Skip to content

upstream sync

upstream sync #234

Workflow file for this run

name: upstream sync
on:
schedule:
- cron: "0 9 * * *" # run once daily
workflow_dispatch: # allow to manually trigger this workflow
jobs:
sync_upstream:
permissions: write-all
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: backup_sync
- name: Get latest upstream release
run: |
# Fetch the latest release tag from the GitHub API
RAW_RELEASE_TAG=$(curl -L \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/joernio/joern/releases/latest | jq -r .name)
# Process the tag to create the desired format
LATEST_TAG=$(echo "$RAW_RELEASE_TAG" | sed 's/^v//' | sed 's/\./-/g')
# Export to GitHub environment variables
echo "RAW_RELEASE_TAG=$RAW_RELEASE_TAG" >> $GITHUB_ENV
echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV
- name: Create tag branch and merge upstream
run: |
# Get the latest commit url
COMMIT_URL=$(curl -v \
-H "Authorization: Bearer ${{ env.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/joernio/joern/git/ref/tags/${{ env.RAW_RELEASE_TAG }} \
| jq -r '.object.url')
# Get SHA from the commit URL
COMMIT_SHA=$(curl -L \
-H "Accept: application/vnd.github+json" \
$COMMIT_URL | jq -r .object.sha)
# Create a branch pointing to the commit
curl -X POST \
-H "Authorization: Bearer ${{ env.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-d '{"ref": "refs/heads/'"${LATEST_TAG}"'", "sha": "'"${COMMIT_SHA}"'"}' \
https://api.github.com/repos/Privado-Inc/joern/git/refs
env:
GITHUB_TOKEN: ${{ secrets.CORE_AT }}
- run: bash ./upstream_sync.sh --branch ${{ env.LATEST_TAG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create a PR from ${{ env.LATEST_TAG }} to sync
run: gh pr create --repo Privado-Inc/joern -B backup_sync -H ${{ env.LATEST_TAG }} --title 'Merge ${{ env.LATEST_TAG }} to backup_sync' --body 'Created by Github action'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}