geekodour · August 9, 2019 03:59
diff --git a/sync_githubactions.sh b/sync_githubactions.sh
 #!/bin/bash

 # Setting -x is absolutely forbidden as it could leak the GitHub token.
 set -uo pipefail

 # GITHUB_TOKEN required scope: repo.repo_public

 # prombench related
 ghactions_dir="ghactions"
 org="testpromorg"

 # git related
 git_mail="[email protected]"
 git_user="prombot"
 branch="gh_actions_update"
 commit_msg="github: update .github/main.workflow with newer version"

 # github related
 git_mail="[email protected]"
 pr_title="Synchronize main.workflow from prometheus/prombench"
 pr_msg="Propagating changes from main.workflow in prometheus/prombench/$ghactions_dir/"

 makepr() {
  git config user.email "${git_mail}"
  git config user.name "${git_user}"
  git add .
  git commit -s -m "${commit_msg}"
  # stdout and stderr are redirected to /dev/null otherwise git-push could leak the token in the logs.
  if git push --quiet "https://${GITHUB_TOKEN}:@github.com/${org}/${repo}" --set-upstream "${branch}" 1>/dev/null 2>&1; then
    curl --show-error --silent \
    -u "${git_user}:${GITHUB_TOKEN}" \
    -X POST \
    -d "{\"title\":\"${pr_title}\",\"base\":\"master\",\"head\":\"${branch}\",\"body\":\"${pr_msg}${repo}\"}" \
    "https://api.github.com/repos/${org}/${repo}/pulls" && echo "PR created for ${org}/${repo}"
  else
    echo "could not push to github"
  fi
 }

 GITHUB_TOKEN="${GITHUB_TOKEN:-}"
 if [ -z "${GITHUB_TOKEN}" ]; then
 	echo -e "\e[31mGitHub token (GITHUB_TOKEN) not set. Terminating.\e[0m"
 	exit 1
 fi

 ROOT_DIR=$(pwd)/$(git rev-parse --show-cdup)
 cd "$ROOT_DIR/$ghactions_dir" || exit 1

 for repo in * ; do
  if [ -f "$repo" ]; then
    echo -e "\e[31m$(pwd) must only contain directories. Terminating.\e[0m"
    exit 1
  fi

  printf "\nSynchronizing for ${org}/${repo}\n"

  tmp_dir=$(mktemp -d)

  source_mainworkflow="$(pwd)/$repo/main.workflow"
  source_checksum=$(sha256sum "$source_mainworkflow" | cut -d' ' -f1)

  target_mainworkflow=$(curl -s --fail "https://raw.githubusercontent.com/${org}/${repo}/master/.github/main.workflow")

  target_checksum=$(echo "${target_mainworkflow}" | sha256sum | cut -d' ' -f1)
  if [ "${source_checksum}" == "${target_checksum}" ]; then
  	echo "main.workflow is already in sync for $repo."
  	continue
  fi

  git clone --quiet "https://github.com/${org}/${repo}.git" "${tmp_dir}/${repo}"
  pushd "${tmp_dir}/${repo}" || exit 1

  git checkout -b "${branch}"
  mkdir -p .github
  cp -f "${source_mainworkflow}" .github/main.workflow
  if [ -n "$(git status --porcelain)" ]; then
    makepr
  fi

  popd || exit 1
  rm -rf "$tmp_dir"

 done
	#!/bin/bash

	# Setting -x is absolutely forbidden as it could leak the GitHub token.
	set -uo pipefail

	# GITHUB_TOKEN required scope: repo.repo_public

	# prombench related
	ghactions_dir="ghactions"
	org="testpromorg"

	# git related
	git_mail="[email protected]"
	git_user="prombot"
	branch="gh_actions_update"
	commit_msg="github: update .github/main.workflow with newer version"

	# github related
	git_mail="[email protected]"
	pr_title="Synchronize main.workflow from prometheus/prombench"
	pr_msg="Propagating changes from main.workflow in prometheus/prombench/$ghactions_dir/"

	makepr() {
	git config user.email "${git_mail}"
	git config user.name "${git_user}"
	git add .
	git commit -s -m "${commit_msg}"
	# stdout and stderr are redirected to /dev/null otherwise git-push could leak the token in the logs.
	if git push --quiet "https://${GITHUB_TOKEN}:@github.com/${org}/${repo}" --set-upstream "${branch}" 1>/dev/null 2>&1; then
	curl --show-error --silent \
	-u "${git_user}:${GITHUB_TOKEN}" \
	-X POST \
	-d "{\"title\":\"${pr_title}\",\"base\":\"master\",\"head\":\"${branch}\",\"body\":\"${pr_msg}${repo}\"}" \
	"https://api.github.com/repos/${org}/${repo}/pulls" && echo "PR created for ${org}/${repo}"
	else
	echo "could not push to github"
	fi
	}

	GITHUB_TOKEN="${GITHUB_TOKEN:-}"
	if [ -z "${GITHUB_TOKEN}" ]; then
	echo -e "\e[31mGitHub token (GITHUB_TOKEN) not set. Terminating.\e[0m"
	exit 1
	fi

	ROOT_DIR=$(pwd)/$(git rev-parse --show-cdup)
	cd "$ROOT_DIR/$ghactions_dir" \|\| exit 1

	for repo in * ; do
	if [ -f "$repo" ]; then
	echo -e "\e[31m$(pwd) must only contain directories. Terminating.\e[0m"
	exit 1
	fi

	printf "\nSynchronizing for ${org}/${repo}\n"

	tmp_dir=$(mktemp -d)

	source_mainworkflow="$(pwd)/$repo/main.workflow"
	source_checksum=$(sha256sum "$source_mainworkflow" \| cut -d' ' -f1)

	target_mainworkflow=$(curl -s --fail "https://raw.githubusercontent.com/${org}/${repo}/master/.github/main.workflow")

	target_checksum=$(echo "${target_mainworkflow}" \| sha256sum \| cut -d' ' -f1)
	if [ "${source_checksum}" == "${target_checksum}" ]; then
	echo "main.workflow is already in sync for $repo."
	continue
	fi

	git clone --quiet "https://github.com/${org}/${repo}.git" "${tmp_dir}/${repo}"
	pushd "${tmp_dir}/${repo}" \|\| exit 1

	git checkout -b "${branch}"
	mkdir -p .github
	cp -f "${source_mainworkflow}" .github/main.workflow
	if [ -n "$(git status --porcelain)" ]; then
	makepr
	fi

	popd \|\| exit 1
	rm -rf "$tmp_dir"

	done