update cloud provider IP ranges #109
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update cloud provider IP ranges | |
| on: | |
| # run weekly: | |
| schedule: | |
| - cron: '27 3 * * 1' # 3:27am every Monday (UTC) | |
| # run on-demand via manual triggering: | |
| workflow_dispatch: | |
| jobs: | |
| generate: | |
| permissions: | |
| contents: 'write' # allow creating a branch and pushing commits | |
| pull-requests: 'write' # allow opening PRs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 | |
| with: | |
| go-version-file: go.mod | |
| - name: make gen | |
| id: generate | |
| run: | | |
| make gen | |
| # NOTE: we only diff against the generated file, not the entire repo, | |
| # because some providers (GCP) update the timestamp in the JSON | |
| # file even if the IP ranges haven't changed. | |
| if git diff --exit-code "./zz_generated.go"; then | |
| echo "==> No changes detected." | |
| echo "dirty=false" >>"$GITHUB_OUTPUT" | |
| else | |
| echo "dirty=true" >>"$GITHUB_OUTPUT" | |
| fi | |
| # # Create a branch and open a PR if there are changes | |
| - if: steps.generate.outputs.dirty == 'true' | |
| name: Create branch | |
| id: create-branch | |
| run: | | |
| TIMESTAMP=$(date +%F_%H%M) | |
| BRANCH_NAME=update-data/$TIMESTAMP | |
| echo "branch=$BRANCH_NAME" >>"$GITHUB_OUTPUT" | |
| echo "timestamp=$TIMESTAMP" >>"$GITHUB_OUTPUT" | |
| git checkout -b "$BRANCH_NAME" | |
| - if: steps.generate.outputs.dirty == 'true' | |
| name: Push branch | |
| uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: ${{ steps.create-branch.outputs.branch }} | |
| - if: steps.generate.outputs.dirty == 'true' | |
| name: Commit any changes | |
| uses: planetscale/ghcommit-action@f24050e41f8694750427d111b52f4ef9ca81a32d # v0.2.18 | |
| with: | |
| commit_message: 🤖 update cloud provider IP ranges ${{ steps.create-branch.outputs.timestamp }} | |
| repo: ${{ github.repository }} | |
| branch: ${{ steps.create-branch.outputs.branch }} | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - if: steps.generate.outputs.dirty == 'true' | |
| name: Open pull request | |
| run: | | |
| label="bot/update-data-pr" | |
| # close any existing PRs with the same label: | |
| for i in $(gh pr list -l "$label" --state open --json number --jq '.[].number'); do | |
| gh pr close "$i" -d -c "superseded by newer PR" | |
| done | |
| gh pr create \ | |
| --title '🤖 update cloud provider IP ranges ${{ steps.create-branch.outputs.timestamp }}' \ | |
| --body "This PR was opened automatically by the 'update-data.yaml' GHA workflow" \ | |
| --head "${{ steps.create-branch.outputs.branch }}" \ | |
| --label "$label" \ | |
| --base main | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # open/update an issue if a scheduled workflow fails | |
| notify: | |
| name: open issue on failed workflow | |
| needs: generate | |
| if: failure() && github.event.pull_request == null | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: jayqi/failed-build-issue-action@1a893bbf43ef1c2a8705e2b115cd4f0fe3c5649b # v1 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| label-name: bot/update-data-fail |