forked from simp/pupmod-simp-rsyslog
-
Notifications
You must be signed in to change notification settings - Fork 0
143 lines (135 loc) · 5.68 KB
/
pr_glci_manual.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# Manually trigger GLCI pipelines for a PR
# ------------------------------------------------------------------------------
#
# NOTICE: **This file is maintained with puppetsync**
# This file is updated automatically as part of a standardized asset baseline.
#
# The next baseline sync will overwrite any local changes to this file!
#
# ==============================================================================
#
# This pipeline uses the following GitHub Action Secrets:
#
# GitHub Secret variable Type Notes
# ------------------------ -------- ----------------------------------------
# GITLAB_API_PRIVATE_TOKEN Required GitLab token (should have `api` scope)
# NO_SCOPE_GITHUB_TOKEN Required GitHub token (should have no scopes)
# GITLAB_SERVER_URL Optional Specify a GL server other than gitlab.com
# The secure vars will be filtered in GitHub Actions log output, and aren't
# provided to untrusted builds (i.e, triggered by PR from another repository)
#
# ------------------------------------------------------------------------------
#
# NOTES:
# It is necessary to provide NO_SCOPE_GITHUB_TOKEN because $secrets.GITHUB_AUTO
# is NOT provide to manually-triggered (`workflow_dispatch`) events, in order
# to prevent recursive triggers between workflows
#
# Reference:
#
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
---
name: 'Manual: PR GLCI'
on:
workflow_dispatch:
inputs:
pr_number:
description: "PR number to trigger GLCI"
required: true
jobs:
glci-syntax:
name: '.gitlab-ci.yml Syntax'
runs-on: ubuntu-latest
outputs:
valid: ${{ steps.validate-glci-file.outputs.valid }}
pr_head_ref: ${{ steps.get-pr.outputs.pr_head_ref }}
pr_head_sha: ${{ steps.get-pr.outputs.pr_head_sha }}
pr_head_label: ${{ steps.get-pr.outputs.pr_head_label }}
pr_head_full_name: ${{ steps.get-pr.outputs.pr_full_name }}
steps:
- uses: actions/github-script@v6
id: get-pr
with:
github-token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
# See:
# - https://octokit.github.io/rest.js/
script: |
console.log(`== pr number: ${context.payload.inputs.pr_number}`)
const pr = await github.request('get /repos/{owner}/{repo}/pulls/{pull_number}', {
headers: {
accept: 'application/vnd.github.v3+json'
},
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.inputs.pr_number
});
console.log("\n\n== pr\n");
console.log(pr);
console.log("\n\n== pr.data.head\n");
console.log(pr.data.head);
console.log(pr.status);
// PR must have been returned
if ( pr.status != 200 ) {
//#console.log(`::error ::Error looking up PR \#${context.payload.inputs.pr_number}: HTTP Response ${pr.status}`)
return(false)
}
// TODO: should either of these conditions really prevent a GLCI trigger?
if ( pr.data.state != 'open' ) {
console.log(`::error ::PR# ${context.payload.inputs.pr_number} is not open`)
}
if ( pr.data.merged ) {
console.log(`::error ::PR# ${context.payload.inputs.pr_number} is already merged`)
}
core.setOutput( 'pr_head_sha', pr.data.head.sha )
core.setOutput( 'pr_head_ref', pr.data.head.ref )
core.setOutput( 'pr_head_label', pr.data.head.label )
core.setOutput( 'pr_head_full_name', pr.data.head.full_name )
- uses: actions/checkout@v3
with:
repository: ${{ steps.get-pr.outputs.pr_head_full_name }}
ref: ${{ steps.get-pr.outputs.pr_head_sha }}
token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
clean: true
- name: 'Validate GLCI file syntax'
id: validate-glci-file
uses: simp/github-action-gitlab-ci-syntax-check@main
with:
gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
gitlab_api_url: ${{ secrets.GITLAB_API_URL }} # https://gitlab.com/api/v4
trigger-when-user-has-repo-permissions:
name: 'Trigger CI'
needs: [ glci-syntax ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: ${{ needs.glci-syntax.outputs.pr_head_full_name }}
ref: ${{ needs.glci-syntax.outputs.pr_head_sha }}
token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
fetch-depth: 0 # Need full checkout to push to gitlab mirror
clean: true
- name: Trigger CI when user has Repo Permissions
uses: simp/github-action-gitlab-ci-pipeline-trigger@v1
with:
git_hashref: ${{ needs.glci-syntax.outputs.pr_head_sha }}
git_branch: ${{ needs.glci-syntax.outputs.pr_head_ref }}
gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
gitlab_group: ${{ github.event.organization.login }}
github_repository: ${{ github.repository }}
github_repository_owner: ${{ github.repository_owner }}
### examine_contexts:
### needs: [ glci-syntax ]
### name: 'Examine Context contents'
### if: always()
### runs-on: ubuntu-latest
### steps:
### - name: Dump contexts
### env:
### GITHUB_CONTEXT: ${{ toJson(github) }}
### run: echo "$GITHUB_CONTEXT"
### - name: Dump 'needs' context
### env:
### ENV_CONTEXT: ${{ toJson(needs) }}
### run: echo "$ENV_CONTEXT"
### - name: Dump env vars
### run: env | sort