DDoS attack against anaconda.org #143
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Repository | |
on: | |
# every Sunday at 00:36 UTC | |
# https://crontab.guru/#36_2_*_*_0 | |
schedule: | |
- cron: 36 2 * * 0 | |
workflow_dispatch: | |
issue_comment: | |
types: | |
- created | |
jobs: | |
update: | |
if: >- | |
!github.event.repository.fork | |
&& ( | |
github.event_name == 'schedule' | |
|| github.event_name == 'workflow_dispatch' | |
|| ( | |
github.event_name == 'issue_comment' | |
&& github.event.issue.pull_request | |
&& ( | |
github.event.comment.body == '@conda-bot render' | |
|| github.event.comment.body == '@conda-bot recreate' | |
) | |
) | |
) | |
runs-on: ubuntu-latest | |
steps: | |
- if: github.event_name == 'issue_comment' | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
with: | |
comment-id: ${{ github.event.comment.id }} | |
reactions: eyes | |
reactions-edit-mode: replace | |
token: ${{ secrets.SYNC_TOKEN }} | |
- if: github.event.comment.body == '@conda-bot render' | |
name: Configure git origin | |
run: | | |
echo REPOSITORY=$(curl --silent ${{ github.event.issue.pull_request.url }} | jq --raw-output '.head.repo.full_name') >> $GITHUB_ENV | |
echo REF=$(curl --silent ${{ github.event.issue.pull_request.url }} | jq --raw-output '.head.ref') >> $GITHUB_ENV | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: ${{ env.REPOSITORY || github.repository }} | |
ref: ${{ env.REF || '' }} | |
token: ${{ secrets.SYNC_TOKEN }} | |
- name: Configure git user | |
run: | | |
git config --global user.name 'Conda Bot' | |
git config --global user.email '[email protected]' | |
- uses: conda/actions/combine-durations@6e72e0db87e72f0020e493aeb02f864363bd9258 # v24.11.1 | |
id: durations | |
continue-on-error: true | |
- uses: conda/actions/template-files@6e72e0db87e72f0020e493aeb02f864363bd9258 # v24.11.1 | |
id: templates | |
continue-on-error: true | |
- name: Commit changes | |
# no-op if there are no updates | |
continue-on-error: true | |
run: | | |
git add . | |
git commit --message "🤖 updated file(s)" | |
- if: github.event.comment.body != '@conda-bot render' | |
name: Create fork | |
# no-op if the repository is already forked | |
run: echo FORK=$(gh repo fork --clone=false --default-branch-only 2>&1 | awk '{print $1}') >> $GITHUB_ENV | |
env: | |
GH_TOKEN: ${{ secrets.SYNC_TOKEN }} | |
- if: github.event.comment.body != '@conda-bot render' | |
id: create | |
# no-op if no commits were made | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
with: | |
push-to-fork: ${{ env.FORK }} | |
token: ${{ secrets.SYNC_TOKEN }} | |
branch: update | |
delete-branch: true | |
title: 🤖 Update infrastructure file(s) | |
body: | | |
[update.yml]: ${{ github.server_url }}/${{ github.repository }}/blob/main/.github/workflows/update.yml | |
Your friendly repository updater. | |
${{ steps.durations.outputs.summary }} | |
${{ steps.templates.outputs.summary }} | |
This PR was triggered by @${{ github.triggering_actor }} via ${{ github.event_name }}. | |
<details> | |
<summary>Commands</summary> | |
Trigger actions by commenting on this PR: | |
- `@conda-bot render` will run rendering workflows and commit and push any changes to this PR | |
- `@conda-bot recreate` will recreate this PR, overwriting any edits that have been made to it | |
</details> | |
###### Auto-generated by the [`update.yml`][update.yml] workflow, see ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}. | |
- if: github.event.comment.body == '@conda-bot render' | |
id: update | |
name: Push changes | |
run: git push --force-with-lease | |
- if: always() && github.event_name == 'issue_comment' | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
with: | |
comment-id: ${{ github.event.comment.id }} | |
reactions: ${{ (steps.create.conclusion == 'success' || steps.update.conclusion == 'success') && 'hooray' || 'confused' }} | |
reactions-edit-mode: replace | |
token: ${{ secrets.SYNC_TOKEN }} |