Add pipeline to sync the checks from the dashboard db #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sync and update Compliance Checks | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
# schedule: | |
# - cron: "0 0 * * *" # Runs daily at midnight UTC | |
# workflow_dispatch: # Allows manual triggering | |
permissions: | |
# We will create a pull request, so we need write permissions | |
pull-requests: write | |
# We will be committing to the repository, so we need write permissions | |
contents: write | |
jobs: | |
sync-and-update: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:17.2 | |
env: | |
POSTGRES_DB: dashboard | |
POSTGRES_USER: openjs | |
POSTGRES_PASSWORD: password | |
ports: | |
- 5432:5432 | |
options: >- | |
--health-cmd="pg_isready -U openjs" | |
--health-interval=10s | |
--health-timeout=5s | |
--health-retries=5 | |
steps: | |
# Checkout the current repository | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
# Create or switch to the chore/update-content branch | |
- name: Create or Checkout Branch | |
run: | | |
git fetch origin chore/update-content || true | |
git checkout chore/update-content || git checkout -b chore/update-content | |
# Clone the public repository and set it up | |
- name: Clone OpenJS Foundation Dashboard | |
run: | | |
git clone https://github.com/secure-dashboards/openjs-foundation-dashboard.git temp-openjs-dashboard | |
cd temp-openjs-dashboard | |
npm install | |
npm run db:migrate | |
psql -U openjs -d dashboard -c "\copy (SELECT json_agg(t) FROM compliance_checks t) TO '../data/checks.json'" | |
cd .. | |
rm -rf temp-openjs-dashboard | |
env: | |
PGHOST: localhost | |
PGUSER: openjs | |
PGPASSWORD: password | |
PGDATABASE: dashboard | |
- name: Debug Git Changes (Before Commit Updated Checks) | |
run: | | |
git status | |
git diff | |
# Commit the updated checks.json | |
- name: Commit Updated Checks | |
run: | | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
git add -A | |
git diff --cached --quiet || git commit -m "chore: sync with OpenJS Foundation Dashboard" | |
# Install dependencies for the current repository and generate site | |
- name: Install Dependencies and Generate Site | |
run: | | |
npm install | |
npm run populate-details | |
npm run populate-implementations | |
- name: Debug Git Changes (Before Commit Updated Checks) | |
run: | | |
git status | |
git diff | |
# Commit the generated site | |
- name: Commit and Push Changes | |
run: | | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
git add -A | |
git diff --cached --quiet || git commit -m "chore: auto-update details and implementations" | |
git push origin chore/update-content | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Pull Request | |
run: | | |
PR_DATA=$(jq -n \ | |
--arg title "Auto update content" \ | |
--arg body "This PR updates the content." \ | |
--arg head "chore/update-content" \ | |
--arg base "main" \ | |
--arg assignee "${{ github.actor }}" \ | |
'{title: $title, body: $body, head: $head, base: $base, assignees: [$assignee]}') | |
curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
https://api.github.com/repos/${{ github.repository }}/pulls \ | |
-d "$PR_DATA" |