Skip to content

sync-panther-analysis-from-upstream #4

sync-panther-analysis-from-upstream

sync-panther-analysis-from-upstream #4

name: sync-panther-analysis-from-upstream
on:
schedule:
# 15:00Z, every Wednesday
- cron: "00 15 * * 3"
workflow_dispatch: # or on button click
env:
YOUR_REPO_PRIMARY_BRANCH_NAME: "main"
jobs:
check_upstream:
if: |
github.repository != 'panther-labs/panther-analysis'
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v7
id: set_upstream
name: Check Upstream
with:
script: |
const fs = require('fs');
const upstreamLatest = await github.rest.repos.getLatestRelease({
owner: 'panther-labs',
repo: 'panther-analysis'
})
fs.appendFileSync(
process.env['GITHUB_OUTPUT'],
'latest-release=' + upstreamLatest.data.tag_name + '\n');
## CREATE A BRANCH
- uses: peterjgrainger/[email protected]
id: create_a_branch
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
branch: "sync_upstream_${{steps.set_upstream.outputs.latest-release}}"
# Checkout this repo into the branch
- name: Checkout your local repo in PR branch
uses: actions/checkout@v4
with:
ref: "sync_upstream_${{steps.set_upstream.outputs.latest-release}}"
token: ${{ secrets.GITHUB_TOKEN }}
# Sync this branch with upstream
- name: Sync upstream changes into PR branch
id: sync
uses: aormsby/[email protected]
with:
# target_sync_branch == the branch in your fork that you want to sync to upstream
target_sync_branch: "sync_upstream_${{steps.set_upstream.outputs.latest-release}}"
# REQUIRED 'target_repo_token' exactly like this!
target_repo_token: ${{ secrets.GITHUB_TOKEN }}
# NOTE NOTE NOTE NOTE
# If you want to run this job and sync to upstream's master instead of releases
# change the usptream_sync_branch to master
upstream_sync_branch: ${{steps.set_upstream.outputs.latest-release}}
upstream_sync_repo: panther-labs/panther-analysis
#test_mode: true
upstream_pull_args: "--allow-unrelated-histories"
# Create a PR from this branch back to this fork's primary branch
- uses: actions/github-script@v7
id: create_pr
name: Create a PR to bring upstream changes into the local repo primary branch
if: steps.sync.outputs.has_new_commits == 'true'
with:
result-encoding: string
script: |
const fs = require('fs');
try {
const response = await github.rest.pulls.create({
owner: '${{github.repository_owner}}',
repo: '${{ github.event.repository.name }}',
title: 'sync this fork to panther-labs/panther-analysis ${{steps.set_upstream.outputs.latest-release}}',
head: 'sync_upstream_${{steps.set_upstream.outputs.latest-release}}',
base: '${{env.YOUR_REPO_PRIMARY_BRANCH_NAME}}',
});
} catch(e) {
if (e.response && e.response.data && e.response.data.errors && e.response.data.errors.length > 0 && e.response.data.errors[0].message && e.response.data.errors[0].message.includes('No commits between')) {
fs.appendFileSync(
process.env['GITHUB_OUTPUT'],
'pr_state=no-updates\n');
} else if (e.response && e.response.data && e.response.data.errors && e.response.data.errors.length > 0 && e.response.data.errors[0].message && e.response.data.errors[0].message.includes('A pull request already exists for')) {
fs.appendFileSync(
process.env['GITHUB_OUTPUT'],
'pr_state=update-pr-already-exists\n');
} else {
fs.appendFileSync(
process.env['GITHUB_OUTPUT'],
'pr_state=error\n');
console.log(e);
}
}
- id: pr_not_needed_already_exists
name: PR for latest release already exists
if: ${{ steps.create_pr.outputs.pr_state == 'update-pr-already-exists' }}
run: |
echo "PR for latest release was previously created and is not closed"
- id: pr_not_needed_in_sync
name: Local repo already synced to latest release
if: ${{ steps.create_pr.outputs.pr_state == 'no-updates' }}
run: |
echo "Local repo in sync with latest upstream release"
- id: pr_create_error
name: Create PR step had an error
if: ${{ steps.create_pr.outputs.pr_state == 'error' }}
run: |
echo "unhandled exception in PR create step. Check output of that step."
exit 128