-
Notifications
You must be signed in to change notification settings - Fork 86
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: build-recommendation-object.yml workflow (#477)
Co-authored-by: Zach Trocinski <[email protected]>
- Loading branch information
Showing
1 changed file
with
32 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,62 +1,41 @@ | ||
| name: Nightly Recommendation Object Build | ||
| name: Update Recommendation Object on Pull Request | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: "0 0 * * *" | ||
| workflow_dispatch: {} | ||
| pull_request: | ||
| types: [opened, synchronize] | ||
| paths: | ||
| - 'azure-resources/**/*.yaml' | ||
| - 'azure-resources/**/*.kql' | ||
| - 'azure-specialized-workloads/**/*.yaml' | ||
| - 'azure-specialized-workloads/**/*.kql' | ||
| - 'azure-waf/**/*.yaml' | ||
| - 'azure-waf/**/*.kql' | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build: | ||
| update-json-object: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout repository | ||
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | ||
| with: | ||
| ref: main | ||
|
|
||
| - name: Configure Git | ||
| run: | | ||
| git config --global user.name 'github-actions[bot]' | ||
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | ||
| shell: bash | ||
|
|
||
| - name: Create and Switch to New Branch | ||
| run: | | ||
| git checkout -b json-object-update | ||
| shell: bash | ||
|
|
||
| - name: Run Recommendation Object Builder | ||
| run: | | ||
| pwsh .github/scripts/build-recommendation-object.ps1 | ||
| - name: Commit and push changes | ||
| run: | | ||
| git add ./tools/data/recommendations.json | ||
| git commit -m "Update recommendations.json" | ||
| git push --set-upstream origin json-object-update | ||
| - name: Create PR | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| gh pr create --title "chore: Update APRL JSON Object" --body "This PR updates the single JSON object for all APRL recommendations." --base main --head json-object-update | ||
| shell: bash | ||
|
|
||
| - name: Merge PR | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| pr_number=$(gh pr list --state open --limit 1 --json number --jq '.[0].number') | ||
| gh pr merge $pr_number --merge | ||
| shell: bash | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | ||
| with: | ||
| ref: ${{ github.head_ref }} | ||
|
|
||
| - name: Run Object Generation Script | ||
| run: | | ||
| pwsh .github/scripts/build-recommendation-object.ps1 | ||
| shell: pwsh | ||
|
|
||
| - name: Commit and push changes | ||
| run: | | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --global user.name "github-actions[bot]" | ||
| git add . | ||
| git commit -m "Update Recommendation Object during PR validation" | ||
| git push origin ${{ github.head_ref }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |