From f431263bc6264333e8f5a56a458b2c2c4376cb61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kirill=20M=C3=BCller?= Date: Fri, 30 Aug 2024 06:26:00 +0200 Subject: [PATCH] ci: Improve support for protected branches with fledge --- .github/workflows/fledge.yaml | 68 ++++++++++++++++++++++++++++++----- 1 file changed, 59 insertions(+), 9 deletions(-) diff --git a/.github/workflows/fledge.yaml b/.github/workflows/fledge.yaml index 81c2d0c0a..d880c55d7 100644 --- a/.github/workflows/fledge.yaml +++ b/.github/workflows/fledge.yaml @@ -3,12 +3,18 @@ name: fledge on: # for manual triggers workflow_dispatch: + inputs: + pr: + description: "Create PR" + required: false + type: boolean + default: false # daily run schedule: - cron: "30 0 * * *" concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.sha }}-${{ github.base_ref || '' }} + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || '' }}-${{ github.base_ref || '' }} cancel-in-progress: true jobs: @@ -19,8 +25,12 @@ jobs: steps: - name: Check if the repo is forked id: check + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - echo "is_forked=$(curl -s -H "Accept: application/vnd.github+json" -H 'Authorization: Bearer ${{ github.token }}' -H "X-GitHub-Api-Version: 2022-11-28" ${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY} | jq .fork)" >> $GITHUB_OUTPUT + is_forked=$(gh api repos/${{ github.repository }} | jq .fork) + echo "is_forked=${is_forked}" >> $GITHUB_OUTPUT + shell: bash fledge: runs-on: ubuntu-latest @@ -28,31 +38,71 @@ jobs: if: needs.check_fork.outputs.is_forked == 'false' permissions: contents: write + pull-requests: write + actions: write env: - GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} FLEDGE_GHA_CI: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v2 with: fetch-depth: 0 - - uses: ./.github/workflows/git-identity + - name: Configure Git identity + run: | + env | sort + git config --local user.name "$GITHUB_ACTOR" + git config --local user.email "$GITHUB_ACTOR@users.noreply.github.com" + shell: bash + + - name: Update apt + run: | + sudo apt-get update + shell: bash - - uses: ./.github/workflows/install + - uses: r-lib/actions/setup-r@v2 with: - token: ${{ secrets.GITHUB_TOKEN }} install-r: false - cache-version: fledge-1 + use-public-rspm: true + + - uses: r-lib/actions/setup-r-dependencies@v2 + env: + GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} + with: + pak-version: devel packages: cynkra/fledge + cache-version: fledge-1 + + - name: Switch to branch if branch protection is enabled + if: github.ref_protected == 'true' || inputs.pr == 'true' + run: | + git checkout -b fledge + git push -f -u origin HEAD + shell: bash - name: Bump version + env: + GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} run: | - if (fledge::bump_version(which = "dev", no_change_behavior = "noop")) { + check_default_branch <- ("${{ github.ref_protected == 'true' || inputs.pr == 'true' }}" != "true") + if (fledge::bump_version(which = "dev", no_change_behavior = "noop", check_default_branch = check_default_branch)) { fledge::finalize_version(push = TRUE) } shell: Rscript {0} + - name: Create and merge PR if branch protection is enabled + if: github.ref_protected == 'true' || inputs.pr == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -x + gh pr create --base main --head fledge --fill-first + gh workflow run rcc -f ref=$(git rev-parse HEAD) + gh pr merge --merge --auto + shell: bash + - name: Check release + env: + GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} run: | fledge:::release_after_cran_built_binaries() shell: Rscript {0}