-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding external runner for doing a one-time full-sync (#604)
* Adding external runner for doing a one-time full-sync * Updating docs to describe GHA setup process
- Loading branch information
Showing
5 changed files
with
87 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# Running Safe-settings with GitHub Actions (GHA) | ||
|
||
This guide describes how to schedule a full safe-settings sync using GitHub Actions. This assumes that an `admin` repository has been configured with your `safe-settings` configuration. Refer to the [How to Use](../README.md#how-to-use) docs for more details on that process. | ||
|
||
|
||
## GitHub App Creation | ||
Follow the [Create the GitHub App](deploy.md#create-the-github-app) guide to create an App in your GitHub account. This will allow `safe-settings` to access and modify your repos. | ||
|
||
|
||
## Defining the GitHub Action Workflow | ||
Running a full-sync with `safe-settings` can be done via `npm run full-sync`. This requires installing Node, such as with [actions/setup-node](https://github.com/actions/setup-node) (see example below). When doing so, the appropriate environment variables must be set (see the [Environment variables](#environment-variables) document for more details). | ||
|
||
|
||
### Example GHA Workflow | ||
The below example uses the GHA "cron" feature to run a full-sync every 4 hours. While not required, this example uses the `.github` repo as the `admin` repo (set via `ADMIN_REPO` env var) and the safe-settings configurations are stored in the `safe-settings/` directory (set via `CONFIG_PATH` and `DEPLOYMENT_CONFIG_FILE`). | ||
|
||
```yaml | ||
name: Safe Settings Sync | ||
on: | ||
schedule: | ||
- cron: "0 */4 * * *" | ||
workflow_dispatch: {} | ||
|
||
jobs: | ||
safeSettingsSync: | ||
runs-on: ubuntu-latest | ||
env: | ||
# Version/tag of github/safe-settings repo to use: | ||
SAFE_SETTINGS_VERSION: 2.1.13 | ||
|
||
# Path on GHA runner box where safe-settings code downloaded to: | ||
SAFE_SETTINGS_CODE_DIR: ${{ github.workspace }}/.safe-settings-code | ||
steps: | ||
# Self-checkout of 'admin' repo for access to safe-settings config: | ||
- uses: actions/checkout@v4 | ||
|
||
# Checkout of safe-settings repo for running full sync: | ||
- uses: actions/checkout@v4 | ||
with: | ||
repository: github/safe-settings | ||
ref: $SAFE_SETTINGS_VERSION | ||
path: $SAFE_SETTINGS_CODE_DIR | ||
- uses: actions/setup-node@v4 | ||
- run: npm install | ||
working-directory: $SAFE_SETTINGS_CODE_DIR | ||
- run: npm run full-sync | ||
working-directory: $SAFE_SETTINGS_CODE_DIR | ||
env: | ||
GH_ORG: ${{ vars.SAFE_SETTINGS_GH_ORG }} | ||
APP_ID: ${{ vars.SAFE_SETTINGS_APP_ID }} | ||
PRIVATE_KEY: ${{ secrets.SAFE_SETTINGS_PRIVATE_KEY }} | ||
GITHUB_CLIENT_ID: ${{ vars.SAFE_SETTINGS_GITHUB_CLIENT_ID }} | ||
GITHUB_CLIENT_SECRET: ${{ secrets.SAFE_SETTINGS_GITHUB_CLIENT_SECRET }} | ||
ADMIN_REPO: .github | ||
CONFIG_PATH: safe-settings | ||
DEPLOYMENT_CONFIG_FILE: ${{ github.workspace }}/safe-settings/deployment-settings.yml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
const { createProbot } = require('probot') | ||
const appFn = require('./') | ||
|
||
const probot = createProbot() | ||
probot.log.info('Starting full sync.') | ||
const app = appFn(probot, {}) | ||
app.syncInstallation() | ||
.then(settings => { | ||
if (settings.errors.length > 0) { | ||
probot.log.error('Errors occurred during full sync.') | ||
process.exit(1) | ||
} else { | ||
probot.log.info('Done with full sync.') | ||
} | ||
}) | ||
.catch(error => { | ||
process.stdout.write(`Unexpected error during full sync: ${error}\n`) | ||
process.exit(1) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters