Repository Sync #927
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Repository Sync | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| repositories: | |
| description: 'Override the target repositories, use a comma separated list. Leave as All to run on all repositories.' | |
| default: 'All' | |
| type: string | |
| first_run: | |
| description: 'Whether to run in first run mode' | |
| default: false | |
| type: boolean | |
| plan_only: | |
| description: 'Whether to only plan the changes' | |
| default: true | |
| type: boolean | |
| schedule: | |
| - cron: '0 0,4,8,12,16,20 * * *' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| run-sync: | |
| name: Run Sync | |
| runs-on: ubuntu-latest | |
| environment: avm-updates | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: latest | |
| terraform_wrapper: false | |
| - name: Download CSV Files | |
| run: | | |
| ./scripts/Invoke-AvmRepoCsvDownload.ps1 | |
| shell: pwsh | |
| - name: Create GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1.11.0 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Sync Repositories | |
| run: | | |
| $triggerType = "${{ github.event_name }}" | |
| $repositories = "All" | |
| $firstRun = $false | |
| $planOnly = $false | |
| if($triggerType -eq "workflow_dispatch") { | |
| $repositories = "${{ inputs.repositories }}" | |
| $firstRun = "${{ inputs.first_run }}".ToLower() -eq "true" | |
| $planOnly = "${{ inputs.plan_only }}".ToLower() -eq "true" | |
| } | |
| Write-Output "Token: $env:GH_TOKEN" | |
| Write-Output "Repositories: $repositories" | |
| Write-Output "First Run: $firstRun" | |
| Write-Output "Plan Only: $planOnly" | |
| if($repositories -eq "All") { | |
| $repositories = @() | |
| } else { | |
| $repositories = $repositories -split ',' | |
| } | |
| Write-Host "Authenticating gh cli" | |
| gh auth login -h "GitHub.com" | |
| Write-Host "Running repo sync" | |
| ./scripts/Invoke-RepoSync.ps1 ` | |
| -repoFilter $repositories ` | |
| -firstRun $firstRun ` | |
| -planOnly $planOnly ` | |
| -stateStorageAccountName "${{ secrets.STORAGE_ACCOUNT_NAME }}" ` | |
| -stateResourceGroupName "${{ secrets.STORAGE_ACCOUNT_RESOURCE_GROUP_NAME }}" ` | |
| -stateContainerName "${{ secrets.STORAGE_ACCOUNT_CONTAINER_NAME }}" ` | |
| -targetSubscriptionId "${{ secrets.TARGET_SUBSCRIPTION_ID }}" ` | |
| -identityResourceGroupName "${{ secrets.IDENTITY_RESOURCE_GROUP_NAME }}" ` | |
| shell: pwsh | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_USE_AZUREAD: true | |
| ARM_USE_OIDC: true | |
| - name: Upload Issue Logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: issue.log | |
| path: issue.log | |
| - name: Upload Issue Logs Json | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: issue.log.json | |
| path: issue.log.json |