Skip to content

Commit 22c1a70

Browse files
committed
fix: wip
1 parent 9775945 commit 22c1a70

6 files changed

Lines changed: 114 additions & 75 deletions

File tree

.github/dependabot.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ updates:
1010
schedule:
1111
interval: "weekly"
1212
cooldown:
13-
default-days: 7
13+
default-days: 10
1414
labels:
1515
- "automated"
1616
- "dependencies"

.github/workflows/bump.yml

Lines changed: 16 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,14 @@ jobs:
2929
runs-on: "lab"
3030
env:
3131
USER: "runner"
32+
JUST_VARS: ""
3233
steps:
3334
# Use a GitHub App token so that the generated PR can trigger CI
3435
- name: "Generate GitHub App token"
3536
id: "app-token"
3637
uses: "actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1" # v3.2.0
3738
with:
38-
app-id: "${{ secrets.DP_APP_ID }}"
39+
client-id: "${{ secrets.DP_APP_ID }}"
3940
private-key: "${{ secrets.DP_PRIVATE_KEY }}"
4041
permission-contents: "write"
4142
permission-pull-requests: "write"
@@ -58,7 +59,7 @@ jobs:
5859
bash scripts/bump.sh
5960
if ! git diff --quiet; then
6061
git add -u
61-
git commit -sm "bump: pins"
62+
git commit -sm "bump(nix)!: nix pins"
6263
fi
6364
6465
- name: "check-dependencies (pre)"
@@ -70,95 +71,37 @@ jobs:
7071
# not detected at release time by the upstream project.
7172
# We run our "pre" check with `continue-on-error` set to true because it is equally possible that the upgrade
7273
# _resolves_ the license / security issue we have had / would have had without the upgrade.
73-
run: |
74-
set -euo pipefail;
75-
just check-dependencies
74+
uses: &just "./.github/actions/just"
75+
with:
76+
recipe: "check-dependencies"
7677
continue-on-error: true
7778

78-
- name: "cargo upgrade"
79-
id: upgrade
79+
- name: "cargo update"
80+
id: "upgrade"
81+
# sadly we can't use the just recipe here because this just command produces a github output
8082
run: |
81-
set -euo pipefail;
82-
git config user.name "github-actions[bot]"
83-
git config user.email "<224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>"
84-
BASE="$(git rev-parse HEAD)"
85-
86-
# Run "cargo update"
87-
echo "::notice::Running cargo update"
88-
cargo update
89-
if ! git diff --quiet; then
90-
echo "Found changes after cargo update, creating commit"
91-
git add Cargo.lock
92-
git commit -sm "bump(cargo)!: bump dependencies (cargo update)"
93-
fi
94-
95-
# Check updates available with "cargo upgrade",
96-
# then bump each package individually through separate commits
97-
echo "::notice::Looking for dependencies to upgrade"
98-
cargo upgrade --incompatible=allow --dry-run | tee upgrade_output.txt
99-
sed "/^====/d; /^name .*old req .*new req/d; s/ .*//" upgrade_output.txt > list_packages.txt
100-
nb_upgrades=$(wc -l < list_packages.txt)
101-
102-
echo "Found the following ${nb_upgrades} upgrade(s) available:"
103-
cat list_packages.txt
104-
105-
echo "::notice::Upgrading packages that need an upgrade (if any), one by one"
106-
while read -r package; do
107-
echo "bump(cargo)!: bump $package (cargo upgrade)" | tee commit_msg.txt
108-
tee -a commit_msg.txt <<<""
109-
cargo upgrade --incompatible=allow --package "$package" | tee -a commit_msg.txt
110-
git add Cargo.lock Cargo.toml cli/Cargo.toml
111-
git commit -sF commit_msg.txt
112-
done < list_packages.txt
113-
114-
# If we did not create any commits, we do not need to create a PR message
115-
if [[ "$(git rev-parse HEAD)" = "${BASE}" ]]; then
116-
rm -f -- upgrade_output.txt list_packages.txt commit_msg.txt
117-
exit 0
118-
fi
119-
echo "::notice::We created the following commits:"
120-
git log --reverse -p "${BASE}"..
121-
122-
# Create Pull Request description
123-
echo "### :rocket: Upgrades available" | tee upgrade.log
124-
if [[ "${nb_upgrades}" -ge 1 ]]; then
125-
echo "" | tee -a upgrade.log
126-
echo "\`\`\`" | tee -a upgrade.log
127-
tee -a upgrade.log < upgrade_output.txt
128-
echo "\`\`\`" | tee -a upgrade.log
129-
fi
130-
131-
tee -a upgrade.log <<<""
132-
tee -a upgrade.log <<<":warning: This Pull Request was automatically generated and should be carefully reviewed before acceptance. It may introduce **breaking changes**."
133-
134-
cat upgrade.log > "${GITHUB_STEP_SUMMARY}"
135-
{
136-
echo "upgrade<<EOF";
137-
cat upgrade.log;
138-
echo "EOF";
139-
} >> "${GITHUB_OUTPUT}"
140-
141-
rm -f -- upgrade.log upgrade_output.txt list_packages.txt commit_msg.txt
83+
just bump-cargo-deps
14284
14385
- name: "check-dependencies (post)"
144-
run: |
145-
set -euo pipefail;
146-
just check-dependencies
86+
uses: *just
87+
with:
88+
recipe: "check-dependencies"
14789

