Merge pull request #244 from orange-cloudfoundry/renovate/master-mike… #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: rebase-release-branches-on-master-branch-commits | |
| permissions: | |
| contents: write # allow git push to repo and the github release and its artefact | |
| on: | |
| workflow_dispatch: # to allow manual trigger | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| with: | |
| fetch-depth: 0 | |
| # TODO: test use of the syntax token from https://github.com/actions/checkout/blob/b4ffde65f46336ab88eb53be808477a3936bae11/README.md?plain=1#L32-L42 | |
| # and remove basic auth in the remote_repo url below, reducing risks of leaking the token in logs | |
| persist-credentials: false # Make sure PAT_FOR_REBASE_WORKFLOW token is used, See https://github.com/orgs/community/discussions/25702#discussioncomment-6313966 | |
| - name: rebase all release branches | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PAT_FOR_REBASE_WORKFLOW }} | |
| run: | | |
| set -x # enable traces | |
| #pwd | |
| #find . | |
| # configure git | |
| git config --global user.name "workflows/k3s-boshrelease/rebase-release-branches-on-master-branch-commits" | |
| git config --global user.email "<>" | |
| git config --global --add safe.directory /github/workspace | |
| #Note: using explicit url to not use github workflow token, otherwise other rebases will he ignored | |
| # See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow | |
| # > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch | |
| # > and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. | |
| # > For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository | |
| # > contains a workflow configured to run when push events occur. | |
| remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" | |
| # Note: actions/checkout does not include local branches, see https://github.com/actions/checkout/issues/1017#issuecomment-1344861321 | |
| # therefore we iterate on remote branches | |
| git branch -r | |
| RELEASE_BRANCHES=$(git branch -r --list "origin/release-*") | |
| for r in ${RELEASE_BRANCHES}; do | |
| BRANCH_WITHOUT_PREFIX=${r#origin/} | |
| git checkout ${BRANCH_WITHOUT_PREFIX} | |
| git rebase master | |
| git push --force ${remote_repo} | |
| done | |