permify-node/.github/workflows/protos.yml at main · Permify/permify-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
name: Update Permify Proto Definitions

on:
  push:
    branches: [ "main" ]
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write

jobs:
  update-protos:
    name: Update Proto Definitions
    timeout-minutes: 10
    runs-on: ubuntu-latest

    steps:
       # Security hardening for GitHub Actions runner
       - name: Harden Runner
         uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
         with:
           egress-policy: audit

       # Checkout the current repository
       - name: Checkout Repository
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

       # Checkout only the proto directory from the Permify repository
       - name: Checkout Permify Proto Files
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           repository: Permify/permify
           ref: master
           sparse-checkout: proto
           path: permify-repo

       # Copy proto files into the local proto directory
       - name: Copy Proto Files
         run: |
           rm -rf proto
           cp -R permify-repo/proto/. proto/
           rm -rf permify-repo

       # Setup Node.js
       - name: Setup Node.js
         uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           cache-dependency-path: ./yarn.lock
           cache: "yarn"
           node-version: 20

       # Install dependencies (needed for ts-proto plugin)
       - name: Install Dependencies
         run: yarn install --frozen-lockfile --non-interactive

       # Setup Buf CLI
       - name: Setup Buf
         run: |
           BUF_VERSION="1.57.0"
           curl -sSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" -o "${RUNNER_TEMP}/buf"
           chmod +x "${RUNNER_TEMP}/buf"
           echo "${RUNNER_TEMP}" >> "${GITHUB_PATH}"

       # Generate TypeScript code from the downloaded proto files
       - name: Generate Code with Buf
         run: yarn buf:generate

       - name: Commit changes
         id: commitchanges
         run: |
           echo "commit changes"
           scripts/commit-changes.sh "proto-update/permify-latest"
         shell: bash

       # Push branch and open or update the PR only if there are changes
       - name: Push changes and open PR
         if: steps.commitchanges.outputs.changes_made == '1'
         env:
           GH_TOKEN: ${{ secrets.PAT_TOKEN }}
         run: |
           BRANCH_NAME="${{ steps.commitchanges.outputs.branch_name }}"
           PR_TITLE="chore(proto): update generated SDK with latest Permify definitions"
           PR_BODY="Automatically created PR with the latest generated SDK from Permify proto definitions."

           echo "${BRANCH_NAME}"
           git push --force "https://x-access-token:${{ secrets.PAT_TOKEN }}@github.com/${{ github.repository }}" "${BRANCH_NAME}"

           PR_NUMBER="$(gh pr list --head "${BRANCH_NAME}" --base main --state open --json number --jq '.[0].number')"

           if [ -n "${PR_NUMBER}" ]; then
             gh pr edit "${PR_NUMBER}" --title "${PR_TITLE}" --body "${PR_BODY}"
           else
             gh pr create --base main --head "${BRANCH_NAME}" --title "${PR_TITLE}" --body "${PR_BODY}" --label dependencies --label automated
           fi
         shell: bash