-
Notifications
You must be signed in to change notification settings - Fork 1
69 lines (62 loc) · 2.28 KB
/
create_repos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# See security consideration https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
---
name: Run create repos
on:
workflow_dispatch: null
pull_request_target:
paths:
- 'config/repos.yaml'
push:
paths:
- 'config/repos.yaml'
branches:
- main
jobs:
dry-run:
runs-on: ubuntu-latest
steps:
- name: Checkout trusted code from github.com/allianz/ospo
uses: actions/checkout@v4
- name: Download modified config file from forked repository
if: github.event_name == 'pull_request_target'
run: |
curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" \
-H "Accept: application/vnd.github.v3.raw" \
-o config/repos.yaml \
"https://api.github.com/repos/${{ github.event.pull_request.head.repo.full_name }}/contents/config/repos.yaml?ref=${{ github.event.pull_request.head.ref }}"
- name: Plan github organization changes
env:
GH_TOKEN: ${{secrets.TOKEN}}
run: |
scripts/create_repos.sh >> result.txt
cat result.txt
- name: Add dry-run plan to PR
uses: actions/github-script@v5
if: github.event_name == 'pull_request_target'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const fs = require('fs');
const outputFilePath = 'result.txt';
const fileContent = fs.readFileSync(outputFilePath, 'utf-8');
const prefix = 'An execution plan has been generated and is shown below.\n```\n';
const suffix = '\n```\nChanges will be applied after merge.';
const output = `${prefix}${fileContent}${suffix}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `${output}`,
});
apply:
needs: dry-run
environment: github.com
if: github.event_name != 'pull_request_target'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create repositories and teams
env:
GH_TOKEN: ${{secrets.TOKEN}}
run: scripts/create_repos.sh --apply