This repository was archived by the owner on Jun 2, 2026. It is now read-only.
Repository Sync For App #682
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Repository Sync For App | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| repositories: | |
| description: 'Override the target repositories, use a comma separated list. Leave as All to run on all repositories.' | |
| default: 'All' | |
| type: string | |
| first_run: | |
| description: 'Whether to run in first run mode' | |
| default: false | |
| type: boolean | |
| plan_only: | |
| description: 'Whether to only plan the changes' | |
| default: true | |
| type: boolean | |
| schedule: | |
| - cron: '0 0,4,8,12,16,20 * * *' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| generate-matrix: | |
| name: Generate Matrix | |
| runs-on: ubuntu-latest | |
| environment: avm-updates | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.matrix }} | |
| matrixParallel: ${{ steps.matrix.outputs.matrixParallel }} | |
| steps: | |
| - name: Checkout Bootstrap Modules | |
| uses: actions/checkout@v4 | |
| - name: Create GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1.11.0 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Generate Matrix | |
| id: matrix | |
| run: | | |
| $triggerType = "${{ github.event_name }}" | |
| $repositories = "All" | |
| $firstRun = $false | |
| if($triggerType -eq "workflow_dispatch") { | |
| $repositories = "${{ inputs.repositories }}" | |
| $firstRun = "${{ inputs.first_run }}".ToLower() -eq "true" | |
| } | |
| $matrixParallel = 5 | |
| if($firstRun) { | |
| $matrixParallel = 1 | |
| } | |
| Write-Output "matrixParallel=$matrixParallel" >> $env:GITHUB_OUTPUT | |
| if($repositories -eq "All") { | |
| $repositories = @() | |
| } else { | |
| $repositories = $repositories -split ',' | |
| } | |
| $matrix = @(./scripts/Invoke-RepoSyncGenerateMatrix.ps1 -repoFilter $repositories) | |
| $matrixJson = ConvertTo-Json $matrix -Depth 10 -Compress | |
| Write-Host (ConvertTo-Json $matrix -Depth 10) | |
| Write-Output "matrix=$matrixJson" >> $env:GITHUB_OUTPUT | |
| shell: pwsh | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| - name: Upload Repo Logs Json | |
| if: always() && hashFiles('warning.log.json') != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: warning.log.json | |
| path: warning.log.json | |
| - name: Repo Error | |
| if: always() && hashFiles('warning.log.json') != '' | |
| run: | | |
| $issueLogJson = Get-Content -Path "warning.log.json" -Raw | |
| $issueLog = ConvertFrom-Json $issueLogJson | |
| $issueLog | ForEach-Object { | |
| echo "::error title=$($_.repoId) has issues::$($_.message)" | |
| } | |
| shell: pwsh | |
| run-sync: | |
| name: ${{ matrix.repoId }} (${{ matrix.repoUrl }}) | |
| runs-on: ubuntu-latest | |
| environment: avm-updates | |
| needs: generate-matrix | |
| strategy: | |
| fail-fast: false | |
| max-parallel: ${{ fromJson(needs.generate-matrix.outputs.matrixParallel) }} | |
| matrix: | |
| include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: latest | |
| terraform_wrapper: false | |
| - name: Create GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1.11.0 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Download Labels CSV File | |
| run: | | |
| ./scripts/Invoke-AvmLabelsCsvDownload.ps1 | |
| shell: pwsh | |
| - name: Run Sync for ${{ matrix.repoId }} | |
| run: | | |
| $triggerType = "${{ github.event_name }}" | |
| $firstRun = $false | |
| $planOnly = $false | |
| if($triggerType -eq "workflow_dispatch") { | |
| $firstRun = "${{ inputs.first_run }}".ToLower() -eq "true" | |
| $planOnly = "${{ inputs.plan_only }}".ToLower() -eq "true" | |
| } | |
| Write-Output "Token: $env:GH_TOKEN" | |
| Write-Output "Repositories: $repositories" | |
| Write-Output "First Run: $firstRun" | |
| Write-Output "Plan Only: $planOnly" | |
| Write-Host "Authenticating gh cli" | |
| gh auth login -h "GitHub.com" | |
| Write-Host "Running repo sync" | |
| ./scripts/Invoke-RepoSyncForSingleRepo.ps1 ` | |
| -firstRun $firstRun ` | |
| -planOnly $planOnly ` | |
| -stateStorageAccountName "${{ secrets.STORAGE_ACCOUNT_NAME }}" ` | |
| -stateResourceGroupName "${{ secrets.STORAGE_ACCOUNT_RESOURCE_GROUP_NAME }}" ` | |
| -stateContainerName "${{ secrets.STORAGE_ACCOUNT_CONTAINER_NAME }}" ` | |
| -targetSubscriptionId "${{ secrets.TARGET_SUBSCRIPTION_ID }}" ` | |
| -identityResourceGroupName "${{ secrets.IDENTITY_RESOURCE_GROUP_NAME }}" ` | |
| -repoId "${{ matrix.repoId }}" ` | |
| -repoUrl "${{ matrix.repoUrl }}" ` | |
| -repoType "${{ matrix.repoType }}" ` | |
| -repoSubType "${{ matrix.repoSubType }}" ` | |
| -repoOwnerTeam "${{ matrix.repoOwnerTeam }}" ` | |
| -repoContributorTeam "${{ matrix.repoContributorTeam }}" ` | |
| -repoIsProtected ("${{ matrix.repoIsProtected }}" -eq "true") | |
| shell: pwsh | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_USE_AZUREAD: true | |
| ARM_USE_OIDC: true | |
| - name: Upload Issue Logs Json | |
| if: always() && hashFiles('issue.log.json') != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.repoId }}.issue.log.json | |
| path: issue.log.json | |
| - name: Issue Error | |
| if: always() && hashFiles('issue.log.json') != '' | |
| run: | | |
| $issueLogJson = Get-Content -Path "issue.log.json" -Raw | |
| $issueLog = ConvertFrom-Json $issueLogJson | |
| $issueLog | ForEach-Object { | |
| echo "::error title=${{ matrix.repoId }} has issues::$($_.message) Check the log file artifact for ${{ matrix.repoId }} to see the full details." | |
| } | |
| exit 1 | |
| shell: pwsh |