Skip to content
.github/workflows/sync-workflow-templates.yml

fixup! ci(actions): Adjust permissions πŸ™ˆ #9

Sign in to view logs

fixup! ci(actions): Adjust permissions πŸ™ˆ

fixup! ci(actions): Adjust permissions πŸ™ˆ #9

Workflow file for this run

.github/workflows/sync-workflow-templates.yml at 9aaf32e
# This workflow will update all workflow templates

Check failure on line 1 in .github/workflows/sync-workflow-templates.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/sync-workflow-templates.yml

Invalid workflow file 

(Line: 32, Col: 7): Unexpected value 'workflows'
#
# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Update workflows
on:
workflow_dispatch:
schedule:
- cron: "5 2 * * 0"
permissions:
contents: read
jobs:
dispatch:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
branches:
- ${{ github.event.repository.default_branch }}
- 'stable32'
- 'stable31'
name: Update workflows in ${{ matrix.branches }}
permissions:
contents: write
pull-requests: write
workflows: write
steps:
- name: Check actor permission
uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
with:
require: admin
- name: Checkout workflow repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
path: source
repository: nextcloud/.github
- name: Checkout app
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: true
path: target
ref: ${{ matrix.branches }}
- name: Copy all workflow templates
run: |
for workflow in ./source/workflow-templates/*.yml; do
echo "❓ Looking for $workflow"
if [ -f "$workflow" ]; then
filename=$(basename "$workflow")
target_file="./target/.github/workflows/$filename"
# Only copy if the file exists in the target repository
if [ -f "$target_file" ]; then
if [ -f "./target/.github/actions-lock.txt" ]; then
locked_version=$(grep " $filename" ./target/.github/actions-lock.txt | cat)
else
echo "# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors" >> ./target/.github/actions-lock.txt
echo "# SPDX-License""-Identifier: MIT" >> ./target/.github/actions-lock.txt
locked_version=""
fi
locked_version=$(echo $locked_version | cut -f 1 -d " ")
new_version=$(md5sum $workflow | cut -f 1 -d " ")
# Only update if the action changes
if [[ "$locked_version" != "$new_version" ]]; then
echo "ℹ️ Locked version: $locked_version"
echo "ℹ️ Current version: $new_version"
echo "πŸ†™ Updating existing workflow: $filename"
cp "$workflow" "$target_file"
# Apply patch if one exists
if [ -f "$target_file.patch" ]; then
echo "🩹 Applying patch"
cd ./target
patch -p1 < ".github/workflows/$filename.patch"
cd -
fi
if [[ "$locked_version" != "" ]]; then
sed -i "s/$locked_version $filename/$new_version $filename/" ./target/.github/actions-lock.txt
else
echo "$new_version $filename" >> ./target/.github/actions-lock.txt
fi
else
echo "βœ… Skipping $filename: already up to date"
fi
else
echo "⏭️ Skipping $filename: does not exist in target repository"
fi
fi
done
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
commit-message: 'ci(actions): Update workflow templates from organization template repository'
committer: GitHub <[email protected]>
author: nextcloud-command <[email protected]>
path: target
signoff: true
branch: 'automated/noid/${{ matrix.branches }}-update-workflows'
title: '[${{ matrix.branches }}] ci(actions): Update workflow templates from organization template repository'
body: |
Automated update of all workflow templates from [nextcloud/.github](https://github.com/nextcloud/.github)
labels: |
dependencies
3. to review