jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-04 09:06:46 -05:00
Code Issues Projects Releases Wiki Activity
Files
07f8bdb5baabbd342cbaef77f74e22da2d42b607
docs/.github/workflows/sync-audit-logs.yml
Grace Park 8d2de79d5f Adding audit log actions workflow (#37253) 
Co-authored-by: Robert Sese <734194+rsese@users.noreply.github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>
2023-08-18 17:39:55 +00:00

115 lines
4.9 KiB
YAML
Raw Blame History

name: Sync Audit Log data
# **What it does**: This updates our Audit Logs schema.
# **Why we have it**: We want our Audit Logs up to date.
# **Who does it impact**: Docs engineering, people reading Audit Logs.
on:
workflow_dispatch:
permissions:
contents: write
pull-requests: write
# **IMPORTANT:** Do not change the FREEZE environment variable set here!
# This workflow runs on a recurring basis. To temporarily disable it (e.g.,
# during a docs deployment freeze), add an Actions Secret to the repo settings
# called `FREEZE` with a value of `true`. To re-enable Audit Logs updates, simply
# delete that Secret from the repo settings. The environment variable here
# will duplicate that Secret's value for later evaluation.
env:
FREEZE: ${{ secrets.FREEZE }}
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
update_audit_logs_files:
if: github.repository == 'github/docs-internal'
runs-on: ubuntu-latest
steps:
- if: ${{ env.FREEZE == 'true' }}
run: |
echo 'The repo is currently frozen! Exiting this workflow.'
exit 1 # prevents further steps from running
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: ./.github/actions/node-npm-setup
- name: Run updater script
env:
# need to use a token from a user with access to github/audit-log-allowlists for this step
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
run: |
src/audit-logs/scripts/sync.js
- name: Check if changes exist
id: changes-exist
run: |
# If nothing to commit, exit now. It's fine. No orphans.
changes=$(git diff --name-only | wc -l)
untracked=$(git status --untracked-files --short | wc -l)
if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then
echo "There are no changes to commit after running src/audit-logs/scripts/sync.js. Exiting..."
echo "CHANGES_EXIST=false" >> "$GITHUB_OUTPUT"
exit 0
else
echo "CHANGES_EXIST=true" >> "$GITHUB_OUTPUT"
fi
- name: Create pull request
if: ${{ steps.changes-exist.outputs.CHANGES_EXIST == 'true' }}
id: create-pull-request
uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 # pin @v5.0.0
env:
# Disable pre-commit hooks; they don't play nicely here
HUSKY: '0'
with:
# Need to use a token with repo and workflow scopes for this step.
# Token should be a PAT because actions performed with GITHUB_TOKEN
# don't trigger other workflows and this action force pushes updates
# from the default branch.
token: ${{ secrets.DOCS_BOT_PAT_WORKFLOW }}
commit-message: 'Update Audit Logs data files'
title: Audit Logs schema update
body:
"Hello! Some Audit Logs data in github/audit-log-allowlists was updated recently. This PR
syncs up the Audit Logs data in this repo.\n\n
If CI passes, this PR will be auto-merged. :green_heart:\n\n
If CI does not pass or other problems arise, contact #docs-engineering on slack."
branch: audit-logs-schema-update
- name: Enable GitHub auto-merge
if: ${{ steps.create-pull-request.outputs.pull-request-number }}
env:
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
AUTOMERGE_PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
run: node .github/actions-scripts/enable-automerge.js
- if: ${{ failure() && env.FREEZE != 'true'}}
name: Delete remote branch (if previous steps failed)
uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branches: audit-logs-schema-update
- if: ${{ steps.create-pull-request.outputs.pull-request-number }}
name: Approve
uses: juliangruber/approve-pull-request-action@dcc4effb325c0b503408619918d56e40653dcc91
with:
github-token: ${{ secrets.DOCUBOT_REPO_PAT }}
number: ${{ steps.create-pull-request.outputs.pull-request-number }}
# - name: Send Slack notification if workflow fails
# uses: someimportantcompany/github-actions-slack-message@1d367080235edfa53df415bd8e0bbab480f29bad
# if: ${{ failure() && env.FREEZE != 'true' }}
# with:
# channel: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
# bot-token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
# color: failure
# text: The last sync-audit-logs run for ${{github.repository}} failed. See https://github.com/${{github.repository}}/actions/workflows/sync-audit-logs.yml
Reference in New Issue View Git Blame Copy Permalink