audit log pipelines workflow followup (#41156)

Co-authored-by: Rachael Sewell <rachmari@github.com>
2026-01-05 21:04:17 -05:00 · 2023-08-22 15:13:18 -05:00
parent 32c75debba
commit a5d0c41df5
3 changed files with 51 additions and 48 deletions
--- a/.github/workflows/sync-audit-logs.yml
+++ b/.github/workflows/sync-audit-logs.yml
@@ -26,7 +26,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  update_audit_logs_files:
+  update-audit-log-files:
    if: github.repository == 'github/docs-internal'
    runs-on: ubuntu-latest
    steps:
@@ -47,62 +47,55 @@ jobs:
        run: |
          src/audit-logs/scripts/sync.js

-      - name: Check if changes exist
-        id: changes-exist
+      - name: Get the audit-log-allowlists SHA being synced
+        id: audit-log-allowlists
+        run: |
+          COMMIT_SHA=$(cat src/audit-logs/lib/config.json | jq -r '.sha')
+          echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT
+          echo "Commit SHA from audit-log-allowlists: $COMMIT_SHA"
+          if [ -z $COMMIT_SHA ]; then
+            echo "audit-log-allowlists commit SHA is empty!"
+            exit 1
+          fi
+
+      - name: Create pull request
+        env:
+          # Needed for gh
+          GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
        run: |
          # If nothing to commit, exit now. It's fine. No orphans.
          changes=$(git diff --name-only | wc -l)
          untracked=$(git status --untracked-files --short | wc -l)
          if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
-            echo "There are no changes to commit after running src/audit-logs/scripts/sync.js. Exiting..."
-            echo "CHANGES_EXIST=false" >> "$GITHUB_OUTPUT"
+            echo "There are no changes to commit after running src/rest/scripts/update-files.js. Exiting..."
            exit 0
-          else
-            echo "CHANGES_EXIST=true" >> "$GITHUB_OUTPUT"
          fi

-      - name: Create pull request
-        if: ${{ steps.changes-exist.outputs.CHANGES_EXIST == 'true' }}
-        id: create-pull-request
-        uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 # pin @v5.0.0
-        env:
-          # Disable pre-commit hooks; they don't play nicely here
-          HUSKY: '0'
-        with:
-          # Need to use a token with repo and workflow scopes for this step.
-          # Token should be a PAT because actions performed with GITHUB_TOKEN
-          # don't trigger other workflows and this action force pushes updates
-          # from the default branch.
-          token: ${{ secrets.DOCS_BOT_PAT_WORKFLOW }}
-          commit-message: 'Update Audit Logs data files'
-          title: Audit Logs schema update
-          body:
-            "Hello! Some Audit Logs data in github/audit-log-allowlists was updated recently. This PR
-            syncs up the Audit Logs data in this repo.\n\n
-            If CI passes, this PR will be auto-merged. :green_heart:\n\n
-            If CI does not pass or other problems arise, contact #docs-engineering on slack."
-          branch: audit-logs-schema-update
+          git config --global user.name "docs-bot"
+          git config --global user.email "77750099+docs-bot@users.noreply.github.com"

-      - name: Enable GitHub auto-merge
-        if: ${{ steps.create-pull-request.outputs.pull-request-number }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
-          AUTOMERGE_PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
-        run: node .github/actions-scripts/enable-automerge.js
+          branchname=audit-logs-schema-update-${{ steps.audit-log-allowlists.outputs.COMMIT_SHA }}

-      - if: ${{ failure() && env.FREEZE != 'true'}}
-        name: Delete remote branch (if previous steps failed)
-        uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          branches: audit-logs-schema-update
+          remotesha=$(git ls-remote --heads origin $branchname)
+          if [ -n "$remotesha" ]; then
+            # output is not empty, it means the remote branch exists
+            echo "Branch $branchname already exists in 'github/docs-internal'. Exiting..."
+            exit 0
+          fi

-      - if: ${{ steps.create-pull-request.outputs.pull-request-number }}
-        name: Approve
-        uses: juliangruber/approve-pull-request-action@dcc4effb325c0b503408619918d56e40653dcc91
-        with:
-          github-token: ${{ secrets.DOCUBOT_REPO_PAT }}
-          number: ${{ steps.create-pull-request.outputs.pull-request-number }}
+          git checkout -b $branchname
+          git add .
+          git commit -m "Add updated audit log event data"
+          git push origin $branchname
+
+          echo "Creating pull request..."
+          gh pr create \
+            --title "Update audit log event data" \
+            --body '👋 humans. This PR updates the audit log event data with the latest changes. (Synced from github/audit-log-allowlists)
+
+            If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
+            --repo github/docs-internal \
+            --label audit-log-pipeline

      # - name: Send Slack notification if workflow fails
      #   uses: someimportantcompany/github-actions-slack-message@1d367080235edfa53df415bd8e0bbab480f29bad