Adding documentation and support for custom pr-body
This commit is contained in:
parent
1c5f270731
commit
96af8bfbfc
2 changed files with 151 additions and 36 deletions
68
README.md
68
README.md
|
@ -166,6 +166,74 @@ jobs:
|
||||||
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## With GPG commit signing
|
||||||
|
|
||||||
|
It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.
|
||||||
|
|
||||||
|
You can follow [Github's guide on creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account). Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.
|
||||||
|
|
||||||
|
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
|
||||||
|
|
||||||
|
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||||
|
|
||||||
|
You can find an example of how to using this action with commit signing below:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: update-flake-lock
|
||||||
|
on:
|
||||||
|
workflow_dispatch: # allows manual triggering
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * 1,4' # Run twice a week
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lockfile:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
- name: Install Nix
|
||||||
|
uses: cachix/install-nix-action@v16
|
||||||
|
- name: Update flake.lock
|
||||||
|
uses: DeterminateSystems/update-flake-lock@vX
|
||||||
|
with:
|
||||||
|
sign-commits: true
|
||||||
|
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
||||||
|
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Custom PR Body
|
||||||
|
|
||||||
|
By default the generated PR body is set to be the following template:
|
||||||
|
|
||||||
|
````handlebars
|
||||||
|
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
||||||
|
|
||||||
|
```
|
||||||
|
{{ env.GIT_COMMIT_MESSAGE }}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Running GitHub Actions on this PR
|
||||||
|
|
||||||
|
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||||
|
|
||||||
|
To run GitHub Actions workflows on this PR, run:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
git branch -D update_flake_lock_action
|
||||||
|
git fetch origin
|
||||||
|
git checkout update_flake_lock_action
|
||||||
|
git commit --amend --no-edit
|
||||||
|
git push origin update_flake_lock_action --force
|
||||||
|
```
|
||||||
|
````
|
||||||
|
|
||||||
|
However you can customize it, with variable interpolation performed with [Handlebars](https://handlebarsjs.com/). This allows you to customize the template with the following variables:
|
||||||
|
- env.GIT_AUTHOR_NAME
|
||||||
|
- env.GIT_AUTHOR_EMAIL
|
||||||
|
- env.GIT_COMMITTER_NAME
|
||||||
|
- env.GIT_COMMITTER_EMAIL
|
||||||
|
- env.GIT_COMMIT_MESSAGE
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.
|
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.
|
||||||
|
|
119
action.yml
119
action.yml
|
@ -21,6 +21,30 @@ inputs:
|
||||||
description: 'The title of the PR to be created'
|
description: 'The title of the PR to be created'
|
||||||
required: false
|
required: false
|
||||||
default: "flake.lock: Update"
|
default: "flake.lock: Update"
|
||||||
|
pr-body:
|
||||||
|
description: 'The body of the PR to be created'
|
||||||
|
required: false
|
||||||
|
default: |
|
||||||
|
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
||||||
|
|
||||||
|
```
|
||||||
|
{{ env.GIT_COMMIT_MESSAGE }}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Running GitHub Actions on this PR
|
||||||
|
|
||||||
|
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||||
|
|
||||||
|
To run GitHub Actions workflows on this PR, run:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
git branch -D update_flake_lock_action
|
||||||
|
git fetch origin
|
||||||
|
git checkout update_flake_lock_action
|
||||||
|
git commit --amend --no-edit
|
||||||
|
git push origin update_flake_lock_action --force
|
||||||
|
```
|
||||||
|
|
||||||
pr-labels:
|
pr-labels:
|
||||||
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
|
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
|
||||||
required: false
|
required: false
|
||||||
|
@ -54,62 +78,85 @@ runs:
|
||||||
git_config_global: true
|
git_config_global: true
|
||||||
git_user_signingkey: true
|
git_user_signingkey: true
|
||||||
git_commit_gpgsign: true
|
git_commit_gpgsign: true
|
||||||
- name: Run update-flake-lock.sh (signed commit)
|
- name: Set environment variables (signed commits)
|
||||||
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
|
|
||||||
if: ${{ inputs.sign-commits }}
|
if: ${{ inputs.sign-commits }}
|
||||||
shell: bash
|
shell: bash
|
||||||
env:
|
env:
|
||||||
|
SIGN_COMMITS: ${{ inputs.sign-commits }}
|
||||||
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
|
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
|
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
TARGETS: ${{ inputs.inputs }}
|
TARGETS: ${{ inputs.inputs }}
|
||||||
COMMIT_MSG: ${{ inputs.commit-msg }}
|
run: |
|
||||||
- name: Run update-flake-lock.sh (no commit signing)
|
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
|
||||||
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
|
echo "GIT_AUTHOR_EMAIL=$GIT_AUTHOR_EMAIL" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_EMAIL=$GIT_COMMITTER_EMAIL" >> $GITHUB_ENV
|
||||||
|
echo "TARGETS=$TARGETS" >> $GITHUB_ENV
|
||||||
|
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
|
||||||
|
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||||
|
- name: Set environment variables
|
||||||
if: ${{ !inputs.sign-commits }}
|
if: ${{ !inputs.sign-commits }}
|
||||||
shell: bash
|
shell: bash
|
||||||
env:
|
env:
|
||||||
GIT_AUTHOR_NAME: github-actions[bot]
|
SIGN_COMMITS: ${{ inputs.sign-commits }}
|
||||||
GIT_AUTHOR_EMAIL: <github-actions[bot]@users.noreply.github.com>
|
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
GIT_COMMITTER_NAME: github-actions[bot]
|
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
GIT_COMMITTER_EMAIL: <github-actions[bot]@users.noreply.github.com>
|
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
|
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
|
run: |
|
||||||
|
echo "GIT_AUTHOR_NAME=github-actions[bot]" >> $GITHUB_ENV
|
||||||
|
echo "GIT_AUTHOR_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_NAME=github-actions[bot]" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
|
||||||
|
- name: Run update-flake-lock.sh
|
||||||
|
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
|
||||||
|
shell: bash
|
||||||
|
env:
|
||||||
|
GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
|
||||||
|
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
|
||||||
|
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
|
||||||
|
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
|
||||||
TARGETS: ${{ inputs.inputs }}
|
TARGETS: ${{ inputs.inputs }}
|
||||||
COMMIT_MSG: ${{ inputs.commit-msg }}
|
COMMIT_MSG: ${{ inputs.commit-msg }}
|
||||||
- run: |
|
- name: Save PR Body as file
|
||||||
content="$(git log --format=%b -n 1)"
|
uses: DamianReeves/write-file-action@v1.1
|
||||||
content="${content//'%'/'%25'}"
|
with:
|
||||||
content="${content//$'\n'/'%0A'}"
|
path: pr_body.template
|
||||||
content="${content//$'\r'/'%0D'}"
|
contents: ${{ inputs.pr-body }}
|
||||||
echo "::set-output name=msg::$content"
|
env: {}
|
||||||
|
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
|
||||||
shell: bash
|
shell: bash
|
||||||
id: commit_message
|
run: |
|
||||||
|
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
|
||||||
|
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
|
||||||
|
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMIT_MESSAGE is: ${GIT_COMMIT_MESSAGE}"
|
||||||
|
- name: Interpolate PR Body
|
||||||
|
uses: pedrolamas/handlebars-action@v2.0.0
|
||||||
|
with:
|
||||||
|
files: 'pr_body.template'
|
||||||
|
output-filename: 'pr_body.txt'
|
||||||
|
- name: Read pr_body.txt
|
||||||
|
id: pr_body
|
||||||
|
uses: andstor/file-reader-action@v1
|
||||||
|
with:
|
||||||
|
path: "pr_body.txt"
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
id: create-pr
|
id: create-pr
|
||||||
uses: peter-evans/create-pull-request@v3
|
uses: peter-evans/create-pull-request@v3
|
||||||
with:
|
with:
|
||||||
branch: ${{ inputs.branch }}
|
branch: ${{ inputs.branch }}
|
||||||
delete-branch: true
|
delete-branch: true
|
||||||
|
committer: ${{ env.GIT_COMMITTER_NAME }} <${{ env.GIT_COMMITTER_EMAIL }}>
|
||||||
|
author: ${{ env.GIT_AUTHOR_NAME }} <${{ env.GIT_AUTHOR_EMAIL }}>
|
||||||
title: ${{ inputs.pr-title }}
|
title: ${{ inputs.pr-title }}
|
||||||
token: ${{ inputs.token }}
|
token: ${{ inputs.token }}
|
||||||
labels: ${{ inputs.pr-labels }}
|
labels: ${{ inputs.pr-labels }}
|
||||||
body: |
|
body: ${{ steps.pr_body.outputs.contents }}
|
||||||
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
|
||||||
|
|
||||||
```
|
|
||||||
${{ steps.commit_message.outputs.msg }}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Running GitHub Actions on this PR
|
|
||||||
|
|
||||||
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
|
||||||
|
|
||||||
To run GitHub Actions workflows on this PR, run:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git branch -D update_flake_lock_action
|
|
||||||
git fetch origin
|
|
||||||
git checkout update_flake_lock_action
|
|
||||||
git commit --amend --no-edit
|
|
||||||
git push origin update_flake_lock_action --force
|
|
||||||
```
|
|
||||||
|
|
Loading…
Reference in a new issue