Commit Built File Changes (PRs) #71

Workflow file for this run

.github/workflows/commit-built-file-changes.yml at 5f7df02

	# Commits all missed changes to built files back to pull request branches.
	name: Commit Built File Changes (PRs)

	on:
	workflow_run:
	workflows: [ 'Check Built Files (PRs)' ]
	types:
	- completed

	# Cancels all previous workflow runs for pull requests that have not completed.
	concurrency:
	# The concurrency group contains the workflow name and the branch name for pull requests
	# or the commit hash for any other events.
	group: ${{ github.workflow }}-${{ github.event_name == 'workflow_run' && format( '{0}-{1}', github.event.workflow_run.head_branch, github.event.workflow_run.head_repository.name ) \|\| github.sha }}

	# Disable permissions for all available scopes by default.
	# Any needed permissions should be configured at the job level.
	permissions: {}

	jobs:
	# Checks a PR for uncommitted changes to built files.
	#
	# Performs the following steps:
	# - Attempts to download the artifact containing the PR diff.
	# - Checks for the existence of an artifact.
	# - Unzips the artifact.
	# - Generates a token for authenticating with the GitHub App.
	# - Checks out the repository.
	# - Applies the patch file.
	# - Displays the result of git diff.
	# - Configures the Git author.
	# - Stages changes.
	# - Commits changes.
	# - Pushes changes.
	update-built-files:
	name: Check and update built files
	runs-on: ubuntu-24.04
	if: ${{ github.repository == 'wordpress/wordpress-develop' }}
	timeout-minutes: 10
	permissions:
	contents: write
	steps:
	- name: Download artifact
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
	with:
	script: \|
	const artifacts = await github.rest.actions.listWorkflowRunArtifacts( {
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: process.env.RUN_ID,
	} );

	const matchArtifact = artifacts.data.artifacts.filter( ( artifact ) => {
	return artifact.name === 'pr-built-file-changes'
	} )[0];

	if ( ! matchArtifact ) {
	core.info( 'No artifact found!' );
	return;
	}

	const download = await github.rest.actions.downloadArtifact( {
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	} );

	const fs = require( 'fs' );
	fs.writeFileSync( '${{ github.workspace }}/pr-built-file-changes.zip', Buffer.from( download.data ) )
	env:
	RUN_ID: ${{ github.event.workflow_run.id }}

	- name: Check for artifact
	id: artifact-check
	run: \|
	if [ -f "pr-built-file-changes.zip" ]; then
	echo "exists=true" >> "$GITHUB_OUTPUT"
	else
	echo "exists=false" >> "$GITHUB_OUTPUT"
	fi

	- name: Unzip the artifact containing the PR data
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	run: unzip pr-built-file-changes.zip

	- name: Generate Installation Token
	id: generate_token
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	env:
	GH_APP_ID: ${{ secrets.GH_PR_BUILT_FILES_APP_ID }}
	GH_APP_PRIVATE_KEY: ${{ secrets.GH_PR_BUILT_FILES_PRIVATE_KEY }}
	run: \|
	echo "$GH_APP_PRIVATE_KEY" > private-key.pem

	# Generate JWT
	JWT=$(python3 - <<EOF
	import jwt, time
	private_key = open("private-key.pem", "r").read()
	payload = {
	"iat": int(time.time()),
	"exp": int(time.time()) + 600, # 10-minute expiration
	"iss": $GH_APP_ID
	}
	print(jwt.encode(payload, private_key, algorithm="RS256"))
	EOF
	)

	# Get Installation ID
	INSTALLATION_ID=$(curl -s -X GET -H "Authorization: Bearer $JWT" \
	-H "Accept: application/vnd.github.v3+json" \
	https://api.github.com/app/installations \| jq -r '.[0].id')

	# Request Installation Access Token
	ACCESS_TOKEN=$(curl -s -X POST -H "Authorization: Bearer $JWT" \
	-H "Accept: application/vnd.github.v3+json" \
	"https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens" \| jq -r '.token')

	echo "ACCESS_TOKEN=$ACCESS_TOKEN" >> "$GITHUB_ENV"

	rm -f private-key.pem

	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	with:
	repository: ${{ github.event.workflow_run.head_repository.full_name }}
	ref: ${{ github.event.workflow_run.head_branch }}
	path: 'pr-repo'
	show-progress: ${{ runner.debug == '1' && 'true' \|\| 'false' }}
	token: ${{ env.ACCESS_TOKEN }}

	- name: Apply patch
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	run: git apply ${{ github.workspace }}/changes.diff

	- name: Display changes to versioned files
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	run: git diff

	- name: Configure git user name and email
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	env:
	GH_APP_ID: ${{ secrets.GH_PR_BUILT_FILES_APP_ID }}
	run: \|
	git config user.name "wordpress-develop-pr-bot[bot]"
	git config user.email ${{ env.GH_APP_ID }}+wordpress-develop-pr-bot[bot]@users.noreply.github.com

	- name: Stage changes
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	run: git add .

	- name: Commit changes
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	run: \|
	git commit -m "Automation: Updating built files with changes. [dependabot skip]"

	- name: Push changes
	if: ${{ steps.artifact-check.outputs.exists == 'true' }}
	working-directory: 'pr-repo'
	run: git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit Built File Changes (PRs) #71

Workflow file

Commit Built File Changes (PRs) #71

Uh oh!

Jobs

Run details

Workflow file for this run