ci: bump super-linter/super-linter from 8.3.2 to 8.4.0 in the actions-deps group #14
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Merge Contribution to Internal | |
| on: | |
| pull_request_review: | |
| types: [submitted] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| checks: read | |
| actions: read | |
| jobs: | |
| check-merge-state: | |
| if: github.event.review.state == 'approved' | |
| runs-on: ubuntu-latest | |
| env: | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| SOURCE_REPO: ${{ github.repository }} | |
| outputs: | |
| checks_passed: ${{ steps.verify_checks.outputs.checks_passed }} | |
| steps: | |
| - name: Wait for Status Checks and Verify | |
| id: verify_checks | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| MAX_ATTEMPTS=120 # 120 attempts * 30 seconds = 60 minutes max | |
| ATTEMPT=0 | |
| while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do | |
| echo "Checking status checks (attempt $((ATTEMPT + 1))/$MAX_ATTEMPTS)..." | |
| # Get PR status checks | |
| STATUS_JSON=$(gh pr view $PR_NUMBER --json statusCheckRollup --repo $SOURCE_REPO) | |
| # Filter for CheckRun entries only and not this current job | |
| CHECK_RUNS=$(echo "$STATUS_JSON" | jq '[.statusCheckRollup[] | select(.__typename == "CheckRun") | select(.name != "check-merge-state" and .name != "dispatch-to-internal")]') | |
| # Check if all checks are completed | |
| INCOMPLETE_COUNT=$(echo "$CHECK_RUNS" | jq '[.[] | select(.status != "COMPLETED")] | length') | |
| if [ "$INCOMPLETE_COUNT" -eq 0 ]; then | |
| echo "All checks are completed!" | |
| # Check conclusions - must be SUCCESS, NEUTRAL, or SKIPPED | |
| FAILED_CHECKS=$(echo "$CHECK_RUNS" | jq '[.[] | select(.conclusion != "SUCCESS" and .conclusion != "NEUTRAL" and .conclusion != "SKIPPED")]') | |
| FAILED_COUNT=$(echo "$FAILED_CHECKS" | jq 'length') | |
| if [ "$FAILED_COUNT" -eq 0 ]; then | |
| echo "All checks passed with acceptable conclusions!" | |
| echo "checks_passed=true" >> $GITHUB_OUTPUT | |
| break | |
| else | |
| echo "Some checks failed:" | |
| echo "$FAILED_CHECKS" | jq -r '.[] | " - \(.name): \(.conclusion)"' | |
| echo "checks_passed=false" >> $GITHUB_OUTPUT | |
| exit 1 | |
| fi | |
| else | |
| echo "$INCOMPLETE_COUNT checks still running. Waiting 30 seconds..." | |
| ATTEMPT=$((ATTEMPT + 1)) | |
| if [ $ATTEMPT -lt $MAX_ATTEMPTS ]; then | |
| sleep 30 | |
| fi | |
| fi | |
| done | |
| if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then | |
| echo "Timed out waiting for checks to complete" | |
| echo "checks_passed=false" >> $GITHUB_OUTPUT | |
| exit 1 | |
| fi | |
| # OSS App | |
| - name: Generate GitHub App Token | |
| id: pr_app_token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ vars.WELLARCHITECTED_OSS_APP_ID }} | |
| private-key: ${{ secrets.WELLARCHITECTED_OSS_APP_PRIVATE_KEY }} | |
| owner: github | |
| repositories: | | |
| github-well-architected | |
| permission-pull-requests: write | |
| permission-contents: write | |
| - name: Enable Auto-Merge | |
| if: steps.verify_checks.outputs.checks_passed == 'true' | |
| env: | |
| GH_TOKEN: ${{ steps.pr_app_token.outputs.token }} | |
| run: | | |
| echo "Enabling auto-merge for PR #$PR_NUMBER..." | |
| gh pr merge $PR_NUMBER --auto --squash --repo $SOURCE_REPO | |
| echo "Auto-merge enabled successfully!" | |
| dispatch-to-internal: | |
| needs: check-merge-state | |
| if: needs.check-merge-state.outputs.checks_passed == 'true' && github.event.review.state == 'approved' | |
