From 670dd81b3ff04199928a4ef76f16111b058e72bc Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Jan 2024 18:24:26 +0100 Subject: [PATCH 1/3] chore: add Action to sync from upstream Add a GitHub action that will update the current repository from upstream on a daily basis. --- .github/workflows/sync-from-upstream.yml | 59 ++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/sync-from-upstream.yml diff --git a/.github/workflows/sync-from-upstream.yml b/.github/workflows/sync-from-upstream.yml new file mode 100644 index 0000000000000..0e822920d6a6a --- /dev/null +++ b/.github/workflows/sync-from-upstream.yml @@ -0,0 +1,59 @@ +name: Sync repository from upstream +on: + workflow_dispatch: {} + schedule: + - cron: 5 2 * * * + +env: + BRANCHES: main v2-release + +jobs: + + # Check for the presence of a PROJEN_GITHUB_TOKEN secret. + # + # This is expected to contain a personal access token of someone + # who pas permissions to bypass branch protection rules. + # + # If not present, we will use GitHub Actions Token permissions, + # but those are bound by branch protection rules. + check-secret: + + # Don't run on the target repo itself, only forks + if: github.repository != 'aws/aws-cdk' + runs-on: ubuntu-latest + steps: + - name: Check for presence of PROJEN_GITHUB_TOKEN + id: check-secrets + run: | + if [ ! -z "${{ secrets.PROJEN_GITHUB_TOKEN }}" ]; then + echo "ok=true" >> $GITHUB_OUTPUT + else + echo "ok=false" >> $GITHUB_OUTPUT + fi + outputs: + ok: ${{ steps.check-secrets.outputs.ok }} + + sync-branch: + runs-on: ubuntu-latest + permissions: + contents: write + needs: [check-secret] + steps: + - name: Checkout using User Token + uses: actions/checkout@v4 + if: needs.check-secret.outputs.ok == 'true' + with: + token: ${{ secrets.PROJEN_GITHUB_TOKEN }} + + - name: Checkout using GitHub Actions permissions + uses: actions/checkout@v4 + if: needs.check-secret.outputs.ok == 'false' + + - name: Sync from aws/aws-cdk + run: |- + git remote add upstream https://github.com/aws/aws-cdk.git + git fetch upstream + + for branch in $BRANCHES; do + git push origin --force refs/remotes/upstream/$branch:refs/heads/$branch + done From e5ab4e40b16be6ed390e0e018fe3ffced85df204 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Jan 2024 18:34:05 +0100 Subject: [PATCH 2/3] This is slightly nicer whitespaceing --- .github/workflows/sync-from-upstream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-from-upstream.yml b/.github/workflows/sync-from-upstream.yml index 0e822920d6a6a..5f9a8229e4df8 100644 --- a/.github/workflows/sync-from-upstream.yml +++ b/.github/workflows/sync-from-upstream.yml @@ -17,9 +17,9 @@ jobs: # If not present, we will use GitHub Actions Token permissions, # but those are bound by branch protection rules. check-secret: - # Don't run on the target repo itself, only forks if: github.repository != 'aws/aws-cdk' + runs-on: ubuntu-latest steps: - name: Check for presence of PROJEN_GITHUB_TOKEN From c9b2e5eaf797df99f6604306c5bd8c65ca2721ea Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Wed, 10 Jan 2024 18:34:35 +0100 Subject: [PATCH 3/3] Reorder yaml for readability --- .github/workflows/sync-from-upstream.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-from-upstream.yml b/.github/workflows/sync-from-upstream.yml index 5f9a8229e4df8..ebb0403c65ae4 100644 --- a/.github/workflows/sync-from-upstream.yml +++ b/.github/workflows/sync-from-upstream.yml @@ -40,14 +40,14 @@ jobs: needs: [check-secret] steps: - name: Checkout using User Token - uses: actions/checkout@v4 if: needs.check-secret.outputs.ok == 'true' + uses: actions/checkout@v4 with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} - name: Checkout using GitHub Actions permissions - uses: actions/checkout@v4 if: needs.check-secret.outputs.ok == 'false' + uses: actions/checkout@v4 - name: Sync from aws/aws-cdk run: |-