Google Git
Sign in
cue / cue / e72c9c3f5afdc30aa9b709fc6159cf7157503072^! / .
commite72c9c3f5afdc30aa9b709fc6159cf7157503072[log] [tgz]
authorPaul Jolly <paul@myitcv.io>Mon Jun 15 13:27:05 2020 +0100
committerPaul Jolly <paul@myitcv.org.uk>Mon Jun 15 12:48:16 2020 +0000
tree601989ba35ead701f662150058481f3b06db7527
parentf082dbdf938b31d028d002a05882fcaab9660e2d [diff]
ci: use cueckoo to create the temporary build branch

It transpires that the GITHUB_TOKEN that is made available by default in
repository builds cannot create a branch that varies a workflow file.
Hence we need to create the temporary build branch using a generic
account; we choose cueckoo.

This does mean, however, that we need to be careful when it comes to
running the trybots on changes from others that modify the workflow
files.

Change-Id: I1c2a984b3c908cb7ff3d2f2183c408fc0aba8ebe
Reviewed-on: https://cue-review.googlesource.com/c/cue/+/6328
Reviewed-by: Paul Jolly <paul@myitcv.org.uk>

diff --git a/.github/workflows/test_dispatch.yml b/.github/workflows/test_dispatch.yml
index f7a0d0f..5c8d41e 100644
--- a/.github/workflows/test_dispatch.yml
+++ b/.github/workflows/test_dispatch.yml

@@ -1,6 +1,8 @@
 # Generated by internal/ci/ci_tool.cue; do not edit
 
 name: Dispatch build branch
+env:
+  CUECKOO_PAT: ${{ secrets.cueckooPAT }}
 defaults:
   run:
     shell: bash
@@ -18,6 +20,9 @@
         git checkout FETCH_HEAD
     - name: Create build branch
       run: |-
+        git config user.email cueckoo@cuelang.org
+        git config user.name cueckoo
+        git config http.https://github.com/.extraheader "AUTHORIZATION basic $(echo cueckoo:$CUECKOO_PAT | base64)"
         ref=$(echo ${{ github.event.client_payload.ref }} | sed -e 's/\//_/g')
         branch="$(date -u +%Y%m%d%H%M%S)-${{ github.event.client_payload.changeID }}-${{ github.event.client_payload.commit }}-$ref"
         git checkout -b $branch

diff --git a/internal/ci/workflows.cue b/internal/ci/workflows.cue
index bd684ad..abeb392 100644
--- a/internal/ci/workflows.cue
+++ b/internal/ci/workflows.cue

@@ -215,6 +215,7 @@
 }
 
 test_dispatch: json.#Workflow & {
+	env: CUECKOO_PAT: "${{ secrets.cueckooPAT }}"
 	name: "Dispatch build branch"
 	on: ["repository_dispatch"]
 	defaults: run: shell: "bash"
@@ -233,6 +234,9 @@
 				#step & {
 					name: "Create build branch"
 					run: #"""
+					git config user.email cueckoo@cuelang.org
+					git config user.name cueckoo
+					git config http.https://github.com/.extraheader "AUTHORIZATION basic $(echo cueckoo:$CUECKOO_PAT | base64)"
 					ref=$(echo ${{ github.event.client_payload.ref }} | sed -e 's/\//_/g')
 					branch="$(date -u +%Y%m%d%H%M%S)-${{ github.event.client_payload.changeID }}-${{ github.event.client_payload.commit }}-$ref"
 					git checkout -b $branch