Skip to content

Commit 61124f6

Browse files
karinswanson-shkarinswanson-sh
committed
chore: add fork sync workflow
1 parent 039f5db commit 61124f6

File tree

1 file changed

+151
-0
lines changed

1 file changed

+151
-0
lines changed

.github/workflows/sync-fork.yaml

Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
name: Sync Fork, Upload Zips, Create Release
2+
3+
on:
4+
workflow_dispatch: {}
5+
6+
jobs:
7+
sync-fork:
8+
name: Sync Fork
9+
runs-on: ubuntu-latest
10+
outputs:
11+
upstream_tag: ${{ steps.upstream_tag.upstream_tag}}
12+
13+
steps:
14+
- name: Checkout forked repository
15+
uses: actions/checkout@v4
16+
with:
17+
fetch-depth: 0 # Fetch all history for accurate merging
18+
19+
- name: Fork tag
20+
id: fork_tag
21+
run: |
22+
# List all tags reachable from the current branch
23+
LATEST_TAG=$(git describe --tags --abbrev=0)
24+
25+
echo "Latest tag on the forked branch: $LATEST_TAG"
26+
echo "fork_tag=$LATEST_TAG" >> $GITHUB_ENV
27+
- name: Upstream tag
28+
id: upstream_tag
29+
run: |
30+
# Fetch the latest release using GitHub API
31+
LATEST_TAG=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
32+
https://api.github.com/repos/philips-labs/releases/latest | jq -r '.tag_name')
33+
34+
echo "Latest upstream tag: $LATEST_TAG"
35+
echo "upstream_tag=$LATEST_TAG" >> $GITHUB_ENV
36+
- name: Compare Image Tags
37+
id: compare-tags
38+
shell: bash
39+
run: |
40+
echo "fork_tag=$fork_tag"
41+
echo "upstream_tag=$upstream_tag"
42+
if [ "$fork_tag" == "$upstream_tag" ]; then
43+
echo "### :info: Fork is already synced, ending workflow." >> $GITHUB_STEP_SUMMARY
44+
echo "Current forked tag matches the upstream tag. QA Tag: $fork_tag, PROD Tag: $upstream_tag " >> $GITHUB_STEP_SUMMARY
45+
echo "duplicate_tag=true" >> $GITHUB_OUTPUT
46+
else
47+
echo "duplicate_tag=false" >> $GITHUB_OUTPUT
48+
fi
49+
- name: Cancel workflow if duplicate tags
50+
if: ${{ steps.compare-tags.outputs.duplicate_tags == 'true' }}
51+
uses: actions/github-script@v6
52+
with:
53+
script: |
54+
const https = require('https');
55+
const options = {
56+
hostname: 'api.github.com',
57+
path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/cancel`,
58+
headers: {
59+
'Authorization': `token ${process.env.GITHUB_TOKEN}`,
60+
'Content-Type': 'application/json',
61+
'User-Agent': 'actions/cancel-action'
62+
},
63+
method: 'POST'
64+
}
65+
const req = https.request(options, (res) => {
66+
res.on('data', (data) => {
67+
if (res.statusCode != 202) {
68+
let parsed = JSON.parse(data)
69+
console.log(`Error: ${parsed.message}`)
70+
process.exit(1)
71+
} else {
72+
console.log('Cancelled successfully.')
73+
process.exit(0)
74+
}
75+
})
76+
})
77+
req.on('error', (error) => {
78+
console.log(`HTTP Error: ${error}`)
79+
process.exit(1)
80+
})
81+
req.end();
82+
- name: Add upstream repository
83+
run: |
84+
git remote add upstream https://github.com/philips-labs/terraform-aws-github-runner.git
85+
git fetch upstream
86+
- name: Sync with upstream/main
87+
if: success()
88+
run: |
89+
git checkout main
90+
git merge upstream/main
91+
git push origin main
92+
create-release:
93+
name: Create Release
94+
runs-on: ubuntu-latest
95+
needs:
96+
- sync-fork
97+
98+
steps:
99+
- name: Checkout forked repository
100+
uses: actions/checkout@v4
101+
102+
- name: Create a release
103+
uses: actions/create-release@v1
104+
env:
105+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
106+
with:
107+
tag_name: ${{ needs.sync-fork.upstream_tag }} # Incremental tag
108+
release_name: "Release ${{ needs.sync-fork.upstream_tag }}"
109+
body: |
110+
This release contains the latest changes synced from the upstream repository.
111+
draft: false
112+
prerelease: false
113+
114+
download-s3-zips: #needs work
115+
name: Download zips and store in s3
116+
runs-on: ubuntu-latest
117+
needs:
118+
- sync-fork
119+
120+
steps:
121+
- name: Download zips
122+
run: |
123+
wget "https://github.com/philips-labs/terraform-aws-github-runner/releases/download/${{ needs.sync-fork.upstream_tag }}/runners.zip"
124+
wget "https://github.com/philips-labs/terraform-aws-github-runner/releases/download/${{ needs.sync-fork.upstream_tag }}/webhook.zip"
125+
wget "https://github.com/philips-labs/terraform-aws-github-runner/releases/download/${{ needs.sync-fork.upstream_tag }}/runner-binaries-syncer.zip"
126+
- name: Configure AWS credentials via OIDC
127+
id: oidc-creds
128+
uses: aws-actions/configure-aws-credentials@v4
129+
with:
130+
aws-region: us-east-1
131+
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID_ORG }}:role/external/github_actions
132+
role-session-name: tmchanges_assume_github_actions_role
133+
output-credentials: true
134+
135+
- name: Assume AWS Credentials
136+
uses: aws-actions/configure-aws-credentials@v4
137+
with:
138+
aws-region: us-east-1
139+
aws-access-key-id: ${{ steps.oidc-creds.outputs.aws-access-key-id }}
140+
aws-secret-access-key: ${{ steps.oidc-creds.outputs.aws-secret-access-key }}
141+
142+
- name: Upload zips to S3
143+
run: |
144+
# mgmt-infra-dev
145+
aws s3 cp runners.zip s3://mgmt-infra-dev-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/runners.zip
146+
aws s3 cp runners.zip s3://mgmt-infra-dev-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/webhook.zip
147+
aws s3 cp runners.zip s3://mgmt-infra-dev-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/runner-binaries-syncer.zip
148+
# mgmt-infra-prod
149+
aws s3 cp runners.zip s3://mgmt-infra-prod-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/runners.zip
150+
aws s3 cp runners.zip s3://mgmt-infra-prod-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/webhook.zip
151+
aws s3 cp runners.zip s3://mgmt-infra-prod-aws-gha-zips/${{ needs.sync-fork.upstream_tag }}/runner-binaries-syncer.zip

0 commit comments

Comments
 (0)