From edd4437bd32e182233ea1bb58c0e4f050f5bb3c0 Mon Sep 17 00:00:00 2001 From: surajpurbint Date: Tue, 21 Apr 2026 12:45:02 +0530 Subject: [PATCH 1/4] GApp token --- auth-using-GApp/action.yml | 42 +++++++++++++ typescript-lint/action.yml | 6 +- update-image-tag-gitops/action.yml | 94 ------------------------------ 3 files changed, 45 insertions(+), 97 deletions(-) create mode 100644 auth-using-GApp/action.yml delete mode 100644 update-image-tag-gitops/action.yml diff --git a/auth-using-GApp/action.yml b/auth-using-GApp/action.yml new file mode 100644 index 0000000..e3ad5dd --- /dev/null +++ b/auth-using-GApp/action.yml @@ -0,0 +1,42 @@ +name: 'Auth using GitHub App' +description: 'Mint a GitHub App installation token for git and API access (e.g. org-wide app). Pass organization secrets from the calling workflow.' +inputs: + github_app_id: + description: 'GitHub App ID (e.g. secrets.GITHUB_APP_ID from organization secrets).' + required: true + github_app_private_key: + description: 'GitHub App private key PEM (e.g. secrets.GITHUB_APP_PRIVATE_KEY from organization secrets).' + required: true + installation_owner: + description: 'Organization or user login where the app is installed. Defaults to the repository owner of the caller workflow.' + required: false + default: 'urbint' + +outputs: + token: + description: 'GitHub App installation access token.' + value: ${{ steps.app-token.outputs.token }} + +runs: + using: 'composite' + steps: + - name: 'Resolve GitHub App installation owner' + id: installation-owner + shell: bash + env: + INSTALLATION_OWNER: ${{ inputs.installation_owner }} + REPOSITORY_OWNER: ${{ github.repository_owner }} + run: | + if [ -n "$INSTALLATION_OWNER" ]; then + echo "owner=${INSTALLATION_OWNER}" >> "$GITHUB_OUTPUT" + else + echo "owner=${REPOSITORY_OWNER}" >> "$GITHUB_OUTPUT" + fi + + - name: 'Generate GitHub App token' + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ inputs.github_app_id }} + private-key: ${{ inputs.github_app_private_key }} + owner: ${{ steps.installation-owner.outputs.owner }} diff --git a/typescript-lint/action.yml b/typescript-lint/action.yml index 0eb171e..b6f64b6 100644 --- a/typescript-lint/action.yml +++ b/typescript-lint/action.yml @@ -33,6 +33,6 @@ inputs: required: true default: 'https://npm.pkg.github.com' - node-auth-token: - description: 'NPM Auth Token for accessing private packages' - required: true + # node-auth-token: + # description: 'NPM Auth Token for accessing private packages' + # required: true diff --git a/update-image-tag-gitops/action.yml b/update-image-tag-gitops/action.yml deleted file mode 100644 index 5d4f642..0000000 --- a/update-image-tag-gitops/action.yml +++ /dev/null @@ -1,94 +0,0 @@ -name: "Update Image Tag" -description: "Updates the image tag in a specified kustomization.yaml file." - -inputs: - repo: - description: "The repository to update." - required: true - file_path: - description: "The path to the kustomization.yaml file to update." - required: true - tag_key: - description: "The key for the new image tag in the YAML." - required: true - image_name: - description: "The name of the image to update." - required: true - tag: - description: "The tag value to set." - required: true - branch: - description: "The branch to update." - required: true - token: - description: "GitHub token for authentication." - required: true - -runs: - using: "composite" - steps: - - name: Check out repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - token: ${{ inputs.token }} - ref: "${{ inputs.branch }}" - path: gitops - - # Step 1: Check if 'yq' is installed and install it if missing - - name: Check if yq is installed - shell: bash - run: | - echo "Checking if yq is installed..." - if command -v yq > /dev/null 2>&1; then - echo "yq is installed, version:" - yq --version - else - echo "yq is not installed. Installing yq..." - curl -LO https://github.com/mikefarah/yq/releases/download/v4.16.1/yq_linux_amd64 - chmod +x ./yq_linux_amd64 - mv ./yq_linux_amd64 /usr/local/bin/yq - echo "yq installed, version:" - yq --version - fi - - # Step 2: Update the image tag in the kustomization.yaml file - - name: Update image tag - shell: bash - run: | - pwd - ls -la - - cd gitops # Navigate to the cloned directory - git checkout "${{ inputs.branch }}" - ls -la - - # Print the current contents of the kustomization.yaml file before updating - echo "=== Before Update ===" - cat "${{ inputs.file_path }}" - - # Use yq to update the image tag - yq eval '(.images[] | select(.name == "${{ inputs.image_name }}")).newTag = "${{ inputs.tag }}"' -i "${{ inputs.file_path }}" - - - - # Print the contents of the kustomization.yaml file after the update - echo "=== After Update ===" - cat "${{ inputs.file_path }}" - - # Check if