Skip to content

updatecli

updatecli #143

Workflow file for this run

name: updatecli
on:
# Allow to be run manually
workflow_dispatch:
schedule:
# Run once per week (to avoid alert fatigue)
- cron: '0 2 * * 1' # Every monday at 2am UTC
push:
pull_request:
jobs:
updatecli:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v1.8
id: generate_token
if: github.ref == 'refs/heads/main'
with:
app_id: ${{ secrets.JENKINS_ADMIN_APP_ID }}
private_key: ${{ secrets.JENKINS_ADMIN_APP_PRIVKEY }}
- name: Setup updatecli
uses: updatecli/updatecli-action@8189f9f0e590d265fee517279fa4416eea5459ca # v2
- name: Diff
continue-on-error: true
run: updatecli diff --config ./updatecli/updatecli.d --values ./updatecli/values.github-action.yaml
env:
# Use the GITHUB_TOKEN for the "Updatecli Diff" step so it's executed in every PR with the PR author's identity (relying on tidbex is only possible on the upstream branches)
UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Apply
if: github.ref == 'refs/heads/main'
run: updatecli apply --config ./updatecli/updatecli.d --values ./updatecli/values.github-action.yaml
env:
# Use the Github "IAT" token relying on tidbex' step (assuming the identity of the GH application `jenkins-infra-bot`) only on the principal branch
UPDATECLI_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}