From c3771a40ac63261cbdaf05b502d203b2540ba623 Mon Sep 17 00:00:00 2001 From: Caleb Lloyd Date: Tue, 9 Apr 2024 11:46:21 -0400 Subject: [PATCH 1/2] auto release dependency updates Signed-off-by: Caleb Lloyd --- .github/dependabot.yml | 4 + .github/workflows/deps-release-detect.yaml | 85 ++++++++++++++++++++++ .github/workflows/deps-release-tag.yaml | 37 ++++++++++ cicd/Dockerfile | 4 +- cicd/tag_deps_version.txt | 1 + 5 files changed, 129 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/deps-release-detect.yaml create mode 100644 .github/workflows/deps-release-tag.yaml create mode 100644 cicd/tag_deps_version.txt diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7662d99a..5c0c87c0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ updates: directory: "/" schedule: interval: "weekly" + - package-ecosystem: docker + directory: /cicd + schedule: + interval: daily # version updates: disabled # security updates: enabled diff --git a/.github/workflows/deps-release-detect.yaml b/.github/workflows/deps-release-detect.yaml new file mode 100644 index 00000000..97a0e28f --- /dev/null +++ b/.github/workflows/deps-release-detect.yaml @@ -0,0 +1,85 @@ +name: Deps Release + +on: 'pull_request' + +permissions: + contents: write + +jobs: + detect: + name: Detect + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git checkout -b "$GITHUB_HEAD_REF" + + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v2 + + - name: Install node + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install semver + run: |- + npm install -g semver + + - name: Bump + run: |- + set -e + push=0 + config='[ + { + "directory": "cicd", + "dependencyName": "alpine" + } + ]' + + deps='${{ steps.dependabot-metadata.outputs.updated-dependencies-json }}' + + for i in $(seq 0 "$(("$(echo "$config" | jq length) - 1"))"); do + directory="$(echo "$config" | jq -r ".[$i].directory")" + dependencyName="$(echo "$config" | jq -r ".[$i].dependencyName")" + match="$(echo "$deps" | jq ".[] | select(.directory == \"/$directory\" and .dependencyName == \"$dependencyName\")")" + if [ -z "$match" ]; then + continue + fi + + updateType="$(echo "$match" | jq -r ".updateType")" + prevVersion="$(echo "$match" | jq -r ".prevVersion")" + newVersion="$(echo "$match" | jq -r ".newVersion")" + + echo "directory : $directory" + echo "dependencyName : $dependencyName" + echo "updateType : $updateType" + echo "prevVersion : $prevVersion" + echo "newVersion : $newVersion" + + tag_deps_version="$(git ls-remote 2>/dev/null \ + | grep -oE 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+' \ + | cut -d'/' -f3 \ + | xargs semver \ + | tail -n 1 \ + | xargs semver -i patch)" + + echo "$tag_deps_version" > ./cicd/tag-base-version.txt + git add ./cicd/tag-base-version.txt + if git commit -m "bump dependency release to $tag_deps_version"; then + push=1 + fi + done + + if [ "$push" = "1" ]; then + git push -u origin "$GITHUB_HEAD_REF" + fi diff --git a/.github/workflows/deps-release-tag.yaml b/.github/workflows/deps-release-tag.yaml new file mode 100644 index 00000000..40735bdf --- /dev/null +++ b/.github/workflows/deps-release-tag.yaml @@ -0,0 +1,37 @@ +name: Deps Release + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + tag: + name: Tag + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - id: tag + name: Determine tag + run: | + version="$(head -n 1 ./cicd/tag_deps_version.txt)" + ref_name="v$version" + create=true + if [ "$(git ls-remote origin "refs/tags/$ref_name" | wc -l)" = "1" ]; then + create=false + fi + + echo "version=$version" | tee -a "$GITHUB_OUTPUT" + echo "ref-name=$ref_name" | tee -a "$GITHUB_OUTPUT" + echo "create=$create" | tee -a "$GITHUB_OUTPUT" + + - if: ${{ fromJSON(steps.tag.outputs.create) }} + name: Tag + run: | + git tag "${{ steps.tag.outputs.ref-name }}" + git push origin "${{ steps.tag.outputs.ref-name }}" diff --git a/cicd/Dockerfile