gh-actions-for-devops/.github/workflows/github-pr-branch-aggregation.yml at main · dceoy/gh-actions-for-devops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
---
name: Aggregation of open pull request branches
on:
  workflow_call:
    inputs:
      branch-prefix:
        required: false
        type: string
        description: Prefix of the branches to merge (e.g., dependabot/terraform/)
        default: null
      delete-merged-branch:
        required: false
        type: boolean
        description: Delete the merged branches
        default: false
      runs-on:
        required: false
        type: string
        description: Runner to use
        default: ubuntu-slim
    outputs:
      merged-pr-branches-json:
        description: JSON array of the merged branches
        value: ${{ jobs.branch-list.outputs.pr_branches_json }}
    secrets:
      GH_TOKEN:
        required: false
        description: GitHub token
permissions:
  contents: write
  pull-requests: read
defaults:
  run:
    shell: bash -euo pipefail {0}
    working-directory: .
jobs:
  branch-list:
    if: >
      github.event_name == 'pull_request'
    runs-on: ${{ inputs.runs-on }}
    env:
      BRANCH_PREFIX: ${{ inputs.branch-prefix }}
      HEAD_REF: ${{ github.head_ref }}
      GH_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}  # zizmor: ignore[secrets-outside-env] caller-provided secret
    outputs:
      pr_branches_json: ${{ steps.list-open-prs.outputs.pr_branches_json }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          fetch-depth: 1
          persist-credentials: false
      - name: List open pull request branches
        id: list-open-prs
        run: |
          gh pr list --state open --json headRefName \
            --jq ".[].headRefName | select(. | startswith(\"${BRANCH_PREFIX}\"))" \
            | tac \
            | jq -rRs "split(\"\\n\")[:-1] | .-[\"${HEAD_REF}\"] | \"pr_branches_json=\\(.)\"" \
            | tee -a "${GITHUB_OUTPUT}"
  branch-merge:
    if: >
      needs.branch-list.outputs.pr_branches_json != '[]'
    needs:
      - branch-list
    runs-on: ${{ inputs.runs-on }}
    env:
      BRANCHES_JSON: ${{ needs.branch-list.outputs.pr_branches_json }}
      HEAD_REF: ${{ github.head_ref }}
      GH_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}  # zizmor: ignore[secrets-outside-env] caller-provided secret
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: true
      - name: Fetch the remote branches
        run: |
          jq -r '.[]' <<< "${BRANCHES_JSON}" | xargs -t git fetch origin
      - name: Configure the Git user
        run: |
          git config --global user.name "${GITHUB_ACTOR}"
          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
      - name: Merge the branches
        run: |
          jq -r '.[]' <<< "${BRANCHES_JSON}" | xargs -I{} -t git merge --allow-unrelated-histories --no-edit origin/{}
      - name: Push the changes
        run: |
          git push origin "HEAD:${HEAD_REF}"
      - name: Delete the merged branches
        if: inputs.delete-merged-branch
        run: |
          jq -r '.[]' <<< "${BRANCHES_JSON}" | xargs -t git push origin --delete