there are changes to commit - git diff "${{ inputs.file_path }}" - - # Optionally, check if the file is marked as changed (useful for debugging) - if ! git diff --quiet; then - echo "File has changes. You can proceed with commit and push." - else - echo "No changes detected in the file." - fi - - # Commit and push the changes if there were any - if ! git diff --quiet; then - git add "${{ inputs.file_path }}" - git commit -m "Update image tag for ${{ inputs.image_name }} to ${{ inputs.tag }}" - git push origin "${{ inputs.branch }}" - fi From 5fb50c7128b80349efa1fd6a91ae3665c05d6927 Mon Sep 17 00:00:00 2001 From: surajpurbint Date: Wed, 22 Apr 2026 15:28:13 +0530 Subject: [PATCH 2/4] test fix for lint --- typescript-lint/action.yml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/typescript-lint/action.yml b/typescript-lint/action.yml index b6f64b6..f382add 100644 --- a/typescript-lint/action.yml +++ b/typescript-lint/action.yml @@ -10,6 +10,23 @@ runs: node-version: ${{ inputs.node-version }} registry-url: ${{ inputs.registry-url }} + - name: 'Configure npm auth for GitHub Packages' + shell: bash + env: + NODE_AUTH_TOKEN: ${{ inputs.node-auth-token }} + run: | + cat > .npmrc < Date: Tue, 28 Apr 2026 18:00:25 +0530 Subject: [PATCH 3/4] reverting changes --- typescript-lint/action.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/typescript-lint/action.yml b/typescript-lint/action.yml index f382add..0eb171e 100644 --- a/typescript-lint/action.yml +++ b/typescript-lint/action.yml @@ -10,23 +10,6 @@ runs: node-version: ${{ inputs.node-version }} registry-url: ${{ inputs.registry-url }} - - name: 'Configure npm auth for GitHub Packages' - shell: bash - env: - NODE_AUTH_TOKEN: ${{ inputs.node-auth-token }} - run: | - cat > .npmrc < Date: Tue, 28 Apr 2026 18:08:24 +0530 Subject: [PATCH 4/4] fixes --- update-image-tag-gitops/action.yml | 94 ++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 update-image-tag-gitops/action.yml diff --git a/update-image-tag-gitops/action.yml b/update-image-tag-gitops/action.yml new file mode 100644 index 0000000..5d4f642 --- /dev/null +++ b/update-image-tag-gitops/action.yml @@ -0,0 +1,94 @@ +name: "Update Image Tag" +description: "Updates the image tag in a specified kustomization.yaml file." + +inputs: + repo: + description: "The repository to update." + required: true + file_path: + description: "The path to the kustomization.yaml file to update." + required: true + tag_key: + description: "The key for the new image tag in the YAML." + required: true + image_name: + description: "The name of the image to update." + required: true + tag: + description: "The tag value to set." + required: true + branch: + description: "The branch to update." + required: true + token: + description: "GitHub token for authentication." + required: true + +runs: + using: "composite" + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + repository: ${{ inputs.repo }} + token: ${{ inputs.token }} + ref: "${{ inputs.branch }}" + path: gitops + + # Step 1: Check if 'yq' is installed and install it if missing + - name: Check if yq is installed + shell: bash + run: | + echo "Checking if yq is installed..." + if command -v yq > /dev/null 2>&1; then + echo "yq is installed, version:" + yq --version + else + echo "yq is not installed. Installing yq..." + curl -LO https://github.com/mikefarah/yq/releases/download/v4.16.1/yq_linux_amd64 + chmod +x ./yq_linux_amd64 + mv ./yq_linux_amd64 /usr/local/bin/yq + echo "yq installed, version:" + yq --version + fi + + # Step 2: Update the image tag in the kustomization.yaml file + - name: Update image tag + shell: bash + run: | + pwd + ls -la + + cd gitops # Navigate to the cloned directory + git checkout "${{ inputs.branch }}" + ls -la + + # Print the current contents of the kustomization.yaml file before updating + echo "=== Before Update ===" + cat "${{ inputs.file_path }}" + + # Use yq to update the image tag + yq eval '(.images[] | select(.name == "${{ inputs.image_name }}")).newTag = "${{ inputs.tag }}"' -i "${{ inputs.file_path }}" + + + + # Print the contents of the kustomization.yaml file after the update + echo "=== After Update ===" + cat "${{ inputs.file_path }}" + + # Check if there are changes to commit + git diff "${{ inputs.file_path }}" + + # Optionally, check if the file is marked as changed (useful for debugging) + if ! git diff --quiet; then + echo "File has changes. You can proceed with commit and push." + else + echo "No changes detected in the file." + fi + + # Commit and push the changes if there were any + if ! git diff --quiet; then + git add "${{ inputs.file_path }}" + git commit -m "Update image tag for ${{ inputs.image_name }} to ${{ inputs.tag }}" + git push origin "${{ inputs.branch }}" + fi