Update protos #225
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Update protos" | |
| on: | |
| schedule: | |
| - cron: "17 0 * * *" # Runs daily at 00:17 UTC | |
| workflow_call: | |
| inputs: | |
| tag: | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "The new tag for targeting the RPC protocol buffers." | |
| required: true | |
| default: "protocol/go/v0.13.0" | |
| jobs: | |
| update-platform-protos: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read | |
| steps: | |
| - name: Checkout web-sdk repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5 | |
| with: | |
| path: web-sdk | |
| persist-credentials: true | |
| - name: Set up GitHub CLI as Actions bot | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh auth setup-git | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Fetch latest semver tag for protocol/go | |
| id: fetch-latest-tag | |
| run: | | |
| if [ -z "${{ github.event.inputs.tag }}" ]; then | |
| LATEST_TAG=$(git ls-remote --tags https://github.com/opentdf/platform.git | \ | |
| grep "refs/tags/protocol/go" | \ | |
| sed 's|.*/||' | \ | |
| sort -V | \ | |
| tail -n1) | |
| echo "LATEST_TAG=protocol/go/$LATEST_TAG" >> "$GITHUB_ENV" | |
| else | |
| echo "LATEST_TAG=${{ github.event.inputs.tag }}" >> "$GITHUB_ENV" | |
| fi | |
| - name: Check if update is needed | |
| working-directory: ./web-sdk | |
| id: check-update | |
| run: | | |
| CURRENT_TAG=$(jq -r '.["tag"]' lib/platform-proto-version.json) | |
| if [ "$CURRENT_TAG" = "$LATEST_TAG" ]; then | |
| echo "Platform branch is already up-to-date." | |
| echo "no_updates=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "CURRENT_TAG=$CURRENT_TAG" >> "$GITHUB_ENV" | |
| - name: Check for existing PR | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| id: check-pr | |
| working-directory: ./web-sdk | |
| run: | | |
| EXISTING_PR=$(gh pr list --head update-platform-protos --json number --jq '.[0].number') | |
| if [ -n "$EXISTING_PR" ]; then | |
| echo "EXISTING_PR=$EXISTING_PR" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check out existing PR | |
| working-directory: ./web-sdk | |
| if: steps.check-pr.outputs.EXISTING_PR != '' && steps.check-update.outputs.no_updates != 'true' | |
| run: | | |
| git fetch origin update-platform-protos:update-platform-protos | |
| git checkout update-platform-protos | |
| - name: Clone platform repo at protocol/go tag | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5 | |
| with: | |
| path: platform | |
| repository: opentdf/platform | |
| ref: ${{ env.LATEST_TAG }} | |
| persist-credentials: true | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0 | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| with: | |
| node-version: '24' | |
| cache: 'npm' | |
| cache-dependency-path: './web-sdk/lib/package-lock.json' | |
| - name: Regen pb files | |
| id: update-platform-protos | |
| if: steps.check-update.outputs.no_updates != 'true' | |
| working-directory: ./web-sdk/lib | |
| run: | | |
| npm ci | |
| cd .. | |
| ./scripts/platform.sh | |
| TAG_COMMIT=$(gh api repos/opentdf/platform/git/ref/tags/$LATEST_TAG --jq '.object.sha') | |
| jq --arg tag "$LATEST_TAG" '.["tag"] = $tag' lib/platform-proto-version.json > lib/platform-proto-version.tmp.json | |
| jq --arg commit "$TAG_COMMIT" '.["commit"] = $commit' lib/platform-proto-version.tmp.json > lib/platform-proto-version.json | |
| rm lib/platform-proto-version.tmp.json | |
| # Check for changes after regeneration | |
| if [ -z "$(git status --porcelain)" ]; then | |
| echo "No changes detected after regeneration." | |
| else | |
| echo "Changes detected after regeneration" | |
| echo "changes=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| PLATFORM_SRC: ../platform/service | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create new branch | |
| working-directory: ./web-sdk | |
| if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-protos.outputs.changes == 'true' | |
| run: | | |
| git checkout -b $BRANCH_NAME | |
| git push origin $BRANCH_NAME | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-protos | |
| - name: Update files | |
| working-directory: ./web-sdk | |
| if: steps.update-platform-protos.outputs.changes == 'true' | |
| run: | | |
| echo "Committing changes..." | |
| FILES_CHANGED=$(git status --porcelain | awk '{print $2}') | |
| for file in $FILES_CHANGED; do | |
| echo "Committing file: $file" | |
| CONTENT=$(base64 -i $file) | |
| FILENAME=$(basename $file) | |
| MESSAGE="Update $FILENAME to match platform tag $LATEST_TAG" | |
| SHA=$( git rev-parse $BRANCH_NAME:$file 2>/dev/null | grep -E '^[0-9a-f]{40}$' || echo "" ) | |
| if [ -z "$SHA" ]; then | |
| SHA="" | |
| fi | |
| gh api --method PUT /repos/opentdf/web-sdk/contents/$file \ | |
| --field message="$MESSAGE" \ | |
| --field content="$CONTENT" \ | |
| --field encoding="base64" \ | |
| --field branch="$BRANCH_NAME" \ | |
| --field sha="$SHA" | |
| done | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-protos | |
| - name: Get protocol release notes | |
| working-directory: ./web-sdk | |
| if: steps.update-platform-protos.outputs.changes == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| RELEASE_NOTES=$(gh release view $LATEST_TAG --repo opentdf/platform --json body --jq '.body') | |
| cat <<EOF > pr_body.txt | |
| This PR regenerates the platform pb files based on tag: $LATEST_TAG. It also updates the lib/platform-proto-version.json file to reflect the new tag and commit. | |
| See the release: https://github.com/opentdf/platform/releases/tag/$LATEST_TAG | |
| Release Notes: | |
| $RELEASE_NOTES | |
| EOF | |
| - name: Update existing PR Title and description | |
| working-directory: ./web-sdk | |
| if: steps.check-pr.outputs.EXISTING_PR != '' && steps.update-platform-protos.outputs.changes == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH_NAME: update-platform-protos | |
| run: | | |
| gh pr edit ${{ steps.check-pr.outputs.EXISTING_PR }} \ | |
| --title "fix(sdk): Updates to proto version $LATEST_TAG" \ | |
| --body-file pr_body.txt | |
| - name: Create New PR | |
| working-directory: ./web-sdk | |
| if: steps.check-pr.outputs.EXISTING_PR == '' && steps.update-platform-protos.outputs.changes == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr create \ | |
| --title "fix(sdk): Updates to proto version $LATEST_TAG" \ | |
| --body-file pr_body.txt \ | |
| --head update-platform-protos \ | |
| --base main | |