revert

ChristianZaccaria · ChristianZaccaria · commit 11d45548bea6 · 2024-11-04T15:39:13.000Z
diff --git a/.github/workflows/fake-release.yaml b/.github/workflows/fake-release.yaml
@@ -8,47 +8,50 @@ on:
               required: true
               description: 'Version number (for example: 0.1.0)'
     push:
-        branches:
-            - test-odh-notebooks-sync
+        branches: [ main ]
 
 env:
-  BRANCH_NAME: main
   PR_BRANCH_NAME: snyk-tag-monitoring-${{ github.run_id }}
-  GITHUB_TOKEN: ${{ secrets.GH_CLI_TOKEN }}
   RELEASE_VERSION: ${{ github.event.inputs.release-version || '0.2.0' }}
 
 jobs:
     release:
         runs-on: ubuntu-latest
+        permissions:
+          contents: write
+          pull-requests: write
         steps:
           - name: Checkout code
             uses: actions/checkout@v4
             with:
                 submodules: recursive
+                token: ${{ secrets.GH_CLI_TOKEN }}
 
           - name: Append tag to Snyk monitoring list
             run: |
-              sed -i 's/list_of_released_tags=(/list_of_released_tags=("v$RELEASE_VERSION", /' .github/workflows/snyk-security.yaml
+              sed -i 's/list_of_released_tags=(/list_of_released_tags=("v${{ github.event.inputs.release-version }}", /' .github/workflows/snyk-security.yaml
 
           - name: Commit and push changes
             run: |
               git config --global user.email "138894154+codeflare-machine-account@users.noreply.github.com"
               git config --global user.name "codeflare-machine-account"
               git checkout -b $PR_BRANCH_NAME
               git commit -am "Update snyk-security.yaml"
-              git push origin $PR_BRANCH_NAME
+              git push --set-upstream origin "$PR_BRANCH_NAME"
 
           - name: Create Pull Request
             run: |
                 gh pr create \
                 --title "$pr_title" \
                 --body "$pr_body" \
                 --head ${{ env.PR_BRANCH_NAME }} \
-                --base "$GIT_BRANCH"
+                --base main \
+                --label "lgtm" \
+                --label "approved"
             env:
-              pr_title: "Append tag $RELEASE_VERSION to Snyk monitoring list"
+              GITHUB_TOKEN: ${{ secrets.GH_CLI_TOKEN }}
+              pr_title: "[CodeFlare-Machine] Append tag v${{ github.event.inputs.release-version }} to Snyk monitoring list"
               pr_body: |
                 :rocket: This is an automated Pull Request generated by [release.yaml](https://github.com/project-codeflare/codeflare-sdk/blob/main/.github/workflows/release.yaml) workflow.
 
                 This PR appends to the list of tags that Snyk will be monitoring.
-              GIT_BRANCH: ${GITHUB_REF#refs/heads/}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -27,15 +27,22 @@ on:
               type: string
               default: "project-codeflare"
 
+env:
+  PR_BRANCH_NAME: snyk-tag-monitoring-${{ github.run_id }}
+
 jobs:
     release:
         runs-on: ubuntu-latest
         permissions:
             contents: write
             id-token: write  # This permission is required for trusted publishing
+            pull-requests: write # This permission is required for creating PRs
         steps:
             - name: Checkout the repository
               uses: actions/checkout@v4
+              with:
+                  submodules: recursive
+                  token: ${{ secrets.GH_CLI_TOKEN }}
             - name: Install Python
               uses: actions/setup-python@v5
               with:
@@ -81,3 +88,32 @@ jobs:
               env:
                 GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }}
               shell: bash
+
+            - name: Append tag to Snyk monitoring list
+              run: |
+                sed -i 's/list_of_released_tags=(/list_of_released_tags=("v${{ github.event.inputs.release-version }}", /' .github/workflows/snyk-security.yaml
+
+            - name: Commit and push changes
+              run: |
+                git config --global user.email "138894154+codeflare-machine-account@users.noreply.github.com"
+                git config --global user.name "codeflare-machine-account"
+                git checkout -b $PR_BRANCH_NAME
+                git commit -am "Update snyk-security.yaml"
+                git push --set-upstream origin "$PR_BRANCH_NAME"
+
+            - name: Create Pull Request
+              run: |
+                  gh pr create \
+                  --title "$pr_title" \
+                  --body "$pr_body" \
+                  --head ${{ env.PR_BRANCH_NAME }} \
+                  --base main \
+                  --label "lgtm" \
+                  --label "approved"
+              env:
+                GITHUB_TOKEN: ${{ secrets.GH_CLI_TOKEN }}
+                pr_title: "[CodeFlare-Machine] Append tag v${{ github.event.inputs.release-version }} to Snyk monitoring list"
+                pr_body: |
+                  :rocket: This is an automated Pull Request generated by [release.yaml](https://github.com/project-codeflare/codeflare-sdk/blob/main/.github/workflows/release.yaml) workflow.
+
+                  This PR appends to the list of tags that Snyk will be monitoring.
