divijvaidya commented on code in PR #18380: URL: https://github.com/apache/kafka/pull/18380#discussion_r1901989992
########## .github/workflows/cron-update-new-year-copyright.yml: ########## @@ -0,0 +1,78 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +name: Update Copyright Year +description: Update the year on copyright notice with a scheduled run on Jan 1st every year + +on: + schedule: + - cron: "0 0 1 1 *" # Run once a year on January 1st + workflow_dispatch: + + +permissions: + contents: write + pull-requests: write + +jobs: + update-year: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Get the current year + id: get-year + run: | + CURRENT_YEAR=$(date +%Y) + echo "year=$CURRENT_YEAR" >> $GITHUB_OUTPUT + + - name: Switch to trunk branch and create new branch + run: | + git checkout trunk + git checkout -b trunk-copyright-year-${{ steps.get-year.outputs.year }} + + - name: Update year in NOTICE file + run: | + echo "Updating NOTICE file using sed..." + sed -i -E "s/(Copyright )([0-9]{4})( The Apache Software Foundation\.)/\1${{ steps.get-year.outputs.year }}\3/" NOTICE + + - name: Push changes + run: | + git config user.name "github-actions" + git config user.email "[email protected]" + git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository_owner }}/${{ github.event.repository.name }}.git Review Comment: The link you provided uses `persist-credentials: true` which is not recommended by apache as per https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+Security > if using the 'checkout' action, always enable persist-credentials: false Since, we use `persist-credentials: false`, we need a way to provide credential during `git push` for this action. That is why I used this alternative approach of setting origin with credentials. I will change the user.email and user.name to the "magic" user mentioned at https://github.com/actions/checkout?tab=readme-ov-file#push-a-commit-using-the-built-in-token -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