b/cicd/Dockerfile index 3d4ff5b1..4ca13131 100644 --- a/cicd/Dockerfile +++ b/cicd/Dockerfile @@ -1,7 +1,7 @@ #syntax=docker/dockerfile-upstream:1.5 ARG GO_APP -FROM alpine:3.19 as deps +FROM alpine:3.19.0 as deps ARG GO_APP ARG GORELEASER_DIST_DIR=/go/src/dist @@ -28,7 +28,7 @@ RUN < Date: Tue, 9 Apr 2024 12:10:43 -0400 Subject: [PATCH 2/2] apply patch to stable release Signed-off-by: Caleb Lloyd --- .github/workflows/deps-release-detect.yaml | 13 ++++---- .github/workflows/deps-release-tag.yaml | 35 +++++++++++++++++----- cicd/tag-deps-version.txt | 2 ++ cicd/tag_deps_version.txt | 1 - 4 files changed, 37 insertions(+), 14 deletions(-) create mode 100644 cicd/tag-deps-version.txt delete mode 100644 cicd/tag_deps_version.txt diff --git a/.github/workflows/deps-release-detect.yaml b/.github/workflows/deps-release-detect.yaml index 97a0e28f..3f8b4057 100644 --- a/.github/workflows/deps-release-detect.yaml +++ b/.github/workflows/deps-release-detect.yaml @@ -66,16 +66,19 @@ jobs: echo "prevVersion : $prevVersion" echo "newVersion : $newVersion" - tag_deps_version="$(git ls-remote 2>/dev/null \ + tagPrevVersion="$(git ls-remote 2>/dev/null \ | grep -oE 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+' \ | cut -d'/' -f3 \ | xargs semver \ - | tail -n 1 \ - | xargs semver -i patch)" + | tail -n 1)" + + tagNewVersion="$(semver -i patch "$tagPrevVersion")" - echo "$tag_deps_version" > ./cicd/tag-base-version.txt + echo "$tagPrevVersion" > ./cicd/tag-deps-version.txt + echo "$tagNewVersion" >> ./cicd/tag-deps-version.txt + git add ./cicd/tag-base-version.txt - if git commit -m "bump dependency release to $tag_deps_version"; then + if git commit -m "bump dependency release to $tagNewVersion"; then push=1 fi done diff --git a/.github/workflows/deps-release-tag.yaml b/.github/workflows/deps-release-tag.yaml index 40735bdf..8b3aa898 100644 --- a/.github/workflows/deps-release-tag.yaml +++ b/.github/workflows/deps-release-tag.yaml @@ -14,24 +14,43 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - id: tag name: Determine tag run: | - version="$(head -n 1 ./cicd/tag_deps_version.txt)" - ref_name="v$version" + old_version="$(head -n 1 ./cicd/tag-deps-version.txt)" + old_ref_name="v$old_version" + new_version="$(tail -n 1 ./cicd/tag-deps-version.txt)" + new_ref_name="v$new_version" + create=true - if [ "$(git ls-remote origin "refs/tags/$ref_name" | wc -l)" = "1" ]; then + if [ "$(git ls-remote origin "refs/tags/$new_ref_name" | wc -l)" = "1" ]; then create=false fi - echo "version=$version" | tee -a "$GITHUB_OUTPUT" - echo "ref-name=$ref_name" | tee -a "$GITHUB_OUTPUT" + echo "old-version=$old_version" | tee -a "$GITHUB_OUTPUT" + echo "old-ref-name=$old_ref_name" | tee -a "$GITHUB_OUTPUT" + echo "new-version=$new_version" | tee -a "$GITHUB_OUTPUT" + echo "new-ref-name=$new_ref_name" | tee -a "$GITHUB_OUTPUT" echo "create=$create" | tee -a "$GITHUB_OUTPUT" - if: ${{ fromJSON(steps.tag.outputs.create) }} name: Tag run: | - git tag "${{ steps.tag.outputs.ref-name }}" - git push origin "${{ steps.tag.outputs.ref-name }}" + commit="$(git rev-parse HEAD)" + git fetch origin refs/tags/"${{ steps.tag.outputs.old-ref-name }}" + git checkout -b deps "${{ steps.tag.outputs.old-ref-name }}" + git restore --source="$commit" ./cicd + git add ./cicd + if git commit -m "bump dependency release to ${{ steps.tag.outputs.new-version }}"; then + git tag "${{ steps.tag.outputs.new-ref-name }}" + git push origin "${{ steps.tag.outputs.new-ref-name }}" + fi diff --git a/cicd/tag-deps-version.txt b/cicd/tag-deps-version.txt new file mode 100644 index 00000000..21226110 --- /dev/null +++ b/cicd/tag-deps-version.txt @@ -0,0 +1,2 @@ +0.14.0 +0.14.1 diff --git a/cicd/tag_deps_version.txt b/cicd/tag_deps_version.txt deleted file mode 100644 index c39e9c5f..00000000 --- a/cicd/tag_deps_version.txt +++ /dev/null @@ -1 +0,0 @@ -0.14.1 \ No newline at end of file