-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibility to run safe-settings as GitHub Action? #378
Comments
There are 2 ways I think we could run this in Github Actions
|
I have a prototype of this on my repo fork, which adds a new script for calling diff --git a/full-sync.js b/full-sync.js
new file mode 100644
index 0000000..7881056
--- /dev/null
+++ b/full-sync.js
@@ -0,0 +1,6 @@
+const { createProbot } = require('probot')
+const appFn = require('./')
+
+const probot = createProbot()
+const app = appFn(probot, {})
+app.syncInstallation()
diff --git a/package.json b/package.json
index 6bfb4ce..624f429 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,7 @@
"scripts": {
"dev": "nodemon --inspect",
"start": "probot run ./index.js",
+ "full-sync": "node ./full-sync.js",
"test": "npm-run-all --print-label --parallel lint:* --parallel test:*",
"lint:es": "eslint .",
"lint:js": "standard", To use this as an action, I pull the safe-settings code, pass along the env secrets via GitHub secrets, and run in as the action: name: Safe Settings Sync
on:
schedule:
# daily run:
- cron: '0 0 * * *'
workflow_dispatch: {}
jobs:
safeSettingsSync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
repository: pydolan/safe-settings
ref: gha-runner
- uses: actions/setup-node@v4
- run: npm install
- run: npm run full-sync
env:
GH_ORG: my-org
APP_ID: my-app-id
PRIVATE_KEY: ${{ secrets.SAFE_SETTINGS_PRIVATE_KEY }}
GITHUB_CLIENT_ID: ${{ secrets.SAFE_SETTINGS_GITHUB_CLIENT_ID }}
GITHUB_CLIENT_SECRET: ${{ secrets.SAFE_SETTINGS_GITHUB_CLIENT_SECRET }} Regarding Probot's GHA Adapter -- I initially used this in my separate script (similar to what Regarding my use of |
There's now documentation on how to run GitHub Safe-Settings via GitHub Actions, at least for a full-sync: https://github.com/github/safe-settings/blob/main-enterprise/docs/github-action.md |
If still unclear, I've got it working in practice https://github.com/UCL-MIRSG/.github/blob/main/.github/workflows/safe-settings.yaml. |
@paddyroddy even with Renovate Custom Manager – thank you! 🙏 |
No problem, I will add docs to the README here soon 😅 spent a fair bit of time debugging beforehand |
@paddyroddy Thank you for sharing a working example — it was very helpful! Couple of Questions:
|
In our case, Renovate makes sure that the GHA workflow gets updated when a new GH Safe-Settings version is available. |
As @beatngu13 said, I want the
Sorry, I'm not sure what you mean by NOP here. |
@paddyroddy Thanks for explaining the use of renovate!
It's kind of a dry run which also produces a report. See here
I saw that you’ve set your safe-settings workflow to trigger on the pull request event. I tried the same, assuming the workflow would be a dry run when triggered by a pull request. However, it turns out the changes are applied directly instead of just being a dry run. |
I have found this too. I assume it might be a bug? In theory, I have them turned on https://github.com/UCL-MIRSG/.github/blob/4695e545829b91dcddc6e36358454bc4a879f751/.github/workflows/safe-settings.yaml#L59C11-L59C34 |
Looks like a bug, Yeah! |
Prerequisites:
Is the functionality available through the GitHub API? If the functionality is available, please provide links to the
API documentation (https://developer.github.com/v3/) as well as the Octokit documentation (https://octokit.github.io/).
If the functionality is not yet available in the API, it would be helpful if you
contacted support (https://support.github.com/) or posted in the Community Forum (https://github.community/). Please
include a link to the forum post if you create one or a copy of the response from support.
New Feature
Based on the Probot docs there is an GitHub Action adapter which should allow running Probot apps as Actions. Would this be possible as well with safe-settings?
https://probot.github.io/docs/deployment/#github-actions
The text was updated successfully, but these errors were encountered: