constellation/.github/workflows/update-rpms.yml

58 lines
2.0 KiB
YAML
Raw Normal View History

2023-10-16 11:05:02 -04:00
name: Update locked rpms
on:
workflow_dispatch:
schedule:
- cron: "0 8 * * 0" # every sunday at 8am
jobs:
update-rpms:
runs-on: "ubuntu-22.04"
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
token: ${{ secrets.CI_COMMIT_PUSH_PR }}
2023-10-16 11:05:02 -04:00
- name: Assume AWS role to upload Bazel dependencies to S3
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
2023-10-16 11:05:02 -04:00
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
- name: Update rpms
run: bazel run //image/mirror:update_packages
- name: Check if there are any changes
id: git-check
run: |
if git diff --quiet; then
echo "commitChanges=false" | tee -a "${GITHUB_OUTPUT}"
else
echo "commitChanges=true" | tee -a "${GITHUB_OUTPUT}"
fi
- name: Create pull request
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
2023-10-16 11:05:02 -04:00
with:
branch: "image/automated/update-rpms-${{ github.run_number }}"
base: main
title: "image: update locked rpms"
body: |
:robot: *This is an automated PR.* :robot:
The PR is triggered as part of the scheduled rpm update workflow.
It updates the locked rpm packages that form the Constellation OS images.
commit-message: "image: update locked rpms"
committer: edgelessci <edgelessci@users.noreply.github.com>
author: edgelessci <edgelessci@users.noreply.github.com>
labels: dependencies
2023-10-16 11:05:02 -04:00
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}