ciapa
/
update-flake-lock
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding documentation and support for custom pr-body

This commit is contained in:
Eduardo Robles Elvira 2022-07-15 07:07:38 +02:00
parent 1c5f270731
commit 96af8bfbfc
No known key found for this signature in database
GPG Key ID: 491C6606E148460C
2 changed files with 151 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
README.md
View File

@ -166,6 +166,74 @@ jobs:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
``` ```
## With GPG commit signing
It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.
You can follow [Github's guide on creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account). Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
You can find an example of how to using this action with commit signing below:
```yaml
name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 1,4' # Run twice a week
jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install Nix
uses: cachix/install-nix-action@v16
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@vX
with:
sign-commits: true
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
```
## Custom PR Body
By default the generated PR body is set to be the following template:
````handlebars
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
````
However you can customize it, with variable interpolation performed with [Handlebars](https://handlebarsjs.com/). This allows you to customize the template with the following variables:
- env.GIT_AUTHOR_NAME
- env.GIT_AUTHOR_EMAIL
- env.GIT_COMMITTER_NAME
- env.GIT_COMMITTER_EMAIL
- env.GIT_COMMIT_MESSAGE
## Contributing ## Contributing
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR. Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.

119
action.yml
View File

@ -21,6 +21,30 @@ inputs:
description: 'The title of the PR to be created' description: 'The title of the PR to be created'
required: false required: false
default: "flake.lock: Update" default: "flake.lock: Update"
pr-body:
description: 'The body of the PR to be created'
required: false
default: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
pr-labels: pr-labels:
description: 'A comma or newline separated list of labels to set on the Pull Request to be created' description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
required: false required: false
@ -54,62 +78,85 @@ runs:
git_config_global: true git_config_global: true
git_user_signingkey: true git_user_signingkey: true
git_commit_gpgsign: true git_commit_gpgsign: true
- name: Run update-flake-lock.sh (signed commit) - name: Set environment variables (signed commits)
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
if: ${{ inputs.sign-commits }} if: ${{ inputs.sign-commits }}
shell: bash shell: bash
env: env:
SIGN_COMMITS: ${{ inputs.sign-commits }}
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }} GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }} GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }} GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }} GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
TARGETS: ${{ inputs.inputs }} TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }} run: |
- name: Run update-flake-lock.sh (no commit signing) echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
run: $GITHUB_ACTION_PATH/update-flake-lock.sh echo "GIT_AUTHOR_EMAIL=$GIT_AUTHOR_EMAIL" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=$GIT_COMMITTER_EMAIL" >> $GITHUB_ENV
echo "TARGETS=$TARGETS" >> $GITHUB_ENV
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
- name: Set environment variables
if: ${{ !inputs.sign-commits }} if: ${{ !inputs.sign-commits }}
shell: bash shell: bash
env: env:
GIT_AUTHOR_NAME: github-actions[bot] SIGN_COMMITS: ${{ inputs.sign-commits }}
GIT_AUTHOR_EMAIL: <github-actions[bot]@users.noreply.github.com> GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_NAME: github-actions[bot] GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_EMAIL: <github-actions[bot]@users.noreply.github.com> GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
run: |
echo "GIT_AUTHOR_NAME=github-actions[bot]" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=github-actions[bot]" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
- name: Run update-flake-lock.sh
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
shell: bash
env:
GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
TARGETS: ${{ inputs.inputs }} TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }} COMMIT_MSG: ${{ inputs.commit-msg }}
- run: | - name: Save PR Body as file
content="$(git log --format=%b -n 1)" uses: DamianReeves/write-file-action@v1.1
content="${content//'%'/'%25'}" with:
content="${content//$'\n'/'%0A'}" path: pr_body.template
content="${content//$'\r'/'%0D'}" contents: ${{ inputs.pr-body }}
echo "::set-output name=msg::$content" env: {}
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
shell: bash shell: bash
id: commit_message run: |
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
echo "GIT_COMMIT_MESSAGE is: ${GIT_COMMIT_MESSAGE}"
- name: Interpolate PR Body
uses: pedrolamas/handlebars-action@v2.0.0
with:
files: 'pr_body.template'
output-filename: 'pr_body.txt'
- name: Read pr_body.txt
id: pr_body
uses: andstor/file-reader-action@v1
with:
path: "pr_body.txt"
- name: Create PR - name: Create PR
id: create-pr id: create-pr
uses: peter-evans/create-pull-request@v3 uses: peter-evans/create-pull-request@v3
with: with:
branch: ${{ inputs.branch }} branch: ${{ inputs.branch }}
delete-branch: true delete-branch: true
committer: ${{ env.GIT_COMMITTER_NAME }} <${{ env.GIT_COMMITTER_EMAIL }}>
author: ${{ env.GIT_AUTHOR_NAME }} <${{ env.GIT_AUTHOR_EMAIL }}>
title: ${{ inputs.pr-title }} title: ${{ inputs.pr-title }}
token: ${{ inputs.token }} token: ${{ inputs.token }}
labels: ${{ inputs.pr-labels }} labels: ${{ inputs.pr-labels }}
body: | body: ${{ steps.pr_body.outputs.contents }}
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
${{ steps.commit_message.outputs.msg }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```