├── .github ├── CODEOWNERS └── workflows │ ├── codeql.yaml │ └── test.yaml ├── vendir.yml ├── package.json ├── execute-vendir.sh ├── action.yml ├── LICENSE ├── README.md └── index.js /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # CODEOWNERS file 2 | # This file defines who should review code changes in this repository. 3 | 4 | * @zendesk/ci-platform 5 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yaml: -------------------------------------------------------------------------------- 1 | name: "CodeQL public repository scanning" 2 | 3 | on: 4 | push: 5 | schedule: 6 | - cron: "0 0 * * *" 7 | pull_request_target: 8 | types: [opened, synchronize, reopened] 9 | workflow_dispatch: 10 | 11 | permissions: 12 | contents: read 13 | security-events: write 14 | actions: read 15 | packages: read 16 | 17 | jobs: 18 | trigger-codeql: 19 | uses: zendesk/prodsec-code-scanning/.github/workflows/codeql_advanced_shared.yml@production 20 | -------------------------------------------------------------------------------- /vendir.yml: -------------------------------------------------------------------------------- 1 | apiVersion: vendir.k14s.io/v1alpha1 2 | kind: Config 3 | directories: 4 | - path: vendor 5 | contents: 6 | - path: github.com/zendesk/jsonnet-spinnaker/ 7 | git: 8 | url: git@github.com:zendesk/jsonnet-spinnaker.git 9 | ref: origin/master 10 | includePaths: 11 | # Alternatively `lib/*` for users who don't care about being sparse 12 | - 'lib/Artifacts.libsonnet' 13 | - 'lib/Pipeline.libsonnet' 14 | - 'lib/PipelineMetadata.libsonnet' 15 | - 'lib/Stages.libsonnet' 16 | - 'lib/Triggers.libsonnet' 17 | - path: github.com/zendesk/jsonnet-kubernetes/ 18 | git: 19 | url: git@github.com:zendesk/jsonnet-kubernetes.git 20 | ref: origin/master 21 | includePaths: 22 | # Alternatively `lib/*` for users who don't care about being sparse 23 | - 'lib/K8s.libsonnet' 24 | - 'lib/Labels.libsonnet' 25 | - 'lib/ZendeskPod.libsonnet' 26 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "action-vendir", 3 | "version": "1.0.0", 4 | "description": "A GitHub action for executing vendir. Typical usage will be to * vendor copies of a third party repo's files and create a PR to the local repo or * vendor copies of a third party repo's files to use within another action", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "repository": { 10 | "type": "git", 11 | "url": "git+https://github.com/zendesk/action-vendir.git" 12 | }, 13 | "keywords": [], 14 | "author": "", 15 | "license": "ISC", 16 | "bugs": { 17 | "url": "https://github.com/zendesk/action-vendir/issues" 18 | }, 19 | "homepage": "https://github.com/zendesk/action-vendir#readme", 20 | "dependencies": { 21 | "@actions/core": "^1.10.1", 22 | "@actions/exec": "^1.1.0", 23 | "@actions/github": "^6.0.1", 24 | "@actions/io": "^1.1.1", 25 | "follow-redirects": "^1.15.6" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /execute-vendir.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | VENDIR_URL=$1 4 | TOKEN=$2 5 | LOCKED=$3 6 | VENDIR_FILE=$4 7 | WORKING_DIR=$5 8 | TARGET_DIR=$6 9 | 10 | cd $WORKING_DIR 11 | 12 | # Download `vendir` binary 13 | echo "Downloading vendir from: $VENDIR_URL" 14 | wget --quiet $VENDIR_URL -O vendir 15 | chmod +x vendir 16 | 17 | # Set the token in the GitHub URL 18 | git config --add --global url."https://oauth-token:${TOKEN}@github.com/".insteadOf "https://github.com/" 19 | git config --add --global url."https://oauth-token:${TOKEN}@github.com/".insteadOf "git@github.com:" 20 | 21 | cat ~/.gitconfig 22 | 23 | # Execute vendir with options 24 | if [ "$LOCKED" = "true" ]; 25 | then 26 | LOCK_OPTION="--locked" 27 | else 28 | LOCK_OPTION="" 29 | fi 30 | 31 | if [ -z "$TARGET_DIR" ]; 32 | then 33 | TARGET_OPTION="" 34 | else 35 | TARGET_OPTION="--chdir $TARGET_DIR" 36 | fi 37 | 38 | VENDIR_GITHUB_API_TOKEN=$TOKEN ./vendir sync $LOCK_OPTION $TARGET_OPTION -f $VENDIR_FILE 39 | 40 | git config --unset-all --global url."https://oauth-token:${TOKEN}@github.com/".insteadof 41 | cat ~/.gitconfig 42 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'action-vendir' 2 | description: 'Executes vendir with provided args' 3 | branding: 4 | icon: 'align-justify' 5 | color: 'blue' 6 | inputs: 7 | token: 8 | description: GitHub token to authenticate `git clone` requests. REQUIRED 9 | required: true 10 | version: 11 | description: Version of `vendir` to install. OPTIONAL, defaults to `latest` 12 | required: false 13 | default: "latest" 14 | locked: 15 | description: Whether or not vendir should be invoked with `--locked` option. OPTIONAL, defaults to "false" 16 | required: false 17 | default: "false" 18 | vendir_file: 19 | description: File that defines dependencies. OPTIONAL, defaults to "vendir.yml" 20 | required: false 21 | default: "vendir.yml" 22 | working_dir: 23 | description: Working directory to switch to prior to installing and running vendir, defaults to "." 