feat: security budget request (#205) #873
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ipfs uploader | |
# Uploads all changed md files to ipfs once merged to main | |
# Comments the pr | |
concurrency: | |
group: ${{ github.workflow }} | |
# cancel-in-progress: true | |
on: | |
workflow_dispatch: | |
inputs: | |
myCommit: | |
description: "Commit SHA1" | |
required: true | |
default: "undefined" | |
type: string | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
ipfs-upload: | |
runs-on: ubuntu-latest | |
name: Ipfs uploader | |
steps: | |
- name: Generate a token | |
id: generate_token | |
if: github.event_name != 'pull_request' | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ secrets.UPDATE_BOT_APP_ID }} | |
private-key: ${{ secrets.UPDATE_BOT_TOKEN }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ steps.generate_token.outputs.token || github.token }} | |
ref: ${{ inputs.myCommit }} | |
persist-credentials: true | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
registry-url: "https://registry.npmjs.org" | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Get all changed *.md file(s) | |
id: changed-files | |
uses: tj-actions/changed-files@f569b77fb1d9ad9f1a125757d7e9e07b1f320199 | |
with: | |
json: true | |
write_output_files: true | |
files: | | |
src/**/*.md | |
- name: Run step if any *.md file(s) change | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
cat .github/outputs/all_changed_files.json | |
- name: replace main with hash | |
if: github.event_name != 'pull_request' && steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
json_array=($(jq -r '.[]' ".github/outputs/all_changed_files.json")) | |
for i in "${json_array[@]}" | |
do | |
npx prettier $i --write | |
sed -i 's@https://github.com/bgd-labs/aave-proposals-v3/blob/main/@https://github.com/bgd-labs/aave-proposals-v3/blob/${{ github.sha }}/@g' $i | |
sed -i 's@https://github.com/bgd-labs/aave-proposals-v3/tree/main/@https://github.com/bgd-labs/aave-proposals-v3/blob/${{ github.sha }}/@g' $i | |
done | |
- name: Upload | |
if: steps.changed-files.outputs.any_changed == 'true' | |
env: | |
PINATA_KEY: ${{ secrets.PINATA_KEY }} | |
PINATA_SECRET: ${{ secrets.PINATA_SECRET }} | |
run: | | |
json_array=($(jq -r '.[]' ".github/outputs/all_changed_files.json")) | |
for i in "${json_array[@]}" | |
do | |
npx aave-cli ipfs ${{ github.event_name != 'pull_request' && '-u' || ''}} $i | |
done | |
- name: check diff and potentially commit | |
if: github.event_name != 'pull_request' && steps.changed-files.outputs.any_changed == 'true' | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
if [[ -z $(git status -s) ]] | |
then | |
echo "tree is clean" | |
else | |
git config --global user.name 'Cache bot' | |
git config --global user.email '[email protected]' | |
git config --global pull.rebase true | |
git stash | |
git checkout ${{ github.event.repository.default_branch }} | |
git pull origin ${{ github.event.repository.default_branch }} | |
git stash apply | |
git add src | |
git commit -am "fix(cache): automated cache update [skip ci]" | |
git push origin ${{ github.event.repository.default_branch }} | |
exit | |
fi |