CI: digest-bump pushes a branch for manual PR (no broad token needed)
This commit is contained in:
+10
-3
@@ -47,9 +47,16 @@ git config user.email "ci@bztmon.com"
|
||||
git commit -am "bztmon-site: deploy ${TAG}"
|
||||
git push origin "${BRANCH}"
|
||||
|
||||
# --- Open the PR (never auto-merge) ----------------------------------------
|
||||
curl -fsSL -X POST "${GITEA_API}/repos/jwrong96/home-ops/pulls" \
|
||||
# --- PR (never auto-merge) -------------------------------------------------
|
||||
# Default (least-privilege): just push the branch — Jonathon opens+merges the PR (the approval
|
||||
# gate + the ArgoCD trigger). Only auto-open a PR if a GITEA_TOKEN is provided.
|
||||
if [[ -n "${GITEA_TOKEN:-}" ]]; then
|
||||
curl -fsSL -X POST "${GITEA_API}/repos/jwrong96/home-ops/pulls" \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"head\":\"${BRANCH}\",\"base\":\"main\",\"title\":\"bztmon-site: deploy ${TAG}\",\"body\":\"Automated digest bump.\\n\\nImage: \`${REF}\`\\n\\nMerge to roll out via ArgoCD.\"}"
|
||||
echo ">> PR opened for ${BRANCH}"
|
||||
echo ">> PR opened for ${BRANCH}"
|
||||
else
|
||||
echo ">> branch ${BRANCH} pushed (image ${REF})."
|
||||
echo ">> open the PR to roll out: https://gitea.bztmon.org/jwrong96/home-ops/compare/main...${BRANCH}"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user