Update site-policy-sync.yml (#22399)

pcihon · khxu · web-flow · commit 542eea419089 · 2021-11-04T20:11:41.000Z
* Update site-policy-sync.yml

* Update site-policy-sync.yml

Added permissions. Tested successfully on the private repo

* Update allowed-actions.js

Removing now extraneous action from permissions

* run prettier to remove trailing whitespaces

Co-authored-by: Kevin Xu &lt;khxu@github.com&gt;
diff --git a/.github/allowed-actions.js b/.github/allowed-actions.js
@@ -13,7 +13,6 @@ export default [
   'alex-page/github-project-automation-plus@bb266ff4dde9242060e2d5418e120a133586d488', // v0.8.1
   'andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90', // v1.0.4
   'crowdin/github-action@d7f217268068f1244883a993379d62d816f84f25', // v1.4.0
-  'crykn/copy_folder_to_another_repo_action@0282e8b9fef06de92ddcae9fe6cb44df6226646c',
   'cschleiden/actions-linter@caffd707beda4fc6083926a3dff48444bc7c24aa', // uses github-actions-parser v0.23.0
   'dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911', // v3.0.2
   'dawidd6/action-download-artifact@af92a8455a59214b7b932932f2662fdefbd78126', // v2.15.0
diff --git a/.github/workflows/site-policy-sync.yml b/.github/workflows/site-policy-sync.yml
@@ -2,7 +2,7 @@ name: Site policy sync
 
 # **What it does**: Updates our site-policy repo when changes happen to site policy docs.
 # **Why we have it**: We want keep site-policy repo up to date.
-# **Who does it impact**: Site-policy team.
+# **Who does it impact**: site-policy-admins and Developer Policy teams.
 
 # Controls when the action will run.
 on:
@@ -14,40 +14,67 @@ on:
       - closed
     paths:
       - 'content/github/site-policy/**'
-
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
-  copy-file:
+  sync:
+    name: Get the latest docs
     if: >-
       github.event.pull_request.merged == true &&
       github.repository == 'github/docs-internal'
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@1e204e9a9253d643386038d443f96446fa156a97
-      # Sets commit message
-      - name: custom message
+      - name: checkout docs-internal
+        uses: actions/checkout@1e204e9a9253d643386038d443f96446fa156a97
+
+      - name: checkout public site-policy
+        uses: actions/checkout@1e204e9a9253d643386038d443f96446fa156a97
+        with:
+          repository: github/site-policy
+          token: ${{ secrets.API_TOKEN_SITEPOLICY }}
+          fetch-depth: ''
+          path: public-repo
+
+      - name: Commits internal policies to copy of public repo with descriptive message from triggering PR title
         run: |
-          echo "MESSAGE=${{github.event.pull_request.title}}" >> $GITHUB_ENV
+          cd public-repo
+          git config --local user.name 'site-policy-bot'
+          git config --local user.email 'site-policy-bot@github.com'
+          rm -rf Policies
+          cp -r ../content/github/site-policy Policies
+          git status
+          git checkout -b automated-sync-$GITHUB_RUN_ID
+          git add .
+          PR_TITLE=${{ github.event.pull_request.title }}
+          [[ ! -z $PR_TITLE ]] && DESCRIPTION="${PR_TITLE}" || DESCRIPTION="Update manually triggered by workflow"
+          echo "DESCRIPTION=$DESCRIPTION" >> $GITHUB_ENV
+          git commit -m "$(echo $DESCRIPTION)"
 
-      # Pushes to other repo
-      - name: Push folder to another repository
-        uses: crykn/copy_folder_to_another_repo_action@0282e8b9fef06de92ddcae9fe6cb44df6226646c
+      - name: If there are changes to push, create a pull request in the public repo using the gh command line tool, then immediately merge the PR and delete the branch
+        id: createAndMergePullRequest
         env:
-          API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_SITEPOLICY }}
-        with:
-          source_folder: 'content/github/site-policy'
-          destination_repo: 'github/site-policy'
-          destination_branch: 'main'
-          destination_branch_create: 'repo-sync'
-          destination_folder: 'Policies'
-          user_email: 'site-policy-bot@users.noreply.github.com'
-          user_name: 'site-policy-bot'
-          commit_msg: '${{ env.MESSAGE }}'
+          GITHUB_TOKEN: ${{ secrets.API_TOKEN_SITEPOLICY }}
+        run: |
+          cd public-repo
+          git config --local user.name 'site-policy-bot'
+          git config --local user.email 'site-policy-bot@github.com'
+          DIFF=$(git diff --name-status --summary HEAD^..HEAD)
+          NUM_FILES_CHANGED=$(git diff --name-only HEAD^..HEAD | wc -l)
+          [[ $NUM_FILES_CHANGED -ge 2 ]] && TITLE="Sync changes from GitHub Docs" || TITLE=$(echo $DIFF | sed -e 's/^A\s/Added /g;s/^D\s/Deleted /g;s/^C\s/Copied /g;s/^M\s/Modified /g;s/^R100\s/Renamed /g;')
+          if [[ ! -z $TITLE ]]
+            then
+              echo -e "This is an automated pull request to sync changes from GitHub Docs.\n\nDiff summary:\n\n${DIFF}" > msg
+              git push --set-upstream origin automated-sync-$GITHUB_RUN_ID
+              PR_URL=$(gh pr create --title "${TITLE}" --body-file msg --head automated-sync-$GITHUB_RUN_ID --base main --repo github/site-policy)
+              gh pr diff ${PR_URL}
+              gh pr merge ${PR_URL} --merge --delete-branch
+            else
+              echo "No updates to push to the public repo"
+          fi
+
+      - name: Delete remote updates branch if previous step failed
+        if: failure() && steps.createAndMergePullRequest.outcome == 'failure'
+        run: git push github/site-policy --delete automated-sync-$GITHUB_RUN_ID
