Merge pull request #402 from Permify/chore/use-checkout-for-permify-p… #197
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Permify Proto Definitions | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update-protos: | |
| name: Update Proto Definitions | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Security hardening for GitHub Actions runner | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 | |
| with: | |
| egress-policy: audit | |
| # Checkout the current repository | |
| - name: Checkout Repository | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| # Checkout only the proto directory from the Permify repository | |
| - name: Checkout Permify Proto Files | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| repository: Permify/permify | |
| ref: master | |
| sparse-checkout: proto | |
| path: permify-repo | |
| # Copy proto files into the local proto directory | |
| - name: Copy Proto Files | |
| run: | | |
| rm -rf proto | |
| cp -R permify-repo/proto/. proto/ | |
| rm -rf permify-repo | |
| # Setup Node.js | |
| - name: Setup Node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache-dependency-path: ./yarn.lock | |
| cache: "yarn" | |
| node-version: 20 | |
| # Install dependencies (needed for ts-proto plugin) | |
| - name: Install Dependencies | |
| run: yarn install --frozen-lockfile --non-interactive | |
| # Setup Buf CLI | |
| - name: Setup Buf | |
| run: | | |
| BUF_VERSION="1.57.0" | |
| curl -sSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" -o "${RUNNER_TEMP}/buf" | |
| chmod +x "${RUNNER_TEMP}/buf" | |
| echo "${RUNNER_TEMP}" >> "${GITHUB_PATH}" | |
| # Generate TypeScript code from the downloaded proto files | |
| - name: Generate Code with Buf | |
| run: yarn buf:generate | |
| - name: Commit changes | |
| id: commitchanges | |
| run: | | |
| echo "commit changes" | |
| scripts/commit-changes.sh "proto-update/permify-latest" | |
| shell: bash | |
| # Push branch and open or update the PR only if there are changes | |
| - name: Push changes and open PR | |
| if: steps.commitchanges.outputs.changes_made == '1' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| BRANCH_NAME="${{ steps.commitchanges.outputs.branch_name }}" | |
| PR_TITLE="chore(proto): update generated SDK with latest Permify definitions" | |
| PR_BODY="Automatically created PR with the latest generated SDK from Permify proto definitions." | |
| echo "${BRANCH_NAME}" | |
| git push "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}" "${BRANCH_NAME}" | |
| PR_NUMBER="$(gh pr list --head "${BRANCH_NAME}" --base main --state open --json number --jq '.[0].number')" | |
| if [ -n "${PR_NUMBER}" ]; then | |
| gh pr edit "${PR_NUMBER}" --title "${PR_TITLE}" --body "${PR_BODY}" | |
| else | |
| gh pr create --base main --head "${BRANCH_NAME}" --title "${PR_TITLE}" --body "${PR_BODY}" --label dependencies --label automated | |
| fi | |
| shell: bash |