From f5fcee3e390e8b8717bd9d83c8e780c11003ade4 Mon Sep 17 00:00:00 2001 From: Christian Zunker <827818+czunker@users.noreply.github.com> Date: Thu, 28 Dec 2023 14:21:56 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Use=20ssh=20key=20instead=20of?= =?UTF-8?q?=20GH=20token=20(#2904)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the PR is created with a GH token, the tests aren't executed. This is becasue of limitation applied to the token. These limiations do not apply to ssh keys. Signed-off-by: Christian Zunker --- .github/pr-body.md | 2 -- .github/workflows/pr-test-lint.yml | 6 ----- .github/workflows/update-deps.yaml | 41 +++++++++++++++++++----------- 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/.github/pr-body.md b/.github/pr-body.md index e340ab88eb..76b64f5c46 100644 --- a/.github/pr-body.md +++ b/.github/pr-body.md @@ -1,5 +1,3 @@ -!!! ONLY A TEST !!! - Created by Mondoo Tools via GitHub Actions Workflow: diff --git a/.github/workflows/pr-test-lint.yml b/.github/workflows/pr-test-lint.yml index 373ebbc645..c144c4d2bc 100644 --- a/.github/workflows/pr-test-lint.yml +++ b/.github/workflows/pr-test-lint.yml @@ -65,12 +65,6 @@ jobs: - name: Import environment variables from file run: cat ".github/env" >> $GITHUB_ENV - - name: Debug event - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - run: | - echo "$GITHUB_CONTEXT" | jq - - name: Install Go uses: actions/setup-go@v5 with: diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 8ff7100fc9..a9ead71127 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -12,8 +12,15 @@ jobs: contents: write pull-requests: write steps: +# https://github.com/peter-evans/create-pull-request/issues/48 +# https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-using-ssh-deploy-keys +# tl;dr: +# The GITHUB_TOKEN is limited when creating PRs from a workflow +# becasue of that we use a ssh key for which the limitations do not apply - name: Checkout code uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.CNQUERY_DEPLOY_KEY_PRIV }} - name: Import environment variables from file run: cat ".github/env" >> $GITHUB_ENV @@ -33,27 +40,31 @@ jobs: version mod-update providers/*/ --latest version mod-tidy providers/*/ version mod-tidy . - echo "COUNT_GOMOD=$(git status --short --untracked-files=no | wc -l)" >> $GITHUB_OUTPUT - - name: Commit changes upstream + - name: Prepare title and branch name id: branch - if: ${{ steps.update-deps.outputs.COUNT_GOMOD != '0' }} run: | - git config --global user.email "tools@mondoo.com" - git config --global user.name "Mondoo Tools" BRANCH_NAME="version/deps_update_$(date +%Y%m%d_%H%M)" - git checkout -b ${BRANCH_NAME} - git add go.mod go.sum || true - git add providers/ || true COMMIT_MSG="🧹 Update deps for cnquery and providers $(date +%Y%m%d)" echo "COMMIT_TITLE=${COMMIT_MSG}" >> $GITHUB_OUTPUT - git commit -m "${COMMIT_MSG}" - git push --set-upstream origin ${BRANCH_NAME} - shell: bash + echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT +# We have to use this extensions, becasuse `gh pr create` does not support the ssh key case - name: Create pull request - if: ${{ steps.update-deps.outputs.COUNT_GOMOD != '0' }} + id: cpr + uses: peter-evans/create-pull-request@v5 + with: + base: main + labels: dependencies,go + committer: "Mondoo Tools " + commit-message: ${{ steps.branch.outputs.COMMIT_TITLE }} + author: "Mondoo Tools " + title: ${{ steps.branch.outputs.COMMIT_TITLE }} + branch: ${{ steps.branch.outputs.BRANCH_NAME }} + body-path: .github/pr-body.md + + - name: PR infos + if: ${{ steps.cpr.outputs.pull-request-number }} run: | - gh pr create --base main --label dependencies --label go --title "${{ steps.branch.outputs.COMMIT_TITLE }}" --body-file .github/pr-body.md - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" \ No newline at end of file