| runs-on: ubuntu-latest | |
| env: | |
| SOURCE_REPO: github/github-well-architected | |
| TARGET_REPO: github/github-well-architected-internal | |
| PR_HEAD_BRANCH: ${{ github.event.pull_request.head.ref }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| ENVIRONMENT: staging | |
| steps: | |
| # OSS App | |
| - name: Generate GitHub App Token | |
| id: dispatch_app_token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ vars.WELLARCHITECTED_OSS_APP_ID }} | |
| private-key: ${{ secrets.WELLARCHITECTED_OSS_APP_PRIVATE_KEY }} | |
| owner: github | |
| repositories: | | |
| github-well-architected | |
| github-well-architected-internal | |
| permission-deployments: write | |
| permission-contents: write | |
| - name: Create deployment | |
| id: create_deployment | |
| env: | |
| GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }} | |
| run: | | |
| ################################################################ | |
| # Check for existing deployments | |
| # If found, delete the latest one to avoid outdated deployments | |
| EXISTING_DEPLOYMENT_LATEST=$(gh api \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "/repos/$SOURCE_REPO/deployments?ref=$PR_HEAD_BRANCH&environment=$ENVIRONMENT" \ | |
| --jq '[.[] | select(.task == "deploy")] | sort_by(.created_at) | reverse | .[0].id // empty') | |
| if [ -n "$EXISTING_DEPLOYMENT_LATEST" ] && [ "$EXISTING_DEPLOYMENT_LATEST" != "null" ]; then | |
| echo "Found existing deployment with ID: $EXISTING_DEPLOYMENT_LATEST" | |
| echo "existing_deployment_id=$EXISTING_DEPLOYMENT_LATEST" >> $GITHUB_OUTPUT | |
| # Delete existing deployment | |
| gh api \ | |
| --method DELETE \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$SOURCE_REPO/deployments/$EXISTING_DEPLOYMENT_LATEST | |
| fi | |
| ################################################################ | |
| # Create new deployment | |
| DEPLOYMENT_RESPONSE=$(gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$SOURCE_REPO/deployments \ | |
| --input - <<-EOF | |
| { | |
| "ref": "$PR_HEAD_BRANCH", | |
| "environment": "$ENVIRONMENT", | |
| "description": "Deploy requested from PR $PR_NUMBER (branch: $PR_HEAD_BRANCH)", | |
| "auto_merge": false, | |
| "required_contexts": [] | |
| } | |
| EOF | |
| ) | |
| DEPLOYMENT_ID=$(echo "$DEPLOYMENT_RESPONSE" | jq -r '.id') | |
| echo "deployment_id=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT | |
| echo "Created new deployment with ID: $DEPLOYMENT_ID" | |
| - name: Update Deployment Status | |
| env: | |
| GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }} | |
| NEW_DEPLOYMENT_ID: ${{ steps.create_deployment.outputs.deployment_id }} | |
| EXISTING_DEPLOYMENT_LATEST: ${{ steps.create_deployment.outputs.existing_deployment_id }} | |
| run: | | |
| gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$SOURCE_REPO/deployments/$NEW_DEPLOYMENT_ID/statuses \ | |
| -f "state=in_progress" \ | |
| -f "description=Deployment dispatched to internal repository for processing." | |
| - name: Repository Dispatch to Internal Repo | |
| env: | |
| GH_TOKEN: ${{ steps.dispatch_app_token.outputs.token }} | |
| run: | | |
| gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$TARGET_REPO/dispatches \ | |
| -f 'event_type=opensource-sync-to-publish' \ | |
| -f "client_payload[pr_url]=${{ github.event.pull_request.html_url }}" \ | |
| -f "client_payload[pr_number]=$PR_NUMBER" \ | |
| -f "client_payload[head_ref]=$PR_HEAD_BRANCH" \ |