14890
- name: "Create Pull Request"
14991
# zizmor: ignore[superfluous-actions] -- relies on this action's diff-detection,
15092
# labeling, draft, and sign-commits behavior; not worth reimplementing over `gh pr create`.
151-
uses: "peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1" # v8.1.1
93+
uses: "peter-evans/create-pull-request@v8.1.1"
15294
with:
15395
token: "${{ steps.app-token.outputs.token }}"
15496
branch: "bump/cargo-upgrades"
155-
title: "bump(cargo)!: :rocket: upgrades available"
97+
title: "bump!: :rocket: upgrades available"
15698
# ci:+cross/full opts the bump PR into the full cross matrix
15799
# (build + qemu-user test on musl) to catch upstream regressions.
158100
labels: |
159101
automated
160102
dependencies
161103
ci:+cross/full
104+
ci:+vlab
162105
signoff: "true"
163106
sign-commits: "true"
164107
body: |

.github/workflows/dev.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -667,7 +667,7 @@ jobs:
667667

668668
name: "${{ matrix.hybrid && 'h' || 'v' }}-${{ matrix.upgradefrom && 'up' || '' }}${{ matrix.upgradefrom }}${{ matrix.upgradefrom && '-' || '' }}${{ matrix.mesh && 'mesh-' || '' }}${{ matrix.gateway && 'gw-' || '' }}${{ matrix.includeonie && 'onie-' || '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}"
669669

670-
uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@0c65d56c096215e51d0823f69380b1477d39c951 # v0.47.4
670+
uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master
671671
with:
672672
# ci:+hlab is required to enable hybrid lab tests on PR
673673
# ci:+vlab is required to enable virtual lab tests on PR

.github/zizmor.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,6 @@
11
rules:
2+
unpinned-uses:
3+
disable: false
4+
config:
5+
policies:
6+
githedgehog/fabricator/.github/workflows/run-vlab.yaml: ref-pin

.pinact.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
# yaml-language-server: $schema=https://raw.githubusercontent.com/suzuki-shunsuke/pinact/refs/heads/main/json-schema/pinact.json
22
# pinact - https://github.com/suzuki-shunsuke/pinact
33
version: 3
4+
min_age:
5+
value: 10
46

57
rules:
68
- ignore: true

justfile

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -460,6 +460,95 @@ depgraph:
460460
| sed 's/dataplane-//g' \
461461
| dot -Grankdir=TD -Gsplines=polyline -Granksep=1.5 -Tsvg > workspace-deps.svg
462462

