-
Notifications
You must be signed in to change notification settings - Fork 4
117 lines (98 loc) · 4.07 KB
/
weekly-cargo-update.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Weekly `cargo update`
on:
schedule:
- cron: '18 5 * * 1' # 5:18 AM UTC on Mondays
workflow_dispatch:
jobs:
cargo-update:
runs-on: ubuntu-latest
environment: expressvpn_iat_automation_githubiatuser_gpg_key
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Import GPG Key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- uses: Swatinem/rust-cache@v2
- run: rustup show
# Updates indirect and direct dependencies according to semver
# constraints from `*/Cargo.toml`.
- name: Update cargo dependencies
id: update
run: |
cargo update 2>&1 | tee /tmp/update.log
title="[auto] Update cargo dependencies"
body=$(
echo '```console'
echo '$ cargo update'
cat /tmp/update.log
echo '```'
)
# Outputs:
# ... PR title
echo PRTITLE="$title" >> "$GITHUB_OUTPUT"
# ... PR body
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "PRBODY<<$EOF" >> "$GITHUB_OUTPUT"
echo "$body" >> "$GITHUB_OUTPUT"
echo "$EOF" >> "$GITHUB_OUTPUT"
# ... commit message
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "COMMITMSG<<$EOF" >> "$GITHUB_OUTPUT"
echo "$title" >> "$GITHUB_OUTPUT"
echo "" >> "$GITHUB_OUTPUT"
echo "$body" >> "$GITHUB_OUTPUT"
echo "$EOF" >> "$GITHUB_OUTPUT"
- uses: peter-evans/create-pull-request@v6
id: pr
with:
token: ${{ secrets.SERVICE_ACCOUNT_PAT }}
delete-branch: true
committer: ExpressVPN Automation Bot <[email protected]>
author: ExpressVPN Automation Bot <[email protected]>
commit-message: ${{ steps.update.outputs.COMMITMSG }}
branch: gha/cargo-update
title: ${{ steps.update.outputs.PRTITLE }}
body: ${{ steps.update.outputs.PRBODY }}
- run: cargo install --locked cargo-outdated
# Checks for dependencies which can be upgraded but require a
# semver bump in `*/Cargo.toml`. Will fail if there are available
# updates.
- name: Check for outdated dependencies
id: outdated-check
shell: bash
run: |
git checkout ${{ steps.pr.outputs.pull-request-head-sha }}
failed=false
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "comment<<$EOF" >> "$GITHUB_OUTPUT"
if ! cargo outdated --root-deps-only --exit-code 1 | tee /tmp/workspace-outdated.log ; then
echo "Workspace dependencies are out of date"
failed=true
echo '# Workspace Outdated Dependencies' >> "$GITHUB_OUTPUT"
echo '```console' >> "$GITHUB_OUTPUT"
echo '$ cargo outdated --root-deps-only --exit-code 1' >> "$GITHUB_OUTPUT"
cat /tmp/workspace-outdated.log >> "$GITHUB_OUTPUT"
echo '```' >> "$GITHUB_OUTPUT"
fi
echo "$EOF" >> "$GITHUB_OUTPUT"
echo "Setting output: failed: $failed"
echo "failed=$failed" >> "$GITHUB_OUTPUT"
# If there was no PR then there is nowhere to put a comment,
# given a weekly update cadence it's 99% likely there will be a
# comment.
- name: Outdated dependencies comment
if: steps.pr.outputs.pull-request-number && steps.outdated-check.outputs.failed == 'true'
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ steps.pr.outputs.pull-request-number }}
body: ${{ steps.outdated-check.outputs.comment }}
edit-mode: replace
- name: Outdated check fails
if: steps.outdated-check.outputs.failed == 'true'
run: exit 1