Skip to content

Commit

Permalink
Implement KSM to pull a PAT for commits in format.yml (#2011)
Browse files Browse the repository at this point in the history
  • Loading branch information
nathanw-mlc authored Jan 2, 2025
1 parent 2fdb814 commit b9f22d6
Showing 1 changed file with 18 additions and 6 deletions.
24 changes: 18 additions & 6 deletions .github/workflows/format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: "Code formatting"
on:
push:
branches:
- "**"
- "**"

env:
python_version: "3.9"
Expand All @@ -12,16 +12,25 @@ jobs:
format-code:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Retrieve secrets from Keeper
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_CONFIG }}
secrets: |-
v2h4jKiZlJywDSoKzRMnRw/field/Access Token > env:PAT # Fetch PAT and store in environment variable
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ssh-key: ${{ secrets.DEPLOY_KEY }}

- name: Set up Python ${{ env.python_version }}
uses: actions/setup-python@v3
with:
python-version: ${{ env.python_version }}

- name: Format modified python files
- name: Format modified Python files
env:
filter: ${{ github.event.before }}
run: |
Expand Down Expand Up @@ -49,12 +58,15 @@ jobs:
done
- name: Commit and push changes
env:
PAT: ${{ env.PAT }} # Use PAT fetched from Keeper
run: |
HAS_CHANGES=$(git diff --staged --name-only)
if [ ${#HAS_CHANGES} -gt 0 ]; then
git config --global user.name mlcommons-bot
git config --global user.email "[email protected]"
# Commit changes
git commit -m '[Automated Commit] Format Codebase'
git push
fi
# Use the PAT to push changes
git push https://x-access-token:${PAT}@github.com/${{ github.repository }} HEAD:${{ github.ref_name }}
fi

0 comments on commit b9f22d6

Please sign in to comment.