diff --git a/.github/workflows/github-ip-ranges.yaml b/.github/workflows/github-ip-ranges.yaml index 7ccbba4..caeb77b 100644 --- a/.github/workflows/github-ip-ranges.yaml +++ b/.github/workflows/github-ip-ranges.yaml @@ -1,9 +1,9 @@ name: Check Github IP Ranges on: - workflow_dispatch: - schedule: - - cron: "0 0 * * 0" # once a week + pull_request: + branches: + - main jobs: check: @@ -16,42 +16,11 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - - name: Generate GitHub IP Ranges - run: | - HOOKS=$(curl https://api.github.com/meta | jq -c .hooks) - if [[ "$HOOKS" != 'null' ]]; then - echo "locals {github_hooks_ip_ranges = $HOOKS}" > github-hooks-ip-ranges.tf - fi - - - name: Setup - uses: hashicorp/setup-terraform@v4 - - - name: Format - id: fmt - run: terraform fmt - - - name: Check if IP Ranges Have Changed - id: ip-check - run: | - if [[ $(git status --porcelain) ]]; then - echo "New GitHub IP ranges detected." - git status - git fetch origin - git config user.name "${{ github.actor }}" - git config user.email "${{ github.actor }}@users.noreply.github.com" - git checkout -b github-ip-range-update - git add . - git commit -m "fix: update github ip ranges" - git push -u origin github-ip-range-update - echo "::set-output name=NEW_IP_RANGES::true" - fi - - - if: steps.ip-check.outputs.NEW_IP_RANGES == 'true' - name: Open Pull Request if IP Ranges Have Changed + - name: test uses: ExpediaGroup/github-helpers@v1 with: - helper: create-pr - title: "fix: update Github IP ranges" - body: The GitHub IP ranges for hooks have changed on the [meta endpoint](https://api.github.com/meta). - head: github-ip-range-update - github_token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + helper: set-commit-status + sha: ${{ github.event.pull_request.head.sha }} + context: Commit Status Test + state: success + description: set-commit-status is working!