Skip to content

JS PRs issue

JS PRs issue #3

Workflow file for this run

name: JS PRs issue
on:
# At 12:00 on day-of-month 1 in every 3rd month.
# This is 12 hours after update-js workflows run on repos such as silverstripe/asset-admin
schedule:
- cron: '0 12 1 */3 *'
workflow_dispatch:
jobs:
js-prs-issue:
name: JS PRs issue
# Only run cron on the silverstripe account
if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule')
runs-on: ubuntu-latest
steps:
- name: Get Alerts List
id: get-alerts-list
run: |
ALERTS_LIST=''
# Get list of supported modules
# Assumes CMS 5 is the most recent stable version
curl -s -o __modules.json https://raw.githubusercontent.com/silverstripe/supported-modules/5/modules.json
# If we can't parse the JSON at all, $MODULES will be an empty string and that means we couldn't fetch the file.
MODULES=$(jq -e '.' __modules.json) || true
if [[ $MODULES == "" ]]; then
# If there is some error getting the file, the error will be in the __modules.json file - importantly, not in JSON format.
echo "Cannot parse supported-modules JSON. Aborting. The content we tried to parse was:"
cat __modules.json
# Instead of exiting, output an error instead of the dependabot alert list.
# We don't have any reporting indicating if this workflow fails, so this is a good way to track that.
ALERTS_LIST='Failed to parse supported-modules JSON. Please check the GitHub action log.'
fi
# Create a list of markdown links for supported module dependabot stuff
ALERTS_LIST=$(php -r '
$json = json_decode(file_get_contents("__modules.json"), true);
foreach ($json as $module) {
# Skip non-github modules, if any listed
if (!$module["github"]) {
continue;
}
$githubRef = $module["github"];
$branch = end($module["branches"]);
$packageJsonURL = "https://raw.githubusercontent.com/$githubRef/$branch/package.json";
$headers = get_headers($packageJsonURL);
# $headers[0] includes the response code in a format like: "HTTP/1.1 404 Not Found"
$response = $headers[0];
# Skip modules which do not have a package.json file
if (strpos($response, "404") !== false) {
continue;
}
# If we have something other than 404 (above) or 200, output an error string for the list
# and move on.
if (strpos($response, "200") === false) {
echo "- $githubRef: Unable to check package.json, response was $response.\\n";
continue;
}
# If we get here, we have a package.json file so we should add a dependabot alerts URL to the list
echo "- [$githubRef](https://github.com/$githubRef/security/dependabot)\\n";
}
')
echo 'ALERTS_LIST is:'
echo $ALERTS_LIST
echo "alerts_list=$ALERTS_LIST" >> $GITHUB_OUTPUT
- name: JS PRs issue
uses: silverstripe/gha-issue@v1
env:
ALERTS_LIST: ${{ steps.get-alerts-list.outputs.alerts_list }}
with:
title: JS pull-requests
description: |
This is an automatically created issue used to list automatically created
javascript pull requests every 3 months.\n
\n
It was created by the `.github/workflows/js-prs-issue.yml` workflow in the [silverstripe/.github](https://github.com/silverstripe/.github/) repository.\n
\n
### Triage instructions (Silverstripe Ltd CMS Squad)\n
1. Put on the following labels:\n
- `type/enhancement`\n
- `impact/low`\n
- `affects/v5`\n
2. Move this issue to the "Ready" column on our internal zenhub board\n
\n
### Update JS pull-requests:\n
- [List of update JS pull-requests](https://emtek.net.nz/rhino/tables?t=open-prs&filters={%22title%22%3A%22DEP%20Update%20JS%20dependencies%22})\n
- Merge these PRs if there are no merge-conflicts\n
- If there are merge conflicts in some PRs, then manually run the "Update JS" github action in the
affected module. The github action will automatically close the old PR and delete the old branch.
- If the new PRs still have merge conflicts, then close those PRs and run the steps below in the
"Manually creating update JS pull-requests" section below for those relevant modules\n
\n
### Manually creating update JS pull-requests:\n
1. Ensure you have the default branch checked out for the module you are updating e.g. `5`\n
2. Ensure `silverstripe/silverstripe-admin` is installed in a *sibling* directory\n
3. In the `silverstripe-admin` directory, ensure the default branch is checked out e.g. `2`\n
4. In the `silverstripe-admin` directory, run `yarn install`\n
5. In the directory of module you're updating JS for, run `yarn upgrade`\n
6. Run `yarn build` in the directory of module you're updating JS for\n
7. Git commit, push the changes and create a pull-request\n
8. List the pull-request(s) on this issue\n
9. Move this issue to the peer review column on the CMS Squad internal zenhub board\n
\n
### Dependabot pull-requests:\n
- [List of dependabot pull-requests](https://emtek.net.nz/rhino/tables?t=open-prs&filters={%22author%22%3A%22dependabot%22})\n
- Most of these should be automatically closed if the "Update JS pull-requests" above are merged\n
- You can make a judgement call as to whether to merge any easy ones that are left\n
\n
### Dependabot alerts:\n
After all of the above have been completed and resolved, check for any outstanding dependabot alerts:\n
${{ env.ALERTS_LIST }}
- name: Delete temporary files
shell: bash
if: always()
run: |
if [[ -f __modules.json ]]; then
rm __modules.json
fi