Last active
August 9, 2019 03:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Setting -x is absolutely forbidden as it could leak the GitHub token. | |
| set -uo pipefail | |
| # GITHUB_TOKEN required scope: repo.repo_public | |
| # prombench related | |
| ghactions_dir="ghactions" | |
| org="testpromorg" | |
| # git related | |
| git_mail="prometheus-team@googlegroups.com" | |
| git_user="prombot" | |
| branch="gh_actions_update" | |
| commit_msg="github: update .github/main.workflow with newer version" | |
| # github related | |
| git_mail="prometheus-team@googlegroups.com" | |
| pr_title="Synchronize main.workflow from prometheus/prombench" | |
| pr_msg="Propagating changes from main.workflow in prometheus/prombench/$ghactions_dir/" | |
| makepr() { | |
| git config user.email "${git_mail}" | |
| git config user.name "${git_user}" | |
| git add . | |
| git commit -s -m "${commit_msg}" | |
| # stdout and stderr are redirected to /dev/null otherwise git-push could leak the token in the logs. | |
| if git push --quiet "https://${GITHUB_TOKEN}:@github.com/${org}/${repo}" --set-upstream "${branch}" 1>/dev/null 2>&1; then | |
| curl --show-error --silent \ | |
| -u "${git_user}:${GITHUB_TOKEN}" \ | |
| -X POST \ | |
| -d "{\"title\":\"${pr_title}\",\"base\":\"master\",\"head\":\"${branch}\",\"body\":\"${pr_msg}${repo}\"}" \ | |
| "https://api.github.com/repos/${org}/${repo}/pulls" && echo "PR created for ${org}/${repo}" | |
| else | |
| echo "could not push to github" | |
| fi | |
| } | |
| GITHUB_TOKEN="${GITHUB_TOKEN:-}" | |
| if [ -z "${GITHUB_TOKEN}" ]; then | |
| echo -e "\e[31mGitHub token (GITHUB_TOKEN) not set. Terminating.\e[0m" | |
| exit 1 | |
| fi | |
| ROOT_DIR=$(pwd)/$(git rev-parse --show-cdup) | |
| cd "$ROOT_DIR/$ghactions_dir" || exit 1 | |
| for repo in * ; do | |
| if [ -f "$repo" ]; then | |
| echo -e "\e[31m$(pwd) must only contain directories. Terminating.\e[0m" | |
| exit 1 | |
| fi | |
| printf "\nSynchronizing for ${org}/${repo}\n" | |
| tmp_dir=$(mktemp -d) | |
| source_mainworkflow="$(pwd)/$repo/main.workflow" | |
| source_checksum=$(sha256sum "$source_mainworkflow" | cut -d' ' -f1) | |
| target_mainworkflow=$(curl -s --fail "https://raw.githubusercontent.com/${org}/${repo}/master/.github/main.workflow") | |
| target_checksum=$(echo "${target_mainworkflow}" | sha256sum | cut -d' ' -f1) | |
| if [ "${source_checksum}" == "${target_checksum}" ]; then | |
| echo "main.workflow is already in sync for $repo." | |
| continue | |
| fi | |
| git clone --quiet "https://github.com/${org}/${repo}.git" "${tmp_dir}/${repo}" | |
| pushd "${tmp_dir}/${repo}" || exit 1 | |
| git checkout -b "${branch}" | |
| mkdir -p .github | |
| cp -f "${source_mainworkflow}" .github/main.workflow | |
| if [ -n "$(git status --porcelain)" ]; then | |
| makepr | |
| fi | |
| popd || exit 1 | |
| rm -rf "$tmp_dir" | |
| done | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment