> $GITHUB_OUTPUT | |
| cat /tmp/output.log >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Raise PR | |
| uses: peter-evans/[email protected] | |
| with: | |
| token: ${{ secrets.ORG_GH_TOKEN }} | |
| commit-message: Workflow lint autofix | |
| title: '[${{ env.jira }}] exp/workflow-lint: Update to latest known actions' | |
| body: | | |
| Triggered by: ${{ github.actor }} | |
| ~~~ | |
| ${{ steps.lint_run.outputs.report }} | |
| ~~~ | |
| JIRA: https://tyktech.atlassian.net/browse/${{ env.jira }} | |
| branch: update/${{ env.jira }}/semgrep-check | |
| path: ./src | |
| delete-branch: true |