TypeScript-wiki/.github/workflows/sync.yml at main · microsoft/TypeScript-wiki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Roughly based on
#   https://www.growingwiththeweb.com/2016/07/enabling-pull-requests-on-github-wikis.html

name: Sync Two Wiki Repos

on:
  push: {branches: [main]}
  schedule: [{cron: "7 0 * * 1,3"}] # https://crontab.guru/#7_0_*_*_1,3
  workflow_dispatch:                # on request

permissions:
  contents: read
  id-token: write

jobs:
  sync:
    runs-on: ubuntu-latest
    environment:
      name: azure
      deployment: false
    steps:
    - name: Get repo name
      run: R=${GITHUB_REPOSITORY%?wiki}; echo "BASENAME=${R##*/}" >> $GITHUB_ENV
    - name: Checkout ${{ env.BASENAME }}-wiki
      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      with:
        repository: "${{ github.repository_owner }}/${{ env.BASENAME }}-wiki"
        fetch-depth: 0
        persist-credentials: false
    - uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0
      with:
        client-id: ${{ vars.AZURE_CLIENT_ID }}
        tenant-id: ${{ vars.AZURE_TENANT_ID }}
        subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
    - name: Create GitHub App token
      id: app-token
      uses: microsoft/create-github-app-token-via-key-vault@5ba0d436e9c3cac52feff4d1f2f66f9698ce4a2d # v1
      with:
        client-id: ${{ vars.TYPESCRIPT_AUTOMATION_GITHUB_APP_CLIENT_ID }}
        key-id: ${{ vars.TYPESCRIPT_AUTOMATION_GITHUB_APP_KEY_ID }}
        owner: ${{ github.repository_owner }}
        repositories: |
          ${{ env.BASENAME }}
          ${{ env.BASENAME }}-wiki
        permission-contents: write
    - name: Configure git for GitHub App token
      shell: bash
      env:
        GITHUB_APP_TOKEN: ${{ steps.app-token.outputs.token }}
      run: |
        set -euo pipefail
        basic_auth="$(node -e 'process.stdout.write(Buffer.from("x-access-token:" + process.env.GITHUB_APP_TOKEN).toString("base64"))')"
        echo "::add-mask::$basic_auth"
        git config --local http.https://github.com/.extraheader "AUTHORIZATION: basic ${basic_auth}"
    - name: Run sync
      run: ./.github/workflows/sync
      env:
        PUSHER: typescript-automation[bot] <290192711+typescript-automation[bot]@users.noreply.github.com>
        AUTH: ${{ steps.app-token.outputs.token }}