-
-
Notifications
You must be signed in to change notification settings - Fork 0
57 lines (52 loc) · 2.23 KB
/
Copy pathinstant-sync.yml
File metadata and controls
57 lines (52 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# SPDX-License-Identifier: MPL-2.0
# Instant Forge Sync - Triggers propagation to all forges on push/release
name: Instant Sync
on:
push:
branches: [main, master]
release:
types: [published]
permissions:
contents: read
jobs:
dispatch:
timeout-minutes: 10
runs-on: ubuntu-latest
# Map the secret to env so step `if:`s can gate on its presence: the
# `secrets` context is NOT available in `if:` (using it is an
# "Unrecognized named-value: 'secrets'" startup failure). `env` IS
# available in step `if:`, and secrets are valid in job-level `env`.
env:
FARM_DISPATCH_TOKEN: ${{ secrets.FARM_DISPATCH_TOKEN }}
steps:
# Gate the cross-repo repository_dispatch on FARM_DISPATCH_TOKEN
# being configured. Without the PAT, peter-evans/repository-dispatch
# falls back to GITHUB_TOKEN — which cannot dispatch cross-repo and
# returns HTTP 401 "Bad credentials", failing the job. Caught 39
# estate repos on the 2026-05-30 audit. With this gate the workflow
# gracefully skips on repos where the secret has not been
# propagated, instead of red-ing main on every push.
- name: Trigger Propagation
if: ${{ env.FARM_DISPATCH_TOKEN != '' }}
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3
with:
token: ${{ secrets.FARM_DISPATCH_TOKEN }}
repository: hyperpolymath/.git-private-farm
event-type: propagate
client-payload: |-
{
"repo": "${{ github.event.repository.name }}",
"ref": "${{ github.ref }}",
"sha": "${{ github.sha }}",
"forges": ""
}
- name: Skipped (FARM_DISPATCH_TOKEN not configured)
if: ${{ env.FARM_DISPATCH_TOKEN == '' }}
env:
REPO_NAME: ${{ github.event.repository.name }}
run: |
echo "::notice::FARM_DISPATCH_TOKEN secret not configured on ${REPO_NAME}; skipping cross-repo dispatch. Configure the org-level FARM_DISPATCH_TOKEN PAT (repo scope) to enable instant forge propagation."
- name: Confirm
env:
REPO_NAME: ${{ github.event.repository.name }}
run: echo "::notice::Propagation triggered for ${REPO_NAME}"