adding docs token from akeyless #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Open a pull-request on the celo-org/docs repository | |
| on: | |
| workflow_call: | |
| inputs: | |
| commit: | |
| description: 'Commit of the developer-tooling repo that the submodule will be updated to' | |
| type: string | |
| required: true | |
| workflow_dispatch: | |
| inputs: | |
| commit: | |
| description: 'Commit of the developer-tooling repo that the submodule will be updated to' | |
| type: string | |
| required: true | |
| jobs: | |
| open-docs-pr: | |
| name: Open a pull-request on the celo-org/docs repository | |
| # TODO: ask the correct runner for this workflow | |
| runs-on: ['self-hosted', 'org', '8-cpu'] | |
| # TODO: ask correct permissions | |
| permissions: | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| repository-projects: write | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Fetch secrets from AKeyless | |
| id: fetch-secrets | |
| uses: us-docker.pkg.dev/clabs-secrets-and-permissions/public-images/akeyless-actions:latest | |
| with: | |
| access-id: p-kf9vjzruht6l | |
| dynamic-secrets: '{"/dynamic-secrets/keys/github/docs/contents=write,pull_requests=write":"DOCS_TOKEN"}' | |
| - name: Open pull-request | |
| run: | | |
| COMMIT=${{ inputs.commit }} | |
| USERNAME=nicolasbrugneaux | |
| REPOSITORY="$USERNAME/celo-docs" | |
| DOCS_CWD="celo-docs" | |
| BRANCH_NAME="ci/${{ github.run_id }}-${{ github.run_attempt }}" | |
| TOKEN=${{ env.DOCS_TOKEN }} | |
| # Clone the remote repository | |
| git clone \ | |
| --recurse-submodules \ | |
| --branch=main \ | |
| https://$USERNAME:[email protected]/$REPOSITORY \ | |
| $DOCS_CWD | |
| cd $DOCS_CWD | |
| # Setup the committers identity. | |
| # TODO: ask security for a bot account | |
| git config user.email "[email protected]" | |
| git config user.name "Nicolas Brugneaux" | |
| # Create a new feature branch for the changes. | |
| git checkout -b $BRANCH_NAME | |
| cd submodules/developer-tooling | |
| git fetch origin | |
| git checkout $COMMIT | |
| cd .. | |
| git add . | |
| git commit -m "chore: update developer-tooling submodule" | |
| git push origin $BRANCH_NAME | |
| echo "$TOKEN" > token.txt | |
| gh auth login --with-token < token.txt | |
| gh pr create \ | |
| --body "__I was created by a bot beep boop__" \ | |
| --title "chore: update developer-tooling submodule to $COMMIT" \ | |
| --head "$BRANCH_NAME" \ | |
| --base "main" |