CI: digest-bump pushes a branch for manual PR (no broad token needed)
This commit is contained in:
@@ -47,9 +47,16 @@ git config user.email "ci@bztmon.com"
|
|||||||
git commit -am "bztmon-site: deploy ${TAG}"
|
git commit -am "bztmon-site: deploy ${TAG}"
|
||||||
git push origin "${BRANCH}"
|
git push origin "${BRANCH}"
|
||||||
|
|
||||||
# --- Open the PR (never auto-merge) ----------------------------------------
|
# --- PR (never auto-merge) -------------------------------------------------
|
||||||
|
# Default (least-privilege): just push the branch — Jonathon opens+merges the PR (the approval
|
||||||
|
# gate + the ArgoCD trigger). Only auto-open a PR if a GITEA_TOKEN is provided.
|
||||||
|
if [[ -n "${GITEA_TOKEN:-}" ]]; then
|
||||||
curl -fsSL -X POST "${GITEA_API}/repos/jwrong96/home-ops/pulls" \
|
curl -fsSL -X POST "${GITEA_API}/repos/jwrong96/home-ops/pulls" \
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-d "{\"head\":\"${BRANCH}\",\"base\":\"main\",\"title\":\"bztmon-site: deploy ${TAG}\",\"body\":\"Automated digest bump.\\n\\nImage: \`${REF}\`\\n\\nMerge to roll out via ArgoCD.\"}"
|
-d "{\"head\":\"${BRANCH}\",\"base\":\"main\",\"title\":\"bztmon-site: deploy ${TAG}\",\"body\":\"Automated digest bump.\\n\\nImage: \`${REF}\`\\n\\nMerge to roll out via ArgoCD.\"}"
|
||||||
echo ">> PR opened for ${BRANCH}"
|
echo ">> PR opened for ${BRANCH}"
|
||||||
|
else
|
||||||
|
echo ">> branch ${BRANCH} pushed (image ${REF})."
|
||||||
|
echo ">> open the PR to roll out: https://gitea.bztmon.org/jwrong96/home-ops/compare/main...${BRANCH}"
|
||||||
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user