Merge pull request #118 from peter-evans/dev

Assume python3 on PATH when running in a container

README.md

@@ -18,7 +18,7 @@ Create Pull Request action will:
 
 ## Documentation
 
-- [Concepts and guidelines](docs/concepts-guidelines.md)
+- [Concepts, guidelines and advanced usage](docs/concepts-guidelines.md)
 - [Examples](docs/examples.md)
 - [Updating from v1](docs/updating.md)
 
@@ -37,8 +37,7 @@ You can also pin to a [specific release](https://github.com/peter-evans/create-p
 
 With the exception of `token`, all inputs are **optional**. If not set, sensible default values will be used.
 
-**Note**: If you want pull requests created by this action to trigger an `on: pull_request` workflow then you must use a [Personal Access Token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) instead of the default `GITHUB_TOKEN`.
-See [this issue](https://github.com/peter-evans/create-pull-request/issues/48) for further details.
+**Note**: If you want pull requests created by this action to trigger an `on: push` or `on: pull_request` workflow then you must use a [Personal Access Token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) instead of the default `GITHUB_TOKEN`. Alternatively, allow the action to [push using SSH](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-using-ssh-deploy-keys) by configuring a deploy key.
 
 | Name | Description | Default |
 | --- | --- | --- |
@@ -88,21 +87,6 @@ If there is some reason you need to use `actions/checkout@v1` the following step
       - run: git checkout "${GITHUB_REF:11}"
 ```
 
-Checking out a branch from a different repository from where the workflow is executing will make *that repository* the target for the created pull request. In this case, a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) is required.
-
-```yml
-      - uses: actions/checkout@v2
-        with:
-          token: ${{ secrets.PAT }}
-          repository: owner/repo
-
-      # Create changes to pull request here
-
-      - uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.PAT }}
-```
-
 ### Branch naming
 
 For branch naming there are two strategies. Create a fixed-name pull request branch that will be updated with new changes until it is merged or closed, OR, always create a new unique branch each time there are changes to be committed.

dist/index.js

@@ -1001,37 +1001,38 @@ module.exports = require("os");
 /***/ (function(__unusedmodule, __unusedexports, __webpack_require__) {
 
 const { inspect } = __webpack_require__(669);
-const fs = __webpack_require__(747);
+const isDocker = __webpack_require__(160);
 const core = __webpack_require__(470);
 const exec = __webpack_require__(986);
 const setupPython = __webpack_require__(139);
 
-function fileExists(path) {
-  try {
-    return fs.statSync(path).isFile();
-  } catch (e) {
-    core.debug(`e: ${inspect(e)}`);
-    return false;
-  }
-}
-
 async function run() {
   try {
     // Allows ncc to find assets to be included in the distribution
     const src = __webpack_require__.ab + "src";
     core.debug(`src: ${src}`);
 
-    // Check if the platfrom is Alpine Linux
-    const alpineLinux = fileExists("/etc/alpine-release");
-    core.debug(`alpineLinux: ${alpineLinux}`);
-
-    // Skip Python setup if the platform is Alpine Linux
-    if (!alpineLinux)
+    // Determine how to access python and pip
+    const { pip, python } = (function() {
+      if (isDocker()) {
+        core.info("Running inside a Docker container");
+        // Python 3 assumed to be installed and on the PATH
+        return {
+          pip: "pip3",
+          python: "python3"
+        };
+      } else {
         // Setup Python from the tool cache
-      setupPython("3.8.x", "x64");
+        setupPython("3.x", "x64");
+        return {
+          pip: "pip",
+          python: "python"
+        };
+      }
+    })();
 
     // Install requirements
-    await exec.exec("pip", [
+    await exec.exec(pip, [
       "install",
       "--requirement",
       `${src}/requirements.txt`,
@@ -1057,7 +1058,7 @@ async function run() {
       projectColumn: core.getInput("project-column"),
       branch: core.getInput("branch"),
       base: core.getInput("base"),
-      branchSuffix: core.getInput("branch-suffix"),
+      branchSuffix: core.getInput("branch-suffix")
     };
     core.debug(`Inputs: ${inspect(inputs)}`);
 
