microsoft-graph-docs-contrib/.github/workflows/permissions-reference-gen.yml at main · microsoftgraph/microsoft-graph-docs-contrib · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
name: Update permissions reference file

on:
  schedule:
    - cron: 0 6 * * 1  # Runs every Monday at 6 AM UTC
  workflow_dispatch:  # Allows manual triggering of the workflow

permissions:
  contents: write
  pull-requests: write
  id-token: write  # Required for federated identity credentials

jobs:
  update-permissions-reference:
    name: Update permissions reference
    runs-on: windows-latest

    steps:
    - name: Set up Git to handle long paths
      run: git config --system core.longpaths true

    - name: Checkout microsoft-graph-docs
      uses: actions/checkout@v4.1.3
      with:
        path: docs

    - name: Azure Login using Federated Identity
      uses: azure/login@v2
      with:
        client-id: ${{ secrets.GRAPHPERMISSIONSREFERENCE_CLIENT_ID }}
        tenant-id: ${{ secrets.GRAPHPERMISSIONSREFERENCE_TENANT_ID }}
        allow-no-subscriptions: true

    - name: Run PowerShell script to update permissions
      shell: pwsh
      run: |
        $ClientId = "${{ secrets.GRAPHPERMISSIONSREFERENCE_CLIENT_ID }}"
        $TenantId = "${{ secrets.GRAPHPERMISSIONSREFERENCE_TENANT_ID }}"
        ./docs/scripts/update-permissions-reference.ps1 -ClientId $ClientId -TenantId $TenantId

    - name: Get token
      id: get_token
      uses: microsoftgraph/get-app-token@v1.0.4
      with:
        application-id: ${{ secrets.APPLICATION_ID }}
        application-private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}

    - name: Commit updates from service principal
      working-directory: ./docs
      shell: pwsh
      env:
        GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
      run: |
        $status = git status --porcelain
        if ($status -eq $null) {
          Write-Host "No changes to commit." -ForegroundColor Green
        }
        else {
          git config user.email "GraphTooling@service.microsoft.com"
          git config user.name "Microsoft Graph DevX Tooling"
          git add .
          git commit -m "Update permissions reference"
        }

    - name: Run PowerShell script to correct errors in permissions descriptions
      shell: pwsh
      run: |
        ./docs/scripts/correct-permissions-reference-errors.ps1

    - name: Commit errors correction and open a pull request
      working-directory: ./docs
      shell: pwsh
      env:
       GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
      run: |
        $status = git status --porcelain
        if ($status -eq $null) {
          Write-Host "No changes to commit." -ForegroundColor Green
        } else {
          $dateToday = Get-Date -Format 'yyyy-MM-dd'
          $branchName = "permissions-reference/$dateToday"
          $prTitle = "${dateToday}: Automated permissions reference update"

          git add .
          git commit -m "Correct errors in permissions reference"
          git checkout -b $branchName
          git push --set-upstream origin $branchName -f

          gh pr create --base main --title $prTitle --body "Scheduled permissions reference update" --reviewer "FaithOmbongi,msewaweru" --label "ready for content review"
        }