Adding documentation and support for custom pr-body

This commit is contained in:
Eduardo Robles Elvira 2022-07-15 07:07:38 +02:00
parent 1c5f270731
commit 96af8bfbfc
No known key found for this signature in database
GPG Key ID: 491C6606E148460C
2 changed files with 151 additions and 36 deletions

View File

@ -166,6 +166,74 @@ jobs:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
```
## With GPG commit signing
It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.
You can follow [Github's guide on creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account). Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
You can find an example of how to using this action with commit signing below:
```yaml
name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 1,4' # Run twice a week
jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install Nix
uses: cachix/install-nix-action@v16
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@vX
with:
sign-commits: true
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
```
## Custom PR Body
By default the generated PR body is set to be the following template:
````handlebars
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
````
However you can customize it, with variable interpolation performed with [Handlebars](https://handlebarsjs.com/). This allows you to customize the template with the following variables:
- env.GIT_AUTHOR_NAME
- env.GIT_AUTHOR_EMAIL
- env.GIT_COMMITTER_NAME
- env.GIT_COMMITTER_EMAIL
- env.GIT_COMMIT_MESSAGE
## Contributing
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.

View File

@ -21,6 +21,30 @@ inputs:
description: 'The title of the PR to be created'
required: false
default: "flake.lock: Update"
pr-body:
description: 'The body of the PR to be created'
required: false
default: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
pr-labels:
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
required: false
@ -54,62 +78,85 @@ runs:
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Run update-flake-lock.sh (signed commit)
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
- name: Set environment variables (signed commits)
if: ${{ inputs.sign-commits }}
shell: bash
env:
SIGN_COMMITS: ${{ inputs.sign-commits }}
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }}
- name: Run update-flake-lock.sh (no commit signing)
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
run: |
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=$GIT_AUTHOR_EMAIL" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=$GIT_COMMITTER_EMAIL" >> $GITHUB_ENV
echo "TARGETS=$TARGETS" >> $GITHUB_ENV
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
- name: Set environment variables
if: ${{ !inputs.sign-commits }}
shell: bash
env:
GIT_AUTHOR_NAME: github-actions[bot]
GIT_AUTHOR_EMAIL: <github-actions[bot]@users.noreply.github.com>
GIT_COMMITTER_NAME: github-actions[bot]
GIT_COMMITTER_EMAIL: <github-actions[bot]@users.noreply.github.com>
SIGN_COMMITS: ${{ inputs.sign-commits }}
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
run: |
echo "GIT_AUTHOR_NAME=github-actions[bot]" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=github-actions[bot]" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
- name: Run update-flake-lock.sh
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
shell: bash
env:
GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }}
- run: |
content="$(git log --format=%b -n 1)"
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
echo "::set-output name=msg::$content"
- name: Save PR Body as file
uses: DamianReeves/write-file-action@v1.1
with:
path: pr_body.template
contents: ${{ inputs.pr-body }}
env: {}
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
shell: bash
id: commit_message
run: |
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
echo "GIT_COMMIT_MESSAGE is: ${GIT_COMMIT_MESSAGE}"
- name: Interpolate PR Body
uses: pedrolamas/handlebars-action@v2.0.0
with:
files: 'pr_body.template'
output-filename: 'pr_body.txt'
- name: Read pr_body.txt
id: pr_body
uses: andstor/file-reader-action@v1
with:
path: "pr_body.txt"
- name: Create PR
id: create-pr
uses: peter-evans/create-pull-request@v3
with:
branch: ${{ inputs.branch }}
delete-branch: true
committer: ${{ env.GIT_COMMITTER_NAME }} <${{ env.GIT_COMMITTER_EMAIL }}>
author: ${{ env.GIT_AUTHOR_NAME }} <${{ env.GIT_AUTHOR_EMAIL }}>
title: ${{ inputs.pr-title }}
token: ${{ inputs.token }}
labels: ${{ inputs.pr-labels }}
body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
${{ steps.commit_message.outputs.msg }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
body: ${{ steps.pr_body.outputs.contents }}