modules/.github/workflows/fetch.yaml at main · bufbuild/modules · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Fetch references

on:
  schedule:
    # At 7:00 EST (12:00 UTC) on every day-of-week from Monday through Friday. https://crontab.guru/#0_12_*_*_1-5
    - cron: "0 12 * * 1-5"
  workflow_dispatch:
permissions:
  contents: read
  issues: write
jobs:
  fetch-references:
    runs-on: ubuntu-latest
    if: github.repository == 'bufbuild/modules'
    steps:
      - name: Generate token
        id: generate_token
        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        with:
          app-id: 295926
          private-key: ${{ secrets.TOKEN_EXCHANGE_GH_APP_PRIVATE_KEY }}
          permission-contents: write
          permission-pull-requests: write
          permission-members: read
      - name: Checkout repository code
        uses: actions/checkout@v6
      - name: Install Go
        uses: actions/setup-go@v6
        with:
          go-version: 1.26.x
          check-latest: true
          cache: true
      - uses: bufbuild/buf-action@fd21066df7214747548607aaa45548ba2b9bc1ff # v1.4.0
        with:
          setup_only: true
          version: 1.67.0 # pinning to v1.67.0 while the new compiler fixes in v1.68.0+ are released
      - name: Fetch references
        run: |
          bash ./scripts/fetch.sh
        env:
          BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Create PR
        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
        with:
          add-paths: ./modules/sync/**
          commit-message: "Detected new managed modules references"
          # This branch is ignored for the 'buf-ci.yaml' action. Keep this branch name synced there.
          branch: fetch-modules
          delete-branch: true
          title: "Found new managed modules references"
          body: ""
          team-reviewers: bufbuild/core-team
          token: ${{ steps.generate_token.outputs.token }}
          author: ${{ steps.generate_token.outputs.app-slug }}[bot] <${{ steps.generate_token.outputs.app-slug }}[bot]@users.noreply.github.com>
          committer: ${{ steps.generate_token.outputs.app-slug }}[bot] <${{ steps.generate_token.outputs.app-slug }}[bot]@users.noreply.github.com>
      - name: Generate Github Token
        id: generate_issues_token
        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        if: ${{ failure() }}
        with:
          app-id: ${{ secrets.BUFBUILD_ISSUE_CREATOR_APP_ID }}
          private-key: ${{ secrets.BUFBUILD_ISSUE_CREATOR_APP_KEY }}
          permission-issues: write
      - uses: dblock/create-a-github-issue@a25e69ccb88998dc267170a0dbde8ef8ac3a491c # v3.4.0
        if: ${{ failure() }}
        env:
          GITHUB_TOKEN: ${{ steps.generate_issues_token.outputs.token }}
          GITHUB_SERVER_URL: ${ github.server_url }}
          GITHUB_REPOSITORY: ${{ github.repository }}
          GITHUB_RUN_ID: ${{ github.run_id }}
          GITHUB_RUN_ATTEMPT: ${{ github.run_attempt }}
        with:
          filename: .github/automatic-workflow-issue-template.md
          update_existing: true
          search_existing: open