Sync Envoy #4177
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sync Envoy | |
permissions: | |
contents: read | |
on: | |
workflow_dispatch: | |
inputs: | |
commit_sha: | |
type: string | |
required: true | |
concurrency: | |
group: SYNC | |
jobs: | |
sync: | |
runs-on: ubuntu-22.04 | |
if: | | |
${{ | |
!contains(github.actor, '[bot]') | |
|| github.actor == 'sync-envoy[bot]' | |
}} | |
steps: | |
- id: appauth | |
uses: envoyproxy/toolshed/gh-actions/appauth@8a8f4f64d8bccc99427740197479c0a5353ca8de # actions-v0.0.18 | |
with: | |
key: ${{ secrets.ENVOY_CI_UPDATE_BOT_KEY }} | |
app_id: ${{ secrets.ENVOY_CI_UPDATE_APP_ID }} | |
# Checkout the repo | |
- name: 'Checkout Repository (envoy-website)' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: main | |
token: ${{ steps.appauth.outputs.token }} | |
path: envoy-website | |
- run: | | |
envoy_version="$(awk '/"envoy"/ { in_block=1 } in_block && /"version"/ { gsub(/[",]/, "", $2); print $2; in_block=0 }' envoy-website/versions.bzl)" | |
echo "envoy_version=${envoy_version}" >> "$GITHUB_OUTPUT" | |
id: current | |
name: Get current Envoy version | |
# Checkout the Envoy repo | |
- name: 'Checkout Repository (envoy)' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: envoyproxy/envoy | |
ref: main | |
path: envoy | |
fetch-depth: 0 | |
- run: | | |
if [[ "${{ inputs.commit_sha }}" == "${{ steps.current.outputs.envoy_version }}" ]]; then | |
echo "Envoy is already up-to-date (${{ inputs.commit_sha }})" >&2 | |
exit 0 | |
fi | |
if ! git merge-base --is-ancestor "${{ inputs.commit_sha }}" HEAD; then | |
echo "Provided Envoy sha (${{ inputs.commit_sha }}) is not an ancestor of main" >&2 | |
exit 1 | |
fi | |
git checkout "${{ inputs.commit_sha }}" | |
if ! git merge-base --is-ancestor "${{ steps.current.outputs.envoy_version }}" HEAD; then | |
echo "Provided Envoy sha (${{ inputs.commit_sha }}) is not newer than " \ | |
"the current sha (${{ steps.current.outputs.envoy_version }})" >&2 | |
exit 0 | |
fi | |
echo "should_update=true" >> "$GITHUB_OUTPUT" | |
id: state | |
working-directory: envoy | |
name: Check provided Envoy version | |
- run: ./sync_envoy.sh | |
if: ${{ steps.state.outputs.should_update == 'true' }} | |
working-directory: envoy-website | |
env: | |
ENVOY_SRC_DIR: ../envoy | |
COMMITTER_NAME: "update-envoy[bot]" | |
COMMITTER_EMAIL: "135279899+update-envoy[bot]@users.noreply.github.com" |