Merge pull request #22 from aquaproj/feat/add-reusable-workflow-2

feat: add a reusable workflow
aquaproj · Feb 3, 2023 · d0f60c5 · d0f60c5
2 parents 4bb09f3 + 5248832
commit d0f60c5
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 0 deletions.
diff --git a/.github/workflows/update-checksum.yaml b/.github/workflows/update-checksum.yaml
@@ -0,0 +1,56 @@
+---
+name: test
+
+on:
+  workflow_call:
+    inputs:
+      aqua_policy_config:
+        required: false
+        type: string
+      aqua_version:
+        required: true
+        type: string
+    secrets:
+      gh_app_id:
+        required: false
+      gh_app_private_key:
+        required: false
+
+env:
+  AQUA_POLICY_CONFIG: ${{inputs.aqua_policy_config}}
+  AQUA_LOG_COLOR: always
+
+permissions: {}
+
+jobs:
+  update-aqua-checksums:
+    # Update aqua-checksums.json and push a commit
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # To checkout private repository
+    steps:
+      - name: Checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+      - name: Generate token
+        id: generate_token
+        if: "! github.event.pull_request.head.repo.fork"
+        uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
+        with:
+          app_id: ${{secrets.gh_app_id}}
+          private_key: ${{secrets.gh_app_private_key}}
+      - uses: aquaproj/aqua-installer@61e2563dfe7674cbf74fe6ec212e444198a3bb00 # v2.0.2
+        # Install ghcp
+        with:
+          aqua_version: ${{inputs.aqua_version}}
+        env:
+          AQUA_GITHUB_TOKEN: ${{github.token}}
+      - uses: aquaproj/update-checksum-action@4bb09f359f2ecdb20aa9bc61684f5f9d185be909 # v0.1.4
+        with:
+          prune: true
+          skip_push: ${{github.event.pull_request.head.repo.fork}}
+        env:
+          # To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
+          # github.token doesn't trigger GitHub Actions Workflow.
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
+          # > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
+          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
diff --git a/README.md b/README.md
@@ -34,6 +34,33 @@ $ aqua g -i int128/ghcp
 
 Nothing.
 
+## Reusable Workflow
+
+[Workflow](.github/workflows/update-checksum.yaml)
+
+### Eample
+
+```yaml
+name: update-aqua-checksum
+on:
+  pull_request:
+    paths:
+      - aqua.yaml
+      - aqua-checksums.json
+jobs:
+  update-aqua-checksums:
+    needs: path-filter
+    uses: aquaproj/update-checksum-action/.github/workflows/update-checksum.yaml@main
+    permissions:
+      contents: read
+    with:
+      aqua_policy_config: aqua-policy.yaml
+      aqua_version: v1.32.3
+    secrets:
+      gh_app_id: ${{secrets.APP_ID}}
+      gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}}
+```
+
 ## LICENSE
 
 [MIT](LICENSE)