charts/.github/workflows/invoke-push.yaml at master · G-Research/charts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: Invoke Push

on:
  workflow_call:
    secrets:
      APP_ID:
        description: 'The ID of the GitHub App that can trigger a workflow on this repo'
        required: true
      APP_PRIVATE_KEY:
        description: 'The private key of the GitHub App that can trigger a workflow on this repo'
        required: true

jobs:
  invoke-push:
    runs-on: ubuntu-latest
    environment: invoke-push
    steps:
      - name: Checkout self
        uses: actions/checkout@v4
        with:
          repository: G-Research/charts
          path: charts
          ref: master
      - run: npm i octokit @octokit/core
      - name: Trigger push workflow
        uses: actions/github-script@v7
        env:
          APP_ID: ${{ secrets.APP_ID }}
          APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
        with:
          script: |
            const generateToken = require('./charts/.github/workflows/scripts/token.js')
            const workflow = require('./charts/.github/workflows/scripts/workflow.js')
            const tokenPermissions = { actions: "write" } // required
            try {
              const token = await generateToken({ core, fetch }, 'G-Research','charts', tokenPermissions )
              return await workflow({ core, context, fetch }, token )
            } catch (error) {
              core.notice(`Permission: ${JSON.stringify(tokenPermissions)}`)
              return core.setFailed(`Unable to trigger workflow G-Research/charts, please check token permissions.\n${error}`)
            }