@@ -1081,7 +1082,7 @@ async function run() {
     if (inputs.branchSuffix) process.env.CPR_BRANCH_SUFFIX = inputs.branchSuffix;
 
     // Execute python script
-    await exec.exec("python", [`${src}/create_pull_request.py`]);
+    await exec.exec(python, [`${src}/create_pull_request.py`]);
   } catch (error) {
     core.setFailed(error.message);
   }
@@ -1411,6 +1412,43 @@ if (process.env.NODE_DEBUG && /\btunnel\b/.test(process.env.NODE_DEBUG)) {
 exports.debug = debug; // for test
 
 
+/***/ }),
+
+/***/ 160:
+/***/ (function(module, __unusedexports, __webpack_require__) {
+
+"use strict";
+
+const fs = __webpack_require__(747);
+
+let isDocker;
+
+function hasDockerEnv() {
+	try {
+		fs.statSync('/.dockerenv');
+		return true;
+	} catch (_) {
+		return false;
+	}
+}
+
+function hasDockerCGroup() {
+	try {
+		return fs.readFileSync('/proc/self/cgroup', 'utf8').includes('docker');
+	} catch (_) {
+		return false;
+	}
+}
+
+module.exports = () => {
+	if (isDocker === undefined) {
+		isDocker = hasDockerEnv() || hasDockerCGroup();
+	}
+
+	return isDocker;
+};
+
+
 /***/ }),
 
 /***/ 211:

dist/src/requirements.txt

@@ -1,2 +1,2 @@
 GitPython==3.0.7
-PyGithub==1.45
+PyGithub==1.46

docs/concepts-guidelines.md

@@ -1,6 +1,6 @@
-# Concepts and guidelines
+# Concepts, guidelines and advanced usage
 
-This document covers terminology, how the action works, and general usage guidelines.
+This document covers terminology, how the action works, general usage guidelines, and advanced usage.
 
 - [Terminology](#terminology)
 - [Events and checkout](#events-and-checkout)
@@ -9,8 +9,12 @@ This document covers terminology, how the action works, and general usage guidel
   - [Providing a consistent base](#providing-a-consistent-base)
   - [Pull request events](#pull-request-events)
   - [Restrictions on forked repositories](#restrictions-on-forked-repositories)
-  - [Tag push events](#tag-push-events)
   - [Security](#security)
+- [Advanced usage](#advanced-usage)
+  - [Creating pull requests in a remote repository](#creating-pull-requests-in-a-remote-repository)
+  - [Push using SSH (deploy keys)](#push-using-ssh-deploy-keys)
+  - [Using in an alpine linux container](#using-in-an-alpine-linux-container)
+  - [Creating pull requests on tag push](#creating-pull-requests-on-tag-push)
 
 ## Terminology
 
@@ -108,7 +112,104 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
 
-### Tag push events
+### Security
+
+From a security perspective it's good practice to fork third-party actions, review the code, and use your fork of the action in workflows.
+By using third-party actions directly the risk exists that it could be modified to do something malicious, such as capturing secrets.
+
+This action uses [ncc](https://github.com/zeit/ncc) to compile the Node.js code and dependencies into a single file.
+Python dependencies are vendored and committed to the repository [here](https://github.com/peter-evans/create-pull-request/tree/master/dist/vendor).
+No dependencies are downloaded during the action execution.
+
+Vendored Python dependencies can be reviewed by rebuilding the [dist](https://github.com/peter-evans/create-pull-request/tree/master/dist) directory and redownloading dependencies.
+The following commands require Node and Python 3.
+
+```
+npm install
+npm run clean
+npm run package
+```
+
+The `dist` directory should be rebuilt leaving no git diff.
+
+## Advanced usage
+
+### Creating pull requests in a remote repository
+
+Checking out a branch from a different repository from where the workflow is executing will make *that repository* the target for the created pull request. In this case, a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) is required.
+
+```yml
+      - uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.PAT }}
+          repository: owner/repo
+
+      # Make changes to pull request here
+
+      - uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.PAT }}
+```
+
+### Push using SSH (deploy keys)
+
+[Deploy keys](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys) can be set per repository and so are arguably more secure than using a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
+Allowing the action to push with a configured deploy key will trigger `on: push` workflows. This makes it an alternative to using a PAT to trigger checks for pull requests.
+