24 | required: false 25 | default: "." 26 | target_dir: 27 | description: Target directory for the vendir process, defaults to "." 28 | required: false 29 | default: "." 30 | runs: 31 | using: 'node16' 32 | main: 'index.js' 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Zendesk 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # action-vendir 2 | 3 | A GitHub action for executing vendir. Typical usage will be to 4 | * vendor copies of a third party repo's files and create a PR to the local repo 5 | or 6 | * vendor copies of a third party repo's files to use within another action 7 | 8 | ## Inputs 9 | 10 | * `token` - GitHub token to authenticate `git clone` requests. REQUIRED 11 | * `version` - Version of `vendir` to install. OPTIONAL, defaults to `latest` 12 | * `locked` - Whether or not vendir should be invoked with `--locked` option. 13 | OPTIONAL, defaults to "false" 14 | * `vendir_file` - File that defines dependencies. OPTIONAL, defaults to 15 | `vendir.yml` 16 | * `working_dir` - Working directory to switch to prior to installing and running vendir, defaults to "." 17 | * `target_dir` - Target directory for the vendir process, defaults to "." 18 | 19 | 20 | ## Output 21 | 22 | This Action has no outputs. 23 | 24 | ## Usage 25 | 26 | ### Print to STDOUT 27 | 28 | ```yaml 29 | steps: 30 | - id: action-vendir 31 | uses: zendesk/action-vendir@v2 32 | with: 33 | token: ${{ secrets.github_token }} 34 | ``` 35 | 36 | ### Use vendir lock file 37 | 38 | ```yaml 39 | steps: 40 | - id: action-vendir 41 | uses: zendesk/action-vendir@v1 42 | with: 43 | token: ${{ secrets.github_token }} 44 | locked: true 45 | ``` 46 | 47 | ### Use a file other than `vendir.yml` 48 | 49 | ```yaml 50 | steps: 51 | - id: action-vendir 52 | uses: zendesk/action-vendir@v1 53 | with: 54 | token: ${{ secrets.github_token }} 55 | vendir_file: some_other_file.yml 56 | ``` -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | const core = require('@actions/core') 2 | const io = require('@actions/io') 3 | const { exec } = require('@actions/exec') 4 | const { https } = require('follow-redirects'); 5 | const path = require('path') 6 | 7 | const fetchReleases = async () => { 8 | const version = core.getInput('version') 9 | const versionPath = version == 'latest' ? 'latest' : `tags/${version}` 10 | const url = `https://api.github.com/repos/carvel-dev/vendir/releases/${versionPath}` 11 | core.info(`version path = ${versionPath}`) 12 | core.info(`URL = ${url}`) 13 | core.info(`Fetching Vendir release from ${url}`) 14 | 15 | let release 16 | 17 | try { 18 | release = JSON.parse(await get(url)) 19 | } catch (error) { 20 | core.setFailed( 21 | `Failed to fetch releases from GitHub API, providing a token may help.\nError: ${error}` 22 | ) 23 | return 24 | } 25 | 26 | const vendirAsset = release.assets.find(asset => 27 | asset.name == 'vendir-linux-amd64' 28 | ) 29 | 30 | return vendirAsset.browser_download_url 31 | } 32 | 33 | const get = url => { 34 | return new Promise((resolve, reject) => { 35 | const headers = { 36 | 'User-Agent': 'action-vendir Github action', 37 | } 38 | 39 | const token = core.getInput('token') 40 | 41 | if (token) { 42 | headers['Authorization'] = `token ${token}` 43 | } 44 | 45 | const request = https.get(url, { headers }) 46 | 47 | request.on('response', res => { 48 | let data = '' 49 | 50 | res.on('data', chunk => { 51 | data += chunk 52 | }) 53 | 54 | res.on('end', () => { 55 | if (res.statusCode == 200) { 56 | resolve(data) 57 | } else { 58 | reject(data) 59 | } 60 | }) 61 | }) 62 | 63 | request.on('error', err => { 64 | reject(err) 65 | }) 66 | }) 67 | } 68 | 69 | const run = async () => { 70 | const token = core.getInput('token') 71 | const locked = core.getInput('locked') 72 | const vendirFile = core.getInput('vendir_file') 73 | const workingDir = core.getInput('working_dir') 74 | const targetDir = core.getInput('target_dir') 75 | 76 | try { 77 | const url = await fetchReleases() 78 | const executableArgs = [url, token, locked, vendirFile, workingDir, targetDir] 79 | await exec(path.join(__dirname, 'execute-vendir.sh'), executableArgs) 80 | } catch (error) { 81 | core.setFailed(`Action failed with error: ${error}`) 82 | } 83 | } 84 | 85 | run() 86 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: Test 2 | 3 | on: push 4 | 5 | jobs: 6 | test: 7 | name: test 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: zendesk/checkout@v3 11 | - name: create vendir.yml 12 | run: | 13 | cat >vendir.yml <vendir.yml <vendir.yml <