#debug: testing skip validations #29
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Signed Commit | |
| on: | |
| push: | |
| branches: | |
| - ROU-12531-fix-3 | |
| jobs: | |
| test-signed-commit: | |
| name: 🔏 Test Signed Commit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: 📂 Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: 🔐 Azure login | |
| #uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-login@9d497d1c5bc6e355aa8f4663539e6b75c212f6b4 #v2.0.7 | |
| uses: ./.github/actions/az-login | |
| with: | |
| client-id: ${{ secrets.OSUI_AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.OSUI_AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.OSUI_AZURE_SUBSCRIPTION_ID }} | |
| - name: 🔑 Get GitHub Token | |
| id: get-github-token | |
| #uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-keyvault-get@9d497d1c5bc6e355aa8f4663539e6b75c212f6b4 #v2.0.7 | |
| uses: ./.github/actions/az-keyvault-get | |
| with: | |
| key-name: o11odc-github-gitpersonal-token-prd | |
| # Create a unique test branch name using the workflow run ID | |
| - name: 🔍 Determine branch name | |
| id: determine-branch | |
| run: | | |
| BRANCH_NAME="test-signed-commit-${{ github.run_id }}" | |
| echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT | |
| echo "Using branch: $BRANCH_NAME" | |
| # Checkout dev branch as the base for creating the test branch | |
| - name: 📂 Checkout dev | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: dev | |
| token: ${{ steps.get-github-token.outputs.az-keyvault-value }} | |
| # Create a new test branch from dev for testing signed commits. | |
| # Each workflow run creates a unique branch using the workflow run ID. | |
| - name: 🔄 Create test branch ${{ steps.determine-branch.outputs.branch-name }} | |
| run: | | |
| BRANCH_NAME="${{ steps.determine-branch.outputs.branch-name }}" | |
| echo "Creating new branch $BRANCH_NAME" | |
| git checkout -b $BRANCH_NAME | |
| git push -u origin $BRANCH_NAME | |
| env: | |
| GITHUB_TOKEN: ${{ steps.get-github-token.outputs.az-keyvault-value }} | |
| # Create a test file to commit | |
| - name: 📝 Create test file | |
| run: | | |
| echo "Test signed commit - $(date)" > test-signed-commit.txt | |
| echo "This file was created to test GPG signed commits in GitHub Actions." | |
| # 14 May 2025 - rug | |
| # Currently Azure Key Vault does not support multi-line secrets, so we are using a secret instead. | |
| # - name: Get GPG key from Azure Key Vault | |
| # id: GetGPGKey | |
| # uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-keyvault-get@9d497d1c5bc6e355aa8f4663539e6b75c212f6b4 #v2.0.7 | |
| # with: | |
| # key-name: o11odc-github-gpg-key-prd | |
| - name: 🔑 Get GPG Passphrase from Azure Key Vault | |
| id: GetGPGPassphrase | |
| #uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-keyvault-get@9d497d1c5bc6e355aa8f4663539e6b75c212f6b4 #v2.0.7 | |
| uses: ./.github/actions/az-keyvault-get | |
| with: | |
| key-name: o11odc-github-gpg-passphrase-prd | |
| # Test the signed commit action by committing the test file with GPG signing. | |
| # This verifies that the GPG key configuration and signing process works correctly. | |
| - name: 🔏 Test signed commit | |
| #uses: OutSystems/rd.github-reusable-workflows/.github/actions/signed-commit@9d497d1c5bc6e355aa8f4663539e6b75c212f6b4 #v2.0.7 | |
| uses: ./.github/actions/signed-commit | |
| with: | |
| commit-branch: ${{ steps.determine-branch.outputs.branch-name }} | |
| commit-message: 'Test: GPG signed commit [skip ci]' | |
| commit-new-files: true | |
| gpg-priv-key: ${{ secrets.GPG_SIGN_KEY }} | |
| # gpg-priv-key: ${{ steps.GetGPGKey.outputs.az-keyvault-value }} | |
| gpg-pass-phrase: ${{ steps.GetGPGPassphrase.outputs.az-keyvault-value }} | |
| # Checkout the branch again after the commit to ensure we're on the correct branch | |
| # with the committed changes when creating the PR. Pull the latest changes to ensure | |
| # the commit is present in the working directory. | |
| - name: 📂 Checkout branch with changes | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: ${{ steps.determine-branch.outputs.branch-name }} | |
| token: ${{ steps.get-github-token.outputs.az-keyvault-value }} | |
| fetch-depth: 0 | |
| # Create a pull request from the test branch into dev using GitHub CLI. | |
| # Since the commit is already pushed to the remote branch, we use gh pr create | |
| # instead of peter-evans/create-pull-request which expects uncommitted changes. | |
| # The PR is created as a draft and with a skip-ci label to prevent CI checks from running. | |
| - name: 🔀 Create pull request | |
| run: | | |
| PR_NUMBER=$(gh pr create \ | |
| --base dev \ | |
| --head ${{ steps.determine-branch.outputs.branch-name }} \ | |
| --title "Test: GPG Signed Commit [skip ci]" \ | |
| --body "$(cat <<EOF | |
| This PR tests the GPG signed commit functionality. | |
| **Changes:** | |
| - Created test file to verify GPG signing works correctly | |
| - Commit is signed with GPG key | |
| This PR was automatically created by the Test Signed Commit workflow. | |
| EOF | |
| )" \ | |
| --draft \ | |
| --json number --jq '.[0].number') | |
| # Add skip-ci label if it exists (will fail silently if label doesn't exist) | |
| gh pr edit $PR_NUMBER --add-label "skip-ci" 2>/dev/null || true | |
| env: | |
| GH_TOKEN: ${{ steps.get-github-token.outputs.az-keyvault-value }} |