exam_final_python/.github/workflows/sync-topics.yml at main · Adam-Blf/exam_final_python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Sync repo topics

# Quand on modifie .github/topics.yml et qu'on push, le workflow remplace
# l'ensemble des topics du repo via l'API GitHub. Idempotent · ne fait rien
# si la liste est déjà à jour.
#
# IMPORTANT · ce workflow nécessite un Personal Access Token avec scope
# `public_repo` (ou `repo` pour les privés) stocké en secret repo
# `TOPICS_PAT`. Le GITHUB_TOKEN natif ne peut pas modifier les topics
# (limite GitHub Actions, pas un bug du workflow).
#
# Setup une seule fois ·
#   1. github.com → Settings → Developer settings → PAT classique
#      → générer avec scope `public_repo` (et `repo` si repos privés)
#   2. dans CHAQUE repo cible · Settings → Secrets → Actions
#      → New repository secret · nom `TOPICS_PAT`, valeur = le PAT
#   3. ou en bulk via gh ·
#      gh secret set TOPICS_PAT --repos Adam-Blf/repo1,Adam-Blf/repo2
#
# Si le secret n'est pas défini, le workflow se termine en SUCCESS avec un
# message "skip" plutôt que de polluer l'onglet Actions de runs rouges.

on:
  push:
    branches: [main, master]
    paths:
      - ".github/topics.yml"
  workflow_dispatch:

jobs:
  sync:
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4

      - name: Check secret presence
        id: secret
        env:
          TOPICS_PAT: ${{ secrets.TOPICS_PAT }}
        run: |
          if [ -z "${TOPICS_PAT:-}" ]; then
            echo "missing=true" >> "$GITHUB_OUTPUT"
            echo "::warning::secrets.TOPICS_PAT not set · skip · see workflow comments"
          else
            echo "missing=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Read topics from .github/topics.yml
        if: steps.secret.outputs.missing == 'false'
        id: topics
        run: |
          set -euo pipefail
          if [ ! -f .github/topics.yml ]; then
            echo "::warning::no .github/topics.yml · nothing to do"
            echo "skip=true" >> "$GITHUB_OUTPUT"
            exit 0
          fi
          NAMES=$(awk '
            /^topics:/ { in_list=1; next }
            in_list && /^[[:space:]]*-/ {
              gsub(/^[[:space:]]*-[[:space:]]*/, "", $0);
              gsub(/[[:space:]]*#.*$/, "", $0);
              if ($0 != "") print $0
            }
            in_list && /^[^[:space:]-]/ { in_list=0 }
          ' .github/topics.yml | jq -R . | jq -s -c .)
          echo "names=$NAMES" >> "$GITHUB_OUTPUT"
          echo "Found topics: $NAMES"

      - name: PUT topics via GitHub API
        if: steps.secret.outputs.missing == 'false' && steps.topics.outputs.skip != 'true'
        env:
          GH_TOKEN: ${{ secrets.TOPICS_PAT }}
          REPO: ${{ github.repository }}
          NAMES: ${{ steps.topics.outputs.names }}
        run: |
          set -euo pipefail
          BODY=$(jq -n --argjson names "$NAMES" '{names: $names}')
          echo "PUT /repos/$REPO/topics ← $BODY"
          echo "$BODY" | gh api \
            -X PUT \
            -H "Accept: application/vnd.github+json" \
            "repos/$REPO/topics" \
            --input -