2020 copy_edd_scripts : ${{ steps.check-script-existence.outputs.copy_edd_scripts }}
2121
2222 steps :
23- - name : Log in to Azure
24- uses : bitwarden/gh-actions/azure-login@main
25- with :
26- subscription_id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
27- tenant_id : ${{ secrets.AZURE_TENANT_ID }}
28- client_id : ${{ secrets.AZURE_CLIENT_ID }}
29-
30- - name : Retrieve secrets
31- id : retrieve-secrets
32- uses : bitwarden/gh-actions/get-keyvault-secrets@main
33- with :
34- keyvault : " bitwarden-ci"
35- secrets : " github-pat-bitwarden-devops-bot-repo-scope"
36-
37- - name : Log out from Azure
38- uses : bitwarden/gh-actions/azure-logout@main
39-
4023 - name : Check out branch
4124 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4225 with :
43- token : ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
4426 persist-credentials : false
4527
4628 - name : Get script prefix
@@ -64,14 +46,46 @@ jobs:
6446 contents : write
6547 pull-requests : write
6648 id-token : write
67- actions : read
6849 if : ${{ needs.setup.outputs.copy_edd_scripts == 'true' }}
6950 steps :
51+ - name : Log in to Azure
52+ uses : bitwarden/gh-actions/azure-login@main
53+ with :
54+ subscription_id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
55+ tenant_id : ${{ secrets.AZURE_TENANT_ID }}
56+ client_id : ${{ secrets.AZURE_CLIENT_ID }}
57+
58+ - name : Retrieve Slack secrets
59+ id : retrieve-slack
60+ uses : bitwarden/gh-actions/get-keyvault-secrets@main
61+ with :
62+ keyvault : " bitwarden-ci"
63+ secrets : " devops-alerts-slack-webhook-url"
64+
65+ - name : Retrieve secrets
66+ id : retrieve-secret
67+ uses : bitwarden/gh-actions/get-keyvault-secrets@main
68+ with :
69+ keyvault : gh-org-bitwarden
70+ secrets : " BW-GHAPP-ID,BW-GHAPP-KEY"
71+
72+ - name : Log out from Azure
73+ uses : bitwarden/gh-actions/azure-logout@main
74+
75+ - name : Generate GH App token
76+ uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
77+ id : app-token
78+ with :
79+ app-id : ${{ steps.retrieve-secret.outputs.BW-GHAPP-ID }}
80+ private-key : ${{ steps.retrieve-secret.outputs.BW-GHAPP-KEY }}
81+ owner : ${{ github.repository_owner }}
82+
7083 - name : Check out repo
7184 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7285 with :
7386 fetch-depth : 0
7487 persist-credentials : true
88+ token : ${{ steps.app-token.outputs.token }}
7589
7690 - name : Generate branch name
7791 id : branch_name
8296 - name : " Create branch"
8397 env :
8498 BRANCH : ${{ steps.branch_name.outputs.branch_name }}
85- run : git switch -c "$BRANCH"
99+ run : |
100+ git switch -c "$BRANCH"
101+ git push -u origin "$BRANCH"
86102
87103name : Move scripts and finalization database schema
88104 id : move-files
@@ -134,58 +150,32 @@ jobs:
134150 done
135151
136152 echo "moved_files=$moved_files" >> "$GITHUB_OUTPUT"
137-
138- name : Log in to Azure
139- uses : bitwarden/gh-actions/azure-login@main
140- with :
141- subscription_id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
142- tenant_id : ${{ secrets.AZURE_TENANT_ID }}
143- client_id : ${{ secrets.AZURE_CLIENT_ID }}
144-
145- - name : Retrieve secrets
146- id : retrieve-secrets
147- uses : bitwarden/gh-actions/get-keyvault-secrets@main
148- with :
149- keyvault : " bitwarden-ci"
150- secrets : " github-gpg-private-key,
151- github-gpg-private-key-passphrase,
152- devops-alerts-slack-webhook-url"
153-
154- - name : Log out from Azure
155- uses : bitwarden/gh-actions/azure-logout@main
156-
157- - name : Import GPG keys
158- uses : crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
159- with :
160- gpg_private_key : ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
161- passphrase : ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
162- git_user_signingkey : true
163- git_commit_gpgsign : true
164-
165- - name : Commit and push changes
153+
154+ - name : Check for changes
166155 id : commit
167- env :
168- BRANCH_NAME : ${{ steps.branch_name.outputs.branch_name }}
169156 run : |
170- git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
171- git config --local user.name "bitwarden-devops-bot"
172157 if [ -n "$(git status --porcelain)" ]; then
173- git add .
174- git commit -m "Move EDD database scripts" -a
175- git push -u origin "${BRANCH_NAME}"
176158 echo "pr_needed=true" >> "$GITHUB_OUTPUT"
177159 else
178- echo "No changes to commit!";
179160 echo "pr_needed=false" >> "$GITHUB_OUTPUT"
180- echo "### :mega: No changes to commit! PR was ommited." >> "$GITHUB_STEP_SUMMARY"
161+ echo "No changes to commit!"
162+ echo "### :mega: No changes to commit! PR was omitted." >> "$GITHUB_STEP_SUMMARY"
181163 fi
182164
165+ name : Commit and push changes
166+ if : ${{ steps.commit.outputs.pr_needed == 'true' }}
167+ uses : bitwarden/gh-actions/api-commit@main
168+ with :
169+ token : ${{ steps.app-token.outputs.token }}
170+ branch : ${{ steps.branch_name.outputs.branch_name }}
171+ message : " Move EDD database scripts"
172+
183173 - name : Create PR for ${{ steps.branch_name.outputs.branch_name }}
184174 if : ${{ steps.commit.outputs.pr_needed == 'true' }}
185175 id : create-pr
186176 env :
187177 BRANCH : ${{ steps.branch_name.outputs.branch_name }}
188- GH_TOKEN : ${{ github .token }}
178+ GH_TOKEN : ${{ steps.app-token.outputs .token }}
189179 MOVED_FILES : ${{ steps.move-files.outputs.moved_files }}
190180 TITLE : " Move EDD database scripts"
191181 run : |
@@ -205,7 +195,7 @@ jobs:
205195 if : ${{ steps.commit.outputs.pr_needed == 'true' }}
206196 uses : act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
207197 env :
208- SLACK_WEBHOOK_URL : ${{ steps.retrieve-secrets .outputs.devops-alerts-slack-webhook-url }}
198+ SLACK_WEBHOOK_URL : ${{ steps.retrieve-slack .outputs.devops-alerts-slack-webhook-url }}
209199 with :
210200 message : " Created PR for moving EDD database scripts: ${{ steps.create-pr.outputs.pr_url }}"
211201 status : ${{ job.status }}
0 commit comments