+How to use SSH (deploy keys) with create-pull-request action:
+
+1. [Create an new SSH key pair](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) for your repository. Do not set a passphrase.
+2. Copy the contents of the public key (.pub file) to a new repository [deploy key](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys) and check the box to "Allow write access."
+3. Add a secret to the repository containing the entire contents of the private key.
+4. As shown in the example steps below, use the [`webfactory/ssh-agent`](https://github.com/webfactory/ssh-agent) action to install the private key and clone your repository. Remember to checkout the `base` of your pull request if it's not the default branch, e.g. `git checkout my-branch`.
+
+```yml
+    steps:
+      - uses: webfactory/ssh-agent@v0.2.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Checkout via SSH
+        run: git clone git@github.com:peter-evans/create-pull-request.git .
+
+      # Make changes to pull request here
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### Using in an alpine linux container
+
+This action can be run inside an Alpine Linux container by pre-installing the correct binaries for the action's dependencies.
+
+The following example workflow installs git and Python dependencies at the start of the job. You can also bake these dependencies into your own Alpine Docker image if you prefer. Note that git must be installed *before* running `actions/checkout`, otherwise it will just download the source of the repository instead of cloning it.
+
+```yml
+jobs:
+  createPullRequestAlpine:
+    runs-on: ubuntu-latest
+    container:
+      image: alpine
+    steps:
+      - name: Install dependencies
+        run: |
+          apk --no-cache add git python3
+          ln -sf python3 /usr/bin/python
+          ln -sf pip3 /usr/bin/pip
+
+      - uses: actions/checkout@v2
+
+      # Make changes to pull request here
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### Creating pull requests on tag push
 
 An `on: push` workflow will also trigger when tags are pushed.
 During these events, the `actions/checkout` action will check out the `ref/tags/<tag>` git ref by default.
@@ -134,8 +235,7 @@ jobs:
           git checkout -b temp-${GITHUB_REF:10}
           git push --set-upstream origin temp-${GITHUB_REF:10}
 
-      - name: Create changes to pull request
-        run: <create changes here>
+      # Make changes to pull request here
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
@@ -164,31 +264,10 @@ jobs:
         with:
           ref: master
 
-      - name: Create changes to pull request
-        run: <create changes here>
+      # Make changes to pull request here
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 ```
-
-### Security
-
-From a security perspective it's good practice to fork third-party actions, review the code, and use your fork of the action in workflows.
-By using third-party actions directly the risk exists that it could be modified to do something malicious, such as capturing secrets.
-
-This action uses [ncc](https://github.com/zeit/ncc) to compile the Node.js code and dependencies into a single file.
-Python dependencies are vendored and committed to the repository [here](https://github.com/peter-evans/create-pull-request/tree/master/dist/vendor).
-No dependencies are downloaded during the action execution.
-
-Vendored Python dependencies can be reviewed by rebuilding the [dist](https://github.com/peter-evans/create-pull-request/tree/master/dist) directory and redownloading dependencies.
-The following commands require Node and Python 3.
-
-```
-npm install
-npm run clean
-npm run package
-```
-
-The `dist` directory should be rebuilt leaving no git diff.

docs/examples.md

@@ -2,6 +2,7 @@
 
 - [Use case: Create a pull request to update X on push](#use-case-create-a-pull-request-to-update-x-on-push)
   - [Update project authors](#update-project-authors)
+  - [Keep a branch up-to-date with another](#keep-a-branch-up-to-date-with-another)
 - [Use case: Create a pull request to update X periodically](#use-case-create-a-pull-request-to-update-x-periodically)
   - [Update NPM dependencies](#update-npm-dependencies)
   - [Update SwaggerUI for GitHub Pages](#update-swaggerui-for-github-pages)
@@ -51,6 +52,36 @@ jobs:
           branch: update-authors
 ```
 