463+
[script]
464+
bump-actions:
465+
{{ _just_debuggable_ }}
466+
pinact run --update
467+
468+
export GITHUB_STEP_SUMMARY := env("GITHUB_STEP_SUMMARY", "")
469+
export GITHUB_OUTPUT := env("GITHUB_OUTPUT", "")
470+
471+
[script]
472+
bump-cargo-deps:
473+
{{ _just_debuggable_ }}
474+
declare BASE
475+
BASE="$(git rev-parse HEAD)"
476+
declare -r BASE
477+
478+
# Run "cargo update"
479+
echo "::notice::Running cargo update"
480+
cargo update
481+
if ! git diff --quiet; then
482+
echo "Found changes after cargo update, creating commit"
483+
git add Cargo.lock
484+
git commit -sm "bump!: regular dependency update"
485+
fi
486+
487+
# Check updates available with "cargo upgrade",
488+
# then bump each package individually through separate commits
489+
echo "::notice::Looking for dependencies to upgrade"
490+
declare upgrade_output
491+
upgrade_output="$(mktemp)"
492+
declare -r upgrade_output
493+
declare list_packages
494+
list_packages="$(mktemp)"
495+
declare -r list_packages
496+
cargo upgrade --incompatible=allow --dry-run | tee "${upgrade_output}"
497+
sed "/^====/d; /^name .*old req .*new req/d; s/ .*//" "${upgrade_output}" > "${list_packages}"
498+
nb_upgrades=$(wc -l < "${list_packages}")
499+
500+
echo "Found the following ${nb_upgrades} upgrade(s) available:"
501+
cat "${list_packages}"
502+
503+
echo "::notice::Upgrading packages that need an upgrade (if any), one by one"
504+
declare commit_msg
505+
commit_msg="$(mktemp)"
506+
declare -r commit_msg
507+
while read -r package; do
508+
echo "bump(cargo)!: bump $package (cargo upgrade)" | tee "${commit_msg}"
509+
tee -a "${commit_msg}" <<<""
510+
cargo upgrade --incompatible=allow --package "$package" | tee -a "${commit_msg}"
511+
git add Cargo.lock Cargo.toml cli/Cargo.toml
512+
git commit -sF "${commit_msg}"
513+
done < "${list_packages}"
514+
515+
# If we did not create any commits, we do not need to create a PR message
516+
if [[ "$(git rev-parse HEAD)" = "${BASE}" ]]; then
517+
rm -f -- "${upgrade_output}" "${list_packages}" "${commit_msg}"
518+
exit 0
519+
fi
520+
echo "::notice::We created the following commits:"
521+
git log --reverse -p "${BASE}"..
522+
523+
# Create Pull Request description
524+
declare upgrade_log
525+
upgrade_log="$(mktemp)"
526+
declare -r upgrade_log
527+
if [[ "${nb_upgrades}" -ge 1 ]]; then
528+
{
529+
echo "### :rocket: Upgrades available";
530+
echo ""
531+
echo "| name | old | req | compatible | latest |";
532+
echo "|------|-----|-----|------------|--------|";
533+
awk '{print "| " $1 " | " $2 " | " $3 " | " $4 " | " $5 " |"}' < <(sed 1,2d < "${upgrade_output}");
534+
echo ""
535+
echo ":warning: This Pull Request was automatically generated and should be carefully reviewed before acceptance. It may introduce **breaking changes**."
536+
echo ""
537+
} > "${upgrade_log}"
538+
fi
539+
540+
if [ -n "${GITHUB_STEP_SUMMARY:-}" ] && [ -n "${GITHUB_OUTPUT:-}" ] && [ -w "${GITHUB_STEP_SUMMARY}" ] && [ -w "${GITHUB_OUTPUT}" ]; then
541+
cat "${upgrade_log}" > "${GITHUB_STEP_SUMMARY}"
542+
{
543+
echo "upgrade<<EOF";
544+
cat "${upgrade_log}";
545+
echo "EOF";
546+
} >> "${GITHUB_OUTPUT}"
547+
fi
548+
549+
rm -f -- "${upgrade_log}" "${upgrade_output}" "${list_packages}" "${commit_msg}"
550+
551+
463552
# Bump the minor version in Cargo.toml and reset patch version to 0
464553
[script]
465554
bump_minor_version:

0 commit comments

Comments
 (0)