This repository consolidates the github actions used by the JupiterOne integration repositories.
- Create a workflow file inside the
/.githubin the repo you want to add the new action. - Add the action you want from this repo, e.g:
- name: Sample step
uses: JupiterOne/integration-github-actions/action-test@BRANCH-OR-TAGNote @BRANCH-OR-TAG can be optional, that's useful just for testing.
In order to create a new action, just create a new folder with the name of the action and inside of it, add action.yml describing the workflow.
If a script needs to be executed, add the script inside the src/ folder but in the workflow file, reference the transpiled file in the lib folder.
Just a github action that you can use to test in your repo. This action just say Hello. This is an example of how to implement an action using a .ts file.
- name: Test action-test
uses: JupiterOne/integration-github-actions/action-test@INT-6300
with:
who-to-greet: 'David'This GitHub Action can be added to graph-* repos to automatically create pull requests in the integration-deployments repository with the new version of the graph.
| Id | Description | Required |
|---|---|---|
| integrationName | Integration name as it appears in the integration-deployments repo | Yes |
| graphProjectName | The name of the graph project. Default: graph-${ integrationName }. |
No |
| version | New version of the graph npm package | No |
| releaseNotes | Release notes to include in pull request | No |
| githubToken | GITHUB_TOKEN or a repo scoped Personal Access Token (PAT). Default: github.token |
No |
| npmAuthToken | NPM_AUTH_TOKEN to install JupiterOne dependencies | Yes |
| mainBranch | Base branch to pull changes from integration-deployments. Default: main |
No |
| Id | Description |
|---|---|
| pull-request-url | URL of the created pull request |
- name: Bump integration deployment version
uses: JupiterOne/integration-github-actions/create-integration-deployment@v1.0.0
id: create-version-pr
with:
integrationName:
${{ steps.get-integration-name.outputs.integrationName }}
version: ${{ steps.get-version-number.outputs.versionNumber }}
githubToken: ${{ secrets.AUTO_GITHUB_PAT_TOKEN }}
npmAuthToken: ${{ secrets.NPM_AUTH_TOKEN }}
- name: Print URL
shell: bash
run: echo "${{ steps.create-version-pr.outputs.pull-request-url }}"The JupiterOne/integration-github-actions/create-integration-deployment action is often used in conjunction with the jupiterone/action-npm-build-releas action. These actions require a number of configurations to ensure they can succeed. These include:
- Access to the
NPM_AUTH_TOKENorg secret - Access to the
AUTO_GITHUB_PAT_TOKENorg secret - Permission for the
j1-internal-automationgithub user to override branch protection rules - Configured without any required status checks
If your workflows are failing, start by running the following queries in j1.apps.us.jupiterone.io to find out if your repository is misconfigured.
FIND
github_repo WITH name ^= 'graph-' AND archived != true as r
THAT !USES github_org_secret WITH name = 'NPM_AUTH_TOKEN'
RETURN r.name
ORDER BY r.name ASC
FIND
github_repo WITH name ^= 'graph-' AND archived != true as r
THAT !USES github_org_secret WITH name = 'AUTO_GITHUB_PAT_TOKEN'
RETURN r.name
ORDER BY r.name ASC
FIND
github_repo WITH name ^= 'graph-' AND archived != true as r
THAT !HAS >> github_branch_protection_rule
THAT OVERRIDES << github_user WITH name = 'j1-internal-automation'
RETURN r.name
ORDER BY r.name ASC
FIND
github_repo WITH name ^= 'graph-' AND archived != true as r
THAT HAS github_branch_protection_rule WITH requiredStatusChecks != undefined
RETURN r.name
ORDER BY r.name ASC