FilesExpand file tree

 main

/

repo-sync.yml

Copy path

View Runs

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

183 lines (167 loc) · 7.25 KB

 main

/

repo-sync.yml

Top

File metadata and controls

• Code
• Blame

183 lines (167 loc) · 7.25 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

name: Repo Sync

# **What it does**: GitHub Docs has two repositories: github/docs (public) and github/docs-internal (private).

# This GitHub Actions workflow keeps the `main` branch of those two repos in sync.

# **Why we have it**: To keep the open-source repository up-to-date

# while still having an internal repository for sensitive work.

# **Who does it impact**: Open-source.

# For more details, see https://github.com/repo-sync/repo-sync#how-it-works

on:

workflow_dispatch:

schedule:

- cron: '20 14-23/3 * * 1-5' # Mon-Fri 6:20a, 9:20a, 12:20p, 3:20p PST

permissions:

contents: write

pull-requests: write

jobs:

repo-sync:

if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'

name: Repo Sync

runs-on: ubuntu-latest

steps:

- name: Check out repo

uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

with:

persist-credentials: false

- name: Sync repo to branch

uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88

with:

source_repo: https://${{ secrets.DOCS_BOT_PAT_REPO_SYNC }}@github.com/github/${{ github.repository == 'github/docs-internal' && 'docs' || 'docs-internal' }}.git

source_branch: main

destination_branch: repo-sync

github_token: ${{ secrets.DOCS_BOT_PAT_REPO_SYNC }}

- name: Ship pull request

uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd

with:

github-token: ${{ secrets.DOCS_BOT_PAT_REPO_SYNC }}

result-encoding: string

script: |

const { owner, repo } = context.repo

const head = 'github:repo-sync'

const base = 'main'

async function closePullRequest(prNumber) {

console.log('Closing pull request', prNumber)

await github.rest.pulls.update({

owner,

repo,

pull_number: prNumber,

state: 'closed'

})

// Error loud here, so no try/catch

console.log('Closed pull request', prNumber)

}

console.log('Closing any existing pull requests')

const { data: existingPulls } = await github.rest.pulls.list({ owner, repo, head, base })

if (existingPulls.length) {

console.log('Found existing pull requests', existingPulls.map(pull => pull.number))

for (const pull of existingPulls) {

await closePullRequest(pull.number)

}

console.log('Closed existing pull requests')

}

try {

const { data } = await github.rest.repos.compareCommits({

owner,

repo,

head,

base,

})

const { files } = data

console.log(`File changes between ${head} and ${base}:`, files)

if (!files.length) {

console.log('No files changed, bailing')

return

}

} catch (err) {

console.error(`Unable to compute the files difference between ${head} and ${base}`, err.message)

}

console.log('Creating a new pull request')

const body = `

This is an automated pull request to sync changes between the public and private repos.

Our bot will merge this pull request automatically.

To preserve continuity across repos, _do not squash_ this pull request.

`

let pull, pull_number

try {

const response = await github.rest.pulls.create({

owner,

repo,

head,

base,

title: 'Repo sync',

body,

})

pull = response.data

pull_number = pull.number

console.log('Created pull request successfully', pull.html_url)

} catch (err) {

// Don't error/alert if there's no commits to sync

// Don't throw if > 100 pulls with same head_sha issue

if (err.message?.includes('No commits') || err.message?.includes('same head_sha')) {

console.log(err.message)

return

}

throw err

}

console.log('Locking conversations to prevent spam')

try {

await github.rest.issues.lock({

...context.repo,

issue_number: pull_number,

lock_reason: 'spam'

})

console.log('Locked the pull request to prevent spam')

} catch (error) {

console.error('Failed to lock the pull request.', error)

// Don't fail the workflow

}

console.log('Counting files changed')

const { data: prFiles } = await github.rest.pulls.listFiles({ owner, repo, pull_number })

if (prFiles.length) {

console.log(prFiles.length, 'files have changed')

} else {

console.log('No files changed, closing')

await closePullRequest(pull_number)

return

}

console.log('Checking for merge conflicts')

if (pull.mergeable_state === 'dirty') {

console.log('Pull request has a conflict', pull.html_url)

await closePullRequest(pull_number)

throw new Error('Pull request has a conflict, please resolve manually')

}

console.log('No detected merge conflicts')

console.log('Merging the pull request')

// Admin merge pull request to avoid squash

// Retry once per minute for up to 15 minutes to wait for required checks (e.g. CodeQL)

const maxAttempts = 15

const delay = 60_000 // 1 minute

for (let attempt = 1; attempt <= maxAttempts; attempt++) {

try {

await github.rest.pulls.merge({

owner,

repo,

pull_number,

merge_method: 'merge',

})

console.log('Merged the pull request successfully')

break

} catch (mergeError) {

const msg = mergeError.message || mergeError.response?.data?.message || ''

const isRuleViolation = mergeError.status === 405 &&

msg.includes('Repository rule violations')

if (!isRuleViolation || attempt === maxAttempts) {

throw mergeError

}

console.log(`Merge blocked by required checks (attempt ${attempt}/${maxAttempts}), retrying in 60s...`)

await new Promise(resolve => setTimeout(resolve, delay))

}

}

- uses: ./.github/actions/slack-alert

if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

with:

slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}

slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}

- uses: ./.github/actions/create-workflow-failure-issue

if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

with:

token: ${{ secrets.DOCS_BOT_PAT_BASE }}