dd-trace-java/.github/workflows/update-gradle-dependencies.yaml at master · DataDog/dd-trace-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Update Gradle dependencies
on:
  schedule:
    - cron: "0 4 * * 0"
  workflow_dispatch:

jobs:
  update-gradle-dependencies:
    runs-on: ubuntu-latest
    name: Update Gradle dependencies
    permissions:
      contents: read
      id-token: write # Required for OIDC token federation
    steps:
      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
        id: octo-sts
        with:
          scope: DataDog/dd-trace-java
          policy: self.update-gradle-dependencies.create-pr

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
        with:
          submodules: "recursive"

      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
        with:
          distribution: 'temurin'
          java-version: '21'
          cache: 'gradle'

      - name: Configure git
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"

      - name: Define branch names
        id: define-branches
        run: |
          DATE=$(date +'%Y%m%d')
          echo "core_branch=ci/update-gradle-dependencies-${DATE}" >> $GITHUB_OUTPUT
          echo "instrumentation_branch=ci/update-gradle-dependencies-instrumentation-${DATE}" >> $GITHUB_OUTPUT

      - name: Update Gradle dependencies
        env:
          ORG_GRADLE_PROJECT_akkaRepositoryToken: ${{ secrets.AKKA_REPO_TOKEN }}
        run: |
          find . -name 'gradle.lockfile' -delete
          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xms2G -Xmx3G'" \
          ./gradlew resolveAndLockAll --write-locks --parallel --stacktrace --no-daemon --max-workers=4

      - name: Save instrumentation lock files
        run: |
          mkdir -p /tmp/instrumentation-lockfiles
          find dd-smoke-tests dd-java-agent/instrumentation -name 'gradle.lockfile' -exec cp --parents {} /tmp/instrumentation-lockfiles/ \;
          # Restore instrumentation dirs to original state (keep only core changes)
          git restore -- 'dd-smoke-tests/' 'dd-java-agent/instrumentation/'

      # ==================== Core modules PR ====================
      - name: Check if core changes exist
        id: check-core-changes
        run: |
          if [[ -z "$(git status -s)" ]]; then
            echo "No core changes to commit."
            echo "commit_changes=false" >> "$GITHUB_OUTPUT"
          else
            echo "commit_changes=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Create core commit
        if: steps.check-core-changes.outputs.commit_changes == 'true'
        id: create-core-commit
        run: |
          git add --all
          git commit -m "chore: Update Gradle dependencies"
          echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT

      - name: Push core changes
        if: steps.check-core-changes.outputs.commit_changes == 'true'
        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
        with:
          token: "${{ steps.octo-sts.outputs.token }}"
          branch: "${{ steps.define-branches.outputs.core_branch }}"
          head-sha: "${{ github.sha }}"
          create-branch: true
          command: push
          commits: "${{ steps.create-core-commit.outputs.commit }}"

      - name: Create core pull request
        if: steps.check-core-changes.outputs.commit_changes == 'true'
        env:
          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
        run: |
          gh pr create --title "Update Gradle dependencies" \
            --base master \
            --head ${{ steps.define-branches.outputs.core_branch }} \
            --label "tag: dependencies" \
            --label "tag: no release notes" \
            --body "$(cat <<'EOF'
          # What Does This Do

          This PR updates the Gradle dependency locks for common and product modules.

          # Motivation

          Refresh Gradle dependencies to make sure to apply the latest version available when bumping dependencies.

          # Contributor Checklist

          - [ ] Update PR title if a code change is needed to support one of those new dependencies
          EOF
          )"

      # ==================== Instrumentation PR ====================
      - name: Reset and apply instrumentation changes
        run: |
          git reset --hard ${{ github.sha }}
          cp -r /tmp/instrumentation-lockfiles/* .

      - name: Check if instrumentation changes exist
        id: check-instrumentation-changes
        run: |
          if [[ -z "$(git status -s)" ]]; then
            echo "No instrumentation changes to commit."
            echo "commit_changes=false" >> "$GITHUB_OUTPUT"
          else
            echo "commit_changes=true" >> "$GITHUB_OUTPUT"
          fi

      - name: Create instrumentation commit
        if: steps.check-instrumentation-changes.outputs.commit_changes == 'true'
        id: create-instrumentation-commit
        run: |
          git add --all
          git commit -m "chore: Update instrumentation Gradle dependencies"
          echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT

      - name: Push instrumentation changes
        if: steps.check-instrumentation-changes.outputs.commit_changes == 'true'
        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
        with:
          token: "${{ steps.octo-sts.outputs.token }}"
          branch: "${{ steps.define-branches.outputs.instrumentation_branch }}"
          head-sha: "${{ github.sha }}"
          create-branch: true
          command: push
          commits: "${{ steps.create-instrumentation-commit.outputs.commit }}"

      - name: Create instrumentation pull request
        if: steps.check-instrumentation-changes.outputs.commit_changes == 'true'
        env:
          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
        run: |
          gh pr create --title "Update instrumentation Gradle dependencies" \
            --base master \
            --head ${{ steps.define-branches.outputs.instrumentation_branch }} \
            --label "tag: dependencies" \
            --label "tag: no release notes" \
            --body "$(cat <<'EOF'
          # What Does This Do

          This PR updates the Gradle dependency locks for instrumentations and their tests.

          # Motivation

          Refresh Gradle dependencies to make sure to test latest versions of dependencies within their supported versions.

          # Contributor Checklist

          - [ ] Update PR title if a code change is needed to support one of those new dependencies
          EOF
          )"