forked from orange-cloudfoundry/k3s-boshrelease
-
Notifications
You must be signed in to change notification settings - Fork 1
56 lines (47 loc) · 2.73 KB
/
rebase-release-branches-on-master-branch-commits.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: rebase-release-branches-on-master-branch-commits
permissions:
contents: write # allow git push to repo and the github release and its artefact
on:
workflow_dispatch: # to allow manual trigger
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
# TODO: test use of the syntax token from https://github.com/actions/checkout/blob/b4ffde65f46336ab88eb53be808477a3936bae11/README.md?plain=1#L32-L42
# and remove basic auth in the remote_repo url below, reducing risks of leaking the token in logs
persist-credentials: false # Make sure PAT_FOR_REBASE_WORKFLOW token is used, See https://github.com/orgs/community/discussions/25702#discussioncomment-6313966
- name: rebase all release branches
env:
GITHUB_TOKEN: ${{ secrets.PAT_FOR_REBASE_WORKFLOW }}
run: |
set -x # enable traces
#pwd
#find .
# configure git
git config --global user.name "workflows/k3s-boshrelease/rebase-release-branches-on-master-branch-commits"
git config --global user.email "<>"
git config --global --add safe.directory /github/workspace
#Note: using explicit url to not use github workflow token, otherwise other rebases will he ignored
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch
# > and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
# > For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository
# > contains a workflow configured to run when push events occur.
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
# Note: actions/checkout does not include local branches, see https://github.com/actions/checkout/issues/1017#issuecomment-1344861321
# therefore we iterate on remote branches
git branch -r
RELEASE_BRANCHES=$(git branch -r --list "origin/release-*")
for r in ${RELEASE_BRANCHES}; do
BRANCH_WITHOUT_PREFIX=${r#origin/}
git checkout ${BRANCH_WITHOUT_PREFIX}
git rebase master
git push --force ${remote_repo}
done