+### Keep a branch up-to-date with another
+
+This is a use case where a branch should be kept up to date with another by opening a pull request to update it. The pull request should then be updated with new changes until it is merged or closed.
+
+In this example scenario, a branch called `production` should be updated via pull request to keep it in sync with `master`. Merging the pull request is effectively promoting those changes to production.
+
+```yml
+name: Create production promotion pull request
+on:
+  push:
+    branches:
+      - master
+jobs:
+  productionPromotion:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: production
+      - name: Reset promotion branch
+        run: |
+          git fetch origin master:master
+          git reset --hard master
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: production-promotion
+```
+
 ## Use case: Create a pull request to update X periodically
 
 This pattern will work well for updating any kind of static content from an external source. The workflow executes on a schedule and raises a pull request when there are changes.

index.js

@@ -1,35 +1,36 @@
 const { inspect } = require("util");
-const fs = require("fs");
+const isDocker = require("is-docker");
 const core = require("@actions/core");
 const exec = require("@actions/exec");
 const setupPython = require("./src/setup-python");
 
-function fileExists(path) {
-  try {
-    return fs.statSync(path).isFile();
-  } catch (e) {
-    core.debug(`e: ${inspect(e)}`);
-    return false;
-  }
-}
-
 async function run() {
   try {
     // Allows ncc to find assets to be included in the distribution
     const src = __dirname + "/src";
     core.debug(`src: ${src}`);
 
-    // Check if the platfrom is Alpine Linux
-    const alpineLinux = fileExists("/etc/alpine-release");
-    core.debug(`alpineLinux: ${alpineLinux}`);
-
-    // Skip Python setup if the platform is Alpine Linux
-    if (!alpineLinux)
+    // Determine how to access python and pip
+    const { pip, python } = (function() {
+      if (isDocker()) {
+        core.info("Running inside a Docker container");
+        // Python 3 assumed to be installed and on the PATH
+        return {
+          pip: "pip3",
+          python: "python3"
+        };
+      } else {
         // Setup Python from the tool cache
-      setupPython("3.8.x", "x64");
+        setupPython("3.x", "x64");
+        return {
+          pip: "pip",
+          python: "python"
+        };
+      }
+    })();
 
     // Install requirements
-    await exec.exec("pip", [
+    await exec.exec(pip, [
       "install",
       "--requirement",
       `${src}/requirements.txt`,
@@ -55,7 +56,7 @@ async function run() {
       projectColumn: core.getInput("project-column"),
       branch: core.getInput("branch"),
       base: core.getInput("base"),
-      branchSuffix: core.getInput("branch-suffix"),
+      branchSuffix: core.getInput("branch-suffix")
     };
     core.debug(`Inputs: ${inspect(inputs)}`);
 
@@ -79,7 +80,7 @@ async function run() {
     if (inputs.branchSuffix) process.env.CPR_BRANCH_SUFFIX = inputs.branchSuffix;
 
     // Execute python script
-    await exec.exec("python", [`${src}/create_pull_request.py`]);
+    await exec.exec(python, [`${src}/create_pull_request.py`]);
   } catch (error) {
     core.setFailed(error.message);
   }

package-lock.json

@@ -36,11 +36,16 @@
       }
     },
     "@zeit/ncc": {
-      "version": "0.21.0",
-      "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.21.0.tgz",
-      "integrity": "sha512-RUMdvVK/w78oo+yBjruZltt0kJXYar2un/1bYQ2LuHG7GmFVm+QjxzEmySwREctaJdEnBvlMdUNWd9hXHxEI3g==",
+      "version": "0.21.1",
+      "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.21.1.tgz",
+      "integrity": "sha512-M9WzgquSOt2nsjRkYM9LRylBLmmlwNCwYbm3Up3PDEshfvdmIfqpFNSK8EJvR18NwZjGHE5z2avlDtYQx2JQnw==",
       "dev": true
     },
+    "is-docker": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.0.0.tgz",
+      "integrity": "sha512-pJEdRugimx4fBMra5z2/5iRdZ63OhYV0vr0Dwm5+xtW4D1FvRkB8hamMIhnWfyJeDdyr/aa7BDyNbtG38VxgoQ=="
+    },
     "qs": {
       "version": "6.9.1",
       "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.1.tgz",

package.json

@@ -23,9 +23,10 @@
   "dependencies": {
     "@actions/core": "^1.1.1",
     "@actions/exec": "^1.0.1",
-    "@actions/tool-cache": "^1.1.2"
+    "@actions/tool-cache": "^1.1.2",
+    "is-docker": "^2.0.0"
   },
   "devDependencies": {
-    "@zeit/ncc": "0.21.0"
+    "@zeit/ncc": "0.21.1"
   }
 }

src/requirements.txt

@@ -1,2 +1,2 @@
 GitPython==3.0.7
-PyGithub==1.45
+PyGithub==1.46