-
Notifications
You must be signed in to change notification settings - Fork 27
153 lines (140 loc) · 5.75 KB
/
repo-sync.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Note this is almost fully copied from
# https://github.com/github/docs/blob/main/.github/workflows/repo-sync.yml
# with the exception of:
# - the `cron` schedule
# - the `if` condition to allow this to run only in `dev-portal-internal`
# - the `source_repo` has been updated to `dev-portal`
# - the PAT credentials are from our `hashibot-web` account. They're managed in
# the `dev-portal-internal` repository secrets.
on:
workflow_dispatch:
schedule:
- cron: '0 */2 * * *' # https://crontab.guru/every-2-hours
permissions:
contents: write
pull-requests: write
jobs:
repo-sync:
if: github.repository == 'hashicorp/dev-portal-internal'
name: Repo Sync
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Sync repo to branch
uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88
with:
source_repo: https://${{ secrets.PAT_HASHIBOT_WEB_DEV_PORTAL_INTERNAL_SYNC }}@github.com/hashicorp/dev-portal.git
source_branch: main
destination_branch: repo-sync
github_token: ${{ secrets.PAT_HASHIBOT_WEB_DEV_PORTAL_INTERNAL_SYNC }}
- name: Ship pull request
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
github-token: ${{ secrets.PAT_HASHIBOT_WEB_DEV_PORTAL_INTERNAL_SYNC }}
result-encoding: string
script: |
const { owner, repo } = context.repo
const head = 'repo-sync'
const base = 'main'
async function closePullRequest(prNumber) {
console.log('Closing pull request', prNumber)
await github.rest.pulls.update({
owner,
repo,
pull_number: prNumber,
state: 'closed'
})
// Error loud here, so no try/catch
console.log('Closed pull request', prNumber)
}
console.log('Closing any existing pull requests')
const { data: existingPulls } = await github.rest.pulls.list({ owner, repo, head, base })
if (existingPulls.length) {
console.log('Found existing pull requests', existingPulls.map(pull => pull.number))
for (const pull of existingPulls) {
await closePullRequest(pull.number)
}
console.log('Closed existing pull requests')
}
try {
const { data } = await github.rest.repos.compareCommits({
owner,
repo,
head,
base,
})
const { files } = data
console.log(`File changes between ${head} and ${base}:`, files)
if (!files.length) {
console.log('No files changed, bailing')
return
}
} catch (err) {
console.error(`Unable to compute the files difference between ${head} and ${base}`, err.message)
}
console.log('Creating a new pull request')
const body = `
This is an automated pull request to sync changes between the public and private repos.
Our bot will merge this pull request automatically.
To preserve continuity across repos, _do not squash_ this pull request.
`
let pull, pull_number
try {
const response = await github.rest.pulls.create({
owner,
repo,
head,
base,
title: 'Repo sync',
body,
})
pull = response.data
pull_number = pull.number
console.log('Created pull request successfully', pull.html_url)
} catch (err) {
// Don't error/alert if there's no commits to sync
// Don't throw if > 100 pulls with same head_sha issue
if (err.message?.includes('No commits') || err.message?.includes('same head_sha')) {
console.log(err.message)
return
}
throw err
}
console.log('Locking conversations to prevent spam')
try {
await github.rest.issues.lock({
...context.repo,
issue_number: pull_number,
lock_reason: 'spam'
})
console.log('Locked the pull request to prevent spam')
} catch (error) {
console.error('Failed to lock the pull request.', error)
// Don't fail the workflow
}
console.log('Counting files changed')
const { data: prFiles } = await github.rest.pulls.listFiles({ owner, repo, pull_number })
if (prFiles.length) {
console.log(prFiles.length, 'files have changed')
} else {
console.log('No files changed, closing')
await closePullRequest(pull_number)
return
}
console.log('Checking for merge conflicts')
if (pull.mergeable_state === 'dirty') {
console.log('Pull request has a conflict', pull.html_url)
throw new Error('Pull request has a conflict, please resolve manually')
}
console.log('No detected merge conflicts')
console.log('Merging the pull request')
// Admin merge pull request to avoid squash
await github.rest.pulls.merge({
owner,
repo,
pull_number,
merge_method: 'merge',
})
// Error loud here, so no try/catch
console.log('Merged the pull request successfully')