Use gh CLI to make (verified) commit

2022-10-12 15:58:36 -07:00 · 2022-10-12 15:58:36 -07:00 · 6f9fc6eab1
parent 0ad9a55048
commit 6f9fc6eab1
2 changed files with 41 additions and 2 deletions
--- a/action.yml
+++ b/action.yml
@ -9,6 +9,10 @@ inputs:
    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
    required: false
    default: ${{ github.token }}
+  commit-with-token:
+    description: 'Set to true to produce a verified commit with token'
+    required: false
+    default: false
  commit-msg:
    description: 'The message provided with the commit'
    required: false
@ -119,6 +123,35 @@ runs:
        TARGETS: ${{ inputs.inputs }}
        COMMIT_MSG: ${{ inputs.commit-msg }}
        PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
+        COMMIT_WITH_TOKEN: ${{ inputs.commit-with-token }}
+
+    - name: Commit changes
+      if: ${{ inputs.commit-with-token == 'true' }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+        FILE_TO_COMMIT: flake.lock
+        DESTINATION_BRANCH: ${{ inputs.branch }}
+      shell: bash
+      run: |
+        set -x
+        export CONTENT=$( base64 -i $FILE_TO_COMMIT )
+        export BASE=$DESTINATION_BRANCH
+        if gh api --method GET /repos/:owner/:repo/git/refs/heads/$DESTINATION_BRANCH; then
+          git fetch origin $DESTINATION_BRANCH
+        else
+          export BASE=$(gh repo view --json defaultBranchRef --template '{{ .defaultBranchRef.name }}' ${{github.repository}})
+          gh api --method POST /repos/:owner/:repo/git/refs \
+            --field ref=refs/heads/$DESTINATION_BRANCH \
+            --field sha=$BASE_SHA
+        fi
+        export BASE_SHA=$( git rev-parse origin/$BASE )
+        export SHA=$( git rev-parse origin/$BASE:$FILE_TO_COMMIT )
+        gh api --method PUT /repos/:owner/:repo/contents/$FILE_TO_COMMIT \
+          --field message="${{inputs.commit-msg}}" \
+          --field content="$CONTENT" \
+          --field encoding="base64" \
+          --field branch="$DESTINATION_BRANCH" \
+          --field sha="$SHA"
    - name: Save PR Body as file
      uses: DamianReeves/write-file-action@v1.1
      with:
--- a/update-flake-lock.sh
+++ b/update-flake-lock.sh
@ -5,12 +5,18 @@ if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
  cd "$PATH_TO_FLAKE_DIR"
 fi

+commitArg=""
+
+if [[ "$COMMIT_WITH_TOKEN" != true ]]; then
+  commitArg="--commit-lock-file "
+fi
+
 if [[ -n "$TARGETS" ]]; then
    inputs=()
    for input in $TARGETS; do
        inputs+=("--update-input" "$input")
    done
-    nix flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+    nix flake lock "${inputs[@]}" $commitArg --commit-lockfile-summary "$COMMIT_MSG"
 else
-    nix flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+    nix flake update $commitArg --commit-lockfile-summary "$COMMIT_MSG"
 fi