feat: Introduce raft backend for webauthn #294
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Propose PR to the `openstack` repo | |
| on: | |
| pull_request: | |
| types: ["closed"] | |
| permissions: | |
| contents: read | |
| jobs: | |
| propose-osc-pr: | |
| if: "github.event.pull_request.merged == true && github.event.pull_request.user.login != 'dependabot[bot]'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout source repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 # get all commits | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # stable | |
| with: | |
| toolchain: stable | |
| - name: Get the codegenerator | |
| run: git clone https://opendev.org/openstack/codegenerator | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 | |
| with: | |
| working-directory: codegenerator | |
| - name: Prepare the work dir | |
| run: mkdir -p codegenerator/wrk/openapi_specs/identity | |
| - name: Generate OpenAPI | |
| run: cargo run --bin keystone -- --dump-openapi yaml > codegenerator/wrk/openapi_specs/identity/keystone_rust.yaml | |
| - name: Install the codegenerator | |
| working-directory: codegenerator | |
| run: uv sync | |
| - name: Generate the code | |
| working-directory: codegenerator | |
| run: | | |
| for resource in "federation/identity_provider" "federation/mapping" "user/passkey"; do | |
| uv run openstack-codegenerator --work-dir wrk --target rust-sdk --metadata metadata/identity_metadata.yaml --service identity --resource ${resource} | |
| uv run openstack-codegenerator --work-dir wrk --target rust-types --metadata metadata/identity_metadata.yaml --service identity --resource ${resource} | |
| uv run openstack-codegenerator --work-dir wrk --target rust-cli --metadata metadata/identity_metadata.yaml --service identity --resource ${resource} | |
| uv run openstack-codegenerator --work-dir wrk --target rust-tui --metadata metadata/identity_metadata.yaml --service identity --resource ${resource} | |
| done; | |
| - name: Set PR variables | |
| id: vars | |
| run: | | |
| echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT | |
| echo "branch_name=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT | |
| echo "merge_sha=${{ github.event.pull_request.merge_commit_sha }}" >> $GITHUB_OUTPUT | |
| - name: Resolve best commit message for the merged PR | |
| id: commit | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| PR_NUMBER: ${{ steps.vars.outputs.pr_number }} | |
| REPO: ${{ github.repository }} | |
| MERGE_SHA: ${{ steps.vars.outputs.merge_sha }} | |
| run: | | |
| set -euo pipefail | |
| # helper to emit multi-line output | |
| set_output() { | |
| echo "commit_message<<EOF" >> $GITHUB_OUTPUT | |
| printf "%s\n" "$1" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| } | |
| COMMIT_MSG="" | |
| # 1) If merge_commit_sha exists, try to fetch that commit (works for merge & squash) | |
| if [ -n "$MERGE_SHA" ] && [ "$MERGE_SHA" != "null" ]; then | |
| echo "Attempting to fetch merge commit message for SHA: $MERGE_SHA" | |
| RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ | |
| "https://api.github.com/repos/$REPO/commits/$MERGE_SHA") | |
| COMMIT_MSG=$(echo "$RESP" | jq -r '.commit.message // empty' | sed 's/\r$//') | |
| fi | |
| # 2) Fallback: collect all commits on the PR and join their messages | |
| if [ -z "$COMMIT_MSG" ]; then | |
| echo "Falling back to collecting PR commits..." | |
| RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ | |
| "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/commits") | |
| COMMIT_MSG=$(echo "$RESP" | jq -r 'map(.commit.message) | join("\n\n---\n\n")' | sed 's/\r$//') | |
| fi | |
| # 3) Fallback: use PR title and body | |
| if [ -z "$COMMIT_MSG" ]; then | |
| echo "Falling back to PR title/body..." | |
| RESP=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ | |
| "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER") | |
| TITLE=$(echo "$RESP" | jq -r '.title // empty') BODY=$(echo "$RESP" | jq -r '.body // empty') | |
| if [ -n "$TITLE" ] || [ -n "$BODY" ]; then | |
| COMMIT_MSG="$TITLE"$'\n\n'"$BODY" | |
| fi | |
| fi | |
| # 4) Final fallback | |
| if [ -z "$COMMIT_MSG" ]; then | |
| COMMIT_MSG="Automated update from source repo (PR #$PR_NUMBER)" | |
| fi | |
| set_output "$COMMIT_MSG" | |
| - name: Clone target repository | |
| run: | | |
| git clone https://x-access-token:${{ secrets.OPENSTACK_REPO_TOKEN }}@github.com/gtema/openstack.git target-repo | |
| cd target-repo | |
| git checkout -b "ks_${{ steps.vars.outputs.branch_name }}" || git checkout "ks_${{ steps.vars.outputs.branch_name }}" | |
| - name: Copy files to target repo | |
| run: | | |
| cp -R ./codegenerator/wrk/rust/* ./target-repo/ | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libudev-dev | |
| - name: Try to compile the target repo | |
| working-directory: target-repo | |
| run: | | |
| cargo clippy --fix --allow-dirty --all-features | |
| cargo b --all-features | |
| - name: Commit files | |
| id: sync | |
| run: | | |
| cd target-repo | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| if git diff --quiet; then | |
| echo "No changes detected — skipping commit and PR creation." | |
| echo "no_changes=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| git add . | |
| git commit -m "${{ steps.commit.outputs.commit_message }}" || echo "No changes to commit" | |
| git push origin "ks_${{ steps.vars.outputs.branch_name }}" | |
| echo "no_changes=false" >> $GITHUB_OUTPUT | |
| - name: Create PR in target repo | |
| env: | |
| GH_TOKEN: ${{ secrets.OPENSTACK_REPO_TOKEN }} | |
| if: steps.sync.outputs.no_changes == 'false' | |
| run: | | |
| gh pr create \ | |
| --repo gtema/openstack \ | |
| --head "ks_${{ steps.vars.outputs.branch_name }}" \ | |
| --base main \ | |
| --title "${{ steps.commit.outputs.commit_message }}" \ | |
| --body "Automated PR created after merging '${{ steps.vars.outputs.branch_name }}' in the gtema/keystone repo." |