update #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update | |
| on: | |
| # Schedule a run approximately every 10 days of the month. This is more varied | |
| # than say the same day each week. Trigger events can be delayed during times | |
| # of high load (e.g., on the hour), so use a random non-zero minute value. | |
| schedule: | |
| - cron: "35 0 1,11,21 * *" | |
| workflow_dispatch: | |
| jobs: | |
| update-portfolio: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # Allows JWT to be requested from GitHub's OIDC provider. | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eidorb/portfolio-ledger | |
| path: portfolio-ledger | |
| # Use personal access token that grants permissions to write to portfolio-ledger repository. | |
| token: ${{ secrets.TOKEN }} | |
| - id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| # Use contents of Mamba environment file, NPM lock file and Poetry lock file as cache key. | |
| key: ${{ hashFiles('environment.yml', 'package-lock.json', 'poetry.lock') }} | |
| # Cache micromamba binary, environments, and pipx installs. | |
| path: | | |
| ./bin/micromamba | |
| ~/micromamba/envs | |
| ~/.local/pipx | |
| - if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| # Install micromamba. | |
| wget -qO- https://micro.mamba.pm/api/micromamba/linux-64/latest | tar -xvj bin/micromamba | |
| ./bin/micromamba shell hook > ~/.bashrc | |
| # Install Poetry. | |
| pipx install poetry~=1.8 | |
| # Create Mamba environment. | |
| export MAMBA_ROOT_PREFIX=~/micromamba | |
| eval "$(./bin/micromamba shell hook -s posix)" | |
| micromamba create --file environment.yml --yes | |
| micromamba activate portfolio | |
| # Install Python package dependencies. | |
| poetry install | |
| # Assume role to read/write AWS parameter. | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::961672313229:role/Account-GithubOidcRole20798CD3-LZP3AHTIPJU2 | |
| aws-region: ap-southeast-2 | |
| - run: | | |
| export MAMBA_ROOT_PREFIX=~/micromamba | |
| eval "$(./bin/micromamba shell hook -s posix)" | |
| micromamba activate portfolio | |
| # Unlock git-crypt. | |
| echo $GIT_CRYPT_KEY | base64 -d | git-crypt unlock - | |
| # Configure time zone so that fetched prices have the correct date. | |
| sudo timedatectl set-timezone Australia/Queensland | |
| # Update balances and prices in ledger. | |
| python -m portfolio.update_balances portfolio-ledger/balances.beancount | |
| cd portfolio-ledger | |
| bean-price --inactive --date $(date -I) portfolio.beancount >> prices.beancount 2>/dev/null | |
| # Commit changes to portfolio-ledger repository. | |
| git config --global user.name "GitHub Actions" | |
| git config --global user.email "$GITHUB_JOB@$GITHUB_REPOSITORY" | |
| git add balances.beancount | |
| git add prices.beancount | |
| git status | |
| git commit -m "Update portfolio from $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
| git push | |
| env: | |
| GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} |