14

I have this workflow in a repo called terraform-do-database and I'm trying to use a reusable workflow coming from the public repo foo/git-workflows/.github/workflows/tag_validation.yaml@master

name: Tag Validation

on:
  pull_request:
    branches: [master]
  push:
    branches:    
      - '*'         # matches every branch that doesn't contain a '/'
      - '*/*'       # matches every branch containing a single '/'
      - '**'        # matches every branch
      - '!master'   # excludes master
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:

  tag_check:
    uses: foo/git-workflows/.github/workflows/tag_validation.yaml@master

And this is the reusable workflow file from the public git-workflows repo that has the script that should run on it. What is happening is that the workflow is trying to use a script inside the repo terraform-do-database

name: Tag Validation

on:
  pull_request:
    branches: [master]
  workflow_call:

jobs:

  tag_check:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      # Runs a single command using the runners shell
      - name: Verify the tag value
        run: ./scripts/tag_verify.sh

So the question: How can I make the workflow use the script stored in the git-worflows repo instead of the terraform-do-database?

I want to have a single repo where I can call the workflow and the scripts, I don't want to have everything duplicated inside all my repos.

Improve this question

5 Answers 5

Reset to default
13

One way to go about this is perform a checkout inside your reusable workflow that essentially clones the content of the repo where your scripts are and only then you can access it. It's not the cleanest solution but it works.

Perform a second checkout, to clone your repo that has the reusable workflow into a dir reusable-workflow-repo

- name: Checkout reusable workflow dir
  uses: actions/checkout@v3
  with:
    repository: <your-org>/terraform-do-database
    token: ${{ secrets.GIT_ACCESS_TOKEN }}
    path: reusable-workflow-repo

Now you have all the code you need inside reusable-workflow-repo. Use ${GITHUB_WORKSPACE} to find the current path and simply append the path to the script.

- name: Verify the tag value
  run: ${GITHUB_WORKSPACE}/reusable-workflow-repo/scripts/tag_verify.sh
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This is a good solution, but I wonder how we can know REF used to call reusable workflow, for example: uses: author/repository/.github/workflows/reusable-workflow.yml@dev. Here we want to use the workflow from branch dev but inside the workflow I didn't find any information about this.
Something I ran into here: my original action already had another checkout step in it, which was deleting the contents of ${GITHUB_WORKSPACE} every run. Not sure if this is the best solution, but I added an intermediate step that just copies my bash script to ${GITHUB_WORKSPACE}/.. after the first checkout, and then I run it later on with bash ${GITHUB_WORKSPACE}/../[scriptname].sh.
4

I have found that if I wrap the script into a composite action. I can use GitHub context github.action_path to locate the scripts. Example:

run: ${{ github.action_path }}/scripts/foo.sh

Improve this answer

3 Comments

Are you sure this works? AFAIK, the github context is always associated with the calling workflow (source), but the OP asks to access other files from the called (reusable) workflow.
@PhilippBammes that is why I said, "if I warp the script into a composite action". This extra layer "action" allows you to access the script.
Oddly on GHES I get a wrong path under this variable, although the script is elsewhere on the filesystem. I assume it's a bug in GHES.
2

Following Kaleby Cadorin example but for the case where the script is in a private repository

- name: Download & run script
        run: |          
          curl --header "Authorization: token ${{ secrets.MY_PAT }}" \
            --header 'Accept: application/vnd.github.raw' \
            --remote-name \
            --location https://raw.githubusercontent.com/COMPANY/REPO/BRANCH/PATH/script.sh
                
          chmod +x script.sh
          ./script.sh

Note: GITHUB_TOKEN doesn't seem to work here, a PAT is required.

Improve this answer

Comments

1

I was able to solve it adding a few more commands to manually download the script and execute it.

steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      # Runs a single command using the runners shell
      - name: Check current directory
        run: pwd
      - name: Download the script
        run: curl -o $PWD/tag_verify.sh https://raw.githubusercontent.com/foo/git-workflows/master/scripts/tag_verify.sh
      - name: Give script permissions
        run: chmod +x $PWD/tag_verify.sh
      - name: Execute script
        run: $PWD/tag_verify.sh
Improve this answer

Comments

0

According to this thread on github-community the script needs to be downloaded/checked out separatly.

The "reusable" workflow you posted is not reusable in this sense, because since it is not downloading the script the workflow can only run within its own repository (or a repository that already has the script).

Improve this answer

3 Comments

Hey @SebDieBln how can I download the script separately?
@KalebyCadorin This thread on github-community points out some ways to download a file.
Link from the answer is dead.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.