Use gh CLI to make (verified) commit

This commit is contained in:
Judson Lester 2022-10-12 15:58:36 -07:00
parent 0ad9a55048
commit 6f9fc6eab1
No known key found for this signature in database
GPG Key ID: 12E21E4B9A3F82AA
2 changed files with 41 additions and 2 deletions

View File

@ -9,6 +9,10 @@ inputs:
description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
required: false
default: ${{ github.token }}
commit-with-token:
description: 'Set to true to produce a verified commit with token'
required: false
default: false
commit-msg:
description: 'The message provided with the commit'
required: false
@ -119,6 +123,35 @@ runs:
TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }}
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
COMMIT_WITH_TOKEN: ${{ inputs.commit-with-token }}
- name: Commit changes
if: ${{ inputs.commit-with-token == 'true' }}
env:
GITHUB_TOKEN: ${{ inputs.token }}
FILE_TO_COMMIT: flake.lock
DESTINATION_BRANCH: ${{ inputs.branch }}
shell: bash
run: |
set -x
export CONTENT=$( base64 -i $FILE_TO_COMMIT )
export BASE=$DESTINATION_BRANCH
if gh api --method GET /repos/:owner/:repo/git/refs/heads/$DESTINATION_BRANCH; then
git fetch origin $DESTINATION_BRANCH
else
export BASE=$(gh repo view --json defaultBranchRef --template '{{ .defaultBranchRef.name }}' ${{github.repository}})
gh api --method POST /repos/:owner/:repo/git/refs \
--field ref=refs/heads/$DESTINATION_BRANCH \
--field sha=$BASE_SHA
fi
export BASE_SHA=$( git rev-parse origin/$BASE )
export SHA=$( git rev-parse origin/$BASE:$FILE_TO_COMMIT )
gh api --method PUT /repos/:owner/:repo/contents/$FILE_TO_COMMIT \
--field message="${{inputs.commit-msg}}" \
--field content="$CONTENT" \
--field encoding="base64" \
--field branch="$DESTINATION_BRANCH" \
--field sha="$SHA"
- name: Save PR Body as file
uses: DamianReeves/write-file-action@v1.1
with:

View File

@ -5,12 +5,18 @@ if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
cd "$PATH_TO_FLAKE_DIR"
fi
commitArg=""
if [[ "$COMMIT_WITH_TOKEN" != true ]]; then
commitArg="--commit-lock-file "
fi
if [[ -n "$TARGETS" ]]; then
inputs=()
for input in $TARGETS; do
inputs+=("--update-input" "$input")
done
nix flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
nix flake lock "${inputs[@]}" $commitArg --commit-lockfile-summary "$COMMIT_MSG"
else
nix flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
nix flake update $commitArg --commit-lockfile-summary "$COMMIT_MSG"
fi