Upstream-sync → protected master #790
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upstream-sync → protected master | |
| on: | |
| schedule: # run every night | |
| - cron: '7 2 * * *' | |
| workflow_dispatch: # (optional) manual trigger | |
| permissions: # minimum perms the job needs | |
| contents: write # push the sync branch | |
| pull-requests: write # open, approve & merge the PR | |
| concurrency: # never let two syncs race | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 1. full clone so we always have the latest tip | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # 2. fetch upstream & copy it to a side branch | |
| - name: Update upstream-sync branch | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Configure git identity | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Action" | |
| git remote add upstream https://github.com/openjdk/jdk17u-dev.git | |
| git fetch upstream master | |
| # Create sync branch from current master to preserve workflows | |
| git checkout -B upstream-sync origin/master | |
| # Merge upstream changes but keep our workflow files | |
| git merge upstream/master --no-edit --strategy-option=ours --allow-unrelated-histories || { | |
| # If merge fails, try a different approach | |
| git reset --hard origin/master | |
| git read-tree -m -u HEAD upstream/master | |
| # Restore our workflow files | |
| git checkout HEAD -- .github/workflows/ | |
| git add .github/workflows/ | |
| git commit -m "Preserve local workflow files during upstream sync" || true | |
| } | |
| git push -f origin upstream-sync | |
| # 3. Open or update the PR `upstream-sync -> master` | |
| - uses: peter-evans/create-pull-request@v7 | |
| id: cpr | |
| with: | |
| branch: upstream-sync | |
| base: master | |
| title: "Automated upstream merge" | |
| body: "Nightly sync of openjdk/jdk:master into this fork" | |
| # 4. Auto-approve that PR | |
| - if: steps.cpr.outputs.pull-request-operation != 'none' | |
| uses: hmarr/auto-approve-action@v4 | |
| with: | |
| pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} | |
| # 5. Enable auto-merge so GitHub merges as soon as | |
| # branch protection requirements are satisfied | |
| - if: steps.cpr.outputs.pull-request-operation == 'created' | |
| uses: peter-evans/enable-pull-request-automerge@v3 | |
| with: | |
| pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} | |
| merge-method: merge |