nsjail/.github/workflows/sync-fork.yml at master · codize-dev/nsjail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: Sync Fork

on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:

permissions: {}

concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true

jobs:
  sync:
    name: Sync fork with upstream
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false
      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        id: app-token
        with:
          client-id: ${{ vars.SYNCER_APP_ID }}
          private-key: ${{ secrets.SYNCER_APP_PRIVATE_KEY }}
          permission-contents: write

      - name: Pull upstream changes
        env:
          APP_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git remote add upstream https://github.com/google/nsjail.git
          git pull --no-rebase upstream master
          git push "https://x-access-token:${APP_TOKEN}@github.com/${{ github.repository }}.git" master