diff --git a/.github/workflows/sync-audit-logs.yml b/.github/workflows/sync-audit-logs.yml index a9b712ab46..f478e3a803 100644 --- a/.github/workflows/sync-audit-logs.yml +++ b/.github/workflows/sync-audit-logs.yml @@ -26,7 +26,7 @@ concurrency: cancel-in-progress: true jobs: - update_audit_logs_files: + update-audit-log-files: if: github.repository == 'github/docs-internal' runs-on: ubuntu-latest steps: @@ -47,62 +47,55 @@ jobs: run: | src/audit-logs/scripts/sync.js - - name: Check if changes exist - id: changes-exist + - name: Get the audit-log-allowlists SHA being synced + id: audit-log-allowlists + run: | + COMMIT_SHA=$(cat src/audit-logs/lib/config.json | jq -r '.sha') + echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT + echo "Commit SHA from audit-log-allowlists: $COMMIT_SHA" + if [ -z $COMMIT_SHA ]; then + echo "audit-log-allowlists commit SHA is empty!" + exit 1 + fi + + - name: Create pull request + env: + # Needed for gh + GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} run: | # If nothing to commit, exit now. It's fine. No orphans. changes=$(git diff --name-only | wc -l) untracked=$(git status --untracked-files --short | wc -l) if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then - echo "There are no changes to commit after running src/audit-logs/scripts/sync.js. Exiting..." - echo "CHANGES_EXIST=false" >> "$GITHUB_OUTPUT" + echo "There are no changes to commit after running src/rest/scripts/update-files.js. Exiting..." exit 0 - else - echo "CHANGES_EXIST=true" >> "$GITHUB_OUTPUT" fi - - name: Create pull request - if: ${{ steps.changes-exist.outputs.CHANGES_EXIST == 'true' }} - id: create-pull-request - uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 # pin @v5.0.0 - env: - # Disable pre-commit hooks; they don't play nicely here - HUSKY: '0' - with: - # Need to use a token with repo and workflow scopes for this step. - # Token should be a PAT because actions performed with GITHUB_TOKEN - # don't trigger other workflows and this action force pushes updates - # from the default branch. - token: ${{ secrets.DOCS_BOT_PAT_WORKFLOW }} - commit-message: 'Update Audit Logs data files' - title: Audit Logs schema update - body: - "Hello! Some Audit Logs data in github/audit-log-allowlists was updated recently. This PR - syncs up the Audit Logs data in this repo.\n\n - If CI passes, this PR will be auto-merged. :green_heart:\n\n - If CI does not pass or other problems arise, contact #docs-engineering on slack." - branch: audit-logs-schema-update + git config --global user.name "docs-bot" + git config --global user.email "77750099+docs-bot@users.noreply.github.com" - - name: Enable GitHub auto-merge - if: ${{ steps.create-pull-request.outputs.pull-request-number }} - env: - GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }} - AUTOMERGE_PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }} - run: node .github/actions-scripts/enable-automerge.js + branchname=audit-logs-schema-update-${{ steps.audit-log-allowlists.outputs.COMMIT_SHA }} - - if: ${{ failure() && env.FREEZE != 'true'}} - name: Delete remote branch (if previous steps failed) - uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - branches: audit-logs-schema-update + remotesha=$(git ls-remote --heads origin $branchname) + if [ -n "$remotesha" ]; then + # output is not empty, it means the remote branch exists + echo "Branch $branchname already exists in 'github/docs-internal'. Exiting..." + exit 0 + fi - - if: ${{ steps.create-pull-request.outputs.pull-request-number }} - name: Approve - uses: juliangruber/approve-pull-request-action@dcc4effb325c0b503408619918d56e40653dcc91 - with: - github-token: ${{ secrets.DOCUBOT_REPO_PAT }} - number: ${{ steps.create-pull-request.outputs.pull-request-number }} + git checkout -b $branchname + git add . + git commit -m "Add updated audit log event data" + git push origin $branchname + + echo "Creating pull request..." + gh pr create \ + --title "Update audit log event data" \ + --body '👋 humans. This PR updates the audit log event data with the latest changes. (Synced from github/audit-log-allowlists) + + If CI does not pass or other problems arise, contact #docs-engineering on slack.' \ + --repo github/docs-internal \ + --label audit-log-pipeline # - name: Send Slack notification if workflow fails # uses: someimportantcompany/github-actions-slack-message@1d367080235edfa53df415bd8e0bbab480f29bad diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json new file mode 100644 index 0000000000..f7db90cb35 --- /dev/null +++ b/src/audit-logs/lib/config.json @@ -0,0 +1,3 @@ +{ + "sha": "" +} \ No newline at end of file diff --git a/src/audit-logs/scripts/sync.js b/src/audit-logs/scripts/sync.js index 4c75cc8c43..7cc1fbf330 100755 --- a/src/audit-logs/scripts/sync.js +++ b/src/audit-logs/scripts/sync.js @@ -10,11 +10,11 @@ * per page. */ import { existsSync } from 'fs' -import { writeFile } from 'fs/promises' +import { readFile, writeFile } from 'fs/promises' import { mkdirp } from 'mkdirp' import path from 'path' -import { getContents } from '../../../script/helpers/git-utils.js' +import { getContents, getCommitSha } from '../../../script/helpers/git-utils.js' if (!process.env.GITHUB_TOKEN) { throw new Error('GITHUB_TOKEN environment variable must be set to run this script') @@ -63,6 +63,13 @@ async function main() { const ref = 'main' const schemaFilePath = 'data/schema.json' const schemaEvents = JSON.parse(await getContents(owner, repo, ref, schemaFilePath)) + const mainSha = await getCommitSha(owner, repo, `heads/${ref}`) + + // update pipeline config data + const configFilepath = `src/audit-logs/lib/config.json` + const configData = JSON.parse(await readFile(configFilepath, 'utf8')) + configData.sha = mainSha + await writeFile(configFilepath, JSON.stringify(configData, null, 2)) // translate allowLists values into the versions and audit log page the event // belongs to -- for versions: