github-workflow-library/.github/workflows/on-dispatch-event.yml at master · code42/github-workflow-library · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: on-dispatch-event
on:
  workflow_call:
    inputs:
      ami-type:
        required: true
        type: string
    secrets:
      vaultURL:
        required: true
      prodRoleId:
        required: true
      prodSecretId:
        required: true

jobs:
  on-dispatch-event:
    runs-on: self-hosted

    steps:
      - name: Checkout
        uses: actions/checkout@v3.1.0

      # use Vault to get GH token
      - name: Import Secrets
        id: secrets
        uses: hashicorp/vault-action@v2.4.1
        with:
          url: ${{ secrets.vaultURL }}
          method: approle
          roleId: ${{ secrets.prodRoleId }}
          secretId: ${{ secrets.prodSecretId }}
          secrets: |
              /github/token token | GITHUB_TOKEN

      # Use sed to add a pound sign to the first line of packer HCL file
      # because no empty commits are allowed.
      - name: edit packer HCL if repo dispatch
        run: |
          sed '1 s/$/\#/' packer-${{ inputs.ami-type }}.pkr.hcl > tmp.pkr.hcl;
          mv tmp.pkr.hcl packer-${{ inputs.ami-type }}.pkr.hcl

      # This should create a push event that will trigger a new AMI build
      - name: pr if repo dispatch triggered by packer-shared release
        if: github.event.client_payload.packer-shared-version != ''
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
          author: vault-integration-for-github[bot] <empower-rangers@code42.com>
          commit-message: "Automated change triggered by packer-shared ${{ github.event.client_payload.packer-shared-version }} release"
          branch-suffix: random
          delete-branch: true
          base: master

      # This should create a push event that will trigger a new AMI build
      - name: pr if repo dispatch triggered by ansible-shared release
        if: github.event.client_payload.ansible-shared-version != ''
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
          author: vault-integration-for-github[bot] <empower-rangers@code42.com>
          commit-message: "Automated change triggered by ansible-shared ${{ github.event.client_payload.ansible-shared-version }} release"
          branch-suffix: random
          delete-branch: true
          base: master

      # This should create a push event that will trigger a new AMI build for rocket amis
      - name: pr if repo dispatch triggered by hashi-release-event
        if: >-
          github.event.client_payload.vault != '' ||
          github.event.client_payload.consul != '' && inputs.ami-type != 'vault' ||
          github.event.client_payload.nomad != '' && inputs.ami-type == 'nomad'
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ steps.secrets.outputs.GITHUB_TOKEN }}
          author: vault-integration-for-github[bot] <empower-rangers@code42.com>
          commit-message: "Automated change triggered by Hashicorp release event: ${{ toJson(github.event.client_payload) }}"
          branch-suffix: random
          delete-branch: true
          base: master