@@ -29,13 +29,14 @@ jobs:
2929 runs-on : " lab"
3030 env :
3131 USER : " runner"
32+ JUST_VARS : " "
3233 steps :
3334 # Use a GitHub App token so that the generated PR can trigger CI
3435 - name : " Generate GitHub App token"
3536 id : " app-token"
3637 uses : " actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1" # v3.2.0
3738 with :
38- app -id : " ${{ secrets.DP_APP_ID }}"
39+ client -id : " ${{ secrets.DP_APP_ID }}"
3940 private-key : " ${{ secrets.DP_PRIVATE_KEY }}"
4041 permission-contents : " write"
4142 permission-pull-requests : " write"
5859 bash scripts/bump.sh
5960 if ! git diff --quiet; then
6061 git add -u
61- git commit -sm "bump: pins"
62+ git commit -sm "bump(nix)!: nix pins"
6263 fi
6364
6465 - name : " check-dependencies (pre)"
@@ -70,95 +71,37 @@ jobs:
7071 # not detected at release time by the upstream project.
7172 # We run our "pre" check with `continue-on-error` set to true because it is equally possible that the upgrade
7273 # _resolves_ the license / security issue we have had / would have had without the upgrade.
73- run : |
74- set -euo pipefail;
75- just check-dependencies
74+ uses : &just "./.github/actions/just"
75+ with :
76+ recipe : " check-dependencies"
7677 continue-on-error : true
7778
78- - name : " cargo upgrade"
79- id : upgrade
79+ - name : " cargo update"
80+ id : " upgrade"
81+ # sadly we can't use the just recipe here because this just command produces a github output
8082 run : |
81- set -euo pipefail;
82- git config user.name "github-actions[bot]"
83- git config user.email "<224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>"
84- BASE="$(git rev-parse HEAD)"
85-
86- # Run "cargo update"
87- echo "::notice::Running cargo update"
88- cargo update
89- if ! git diff --quiet; then
90- echo "Found changes after cargo update, creating commit"
91- git add Cargo.lock
92- git commit -sm "bump(cargo)!: bump dependencies (cargo update)"
93- fi
94-
95- # Check updates available with "cargo upgrade",
96- # then bump each package individually through separate commits
97- echo "::notice::Looking for dependencies to upgrade"
98- cargo upgrade --incompatible=allow --dry-run | tee upgrade_output.txt
99- sed "/^====/d; /^name .*old req .*new req/d; s/ .*//" upgrade_output.txt > list_packages.txt
100- nb_upgrades=$(wc -l < list_packages.txt)
101-
102- echo "Found the following ${nb_upgrades} upgrade(s) available:"
103- cat list_packages.txt
104-
105- echo "::notice::Upgrading packages that need an upgrade (if any), one by one"
106- while read -r package; do
107- echo "bump(cargo)!: bump $package (cargo upgrade)" | tee commit_msg.txt
108- tee -a commit_msg.txt <<<""
109- cargo upgrade --incompatible=allow --package "$package" | tee -a commit_msg.txt
110- git add Cargo.lock Cargo.toml cli/Cargo.toml
111- git commit -sF commit_msg.txt
112- done < list_packages.txt
113-
114- # If we did not create any commits, we do not need to create a PR message
115- if [[ "$(git rev-parse HEAD)" = "${BASE}" ]]; then
116- rm -f -- upgrade_output.txt list_packages.txt commit_msg.txt
117- exit 0
118- fi
119- echo "::notice::We created the following commits:"
120- git log --reverse -p "${BASE}"..
121-
122- # Create Pull Request description
123- echo "### :rocket: Upgrades available" | tee upgrade.log
124- if [[ "${nb_upgrades}" -ge 1 ]]; then
125- echo "" | tee -a upgrade.log
126- echo "\`\`\`" | tee -a upgrade.log
127- tee -a upgrade.log < upgrade_output.txt
128- echo "\`\`\`" | tee -a upgrade.log
129- fi
130-
131- tee -a upgrade.log <<<""
132- tee -a upgrade.log <<<":warning: This Pull Request was automatically generated and should be carefully reviewed before acceptance. It may introduce **breaking changes**."
133-
134- cat upgrade.log > "${GITHUB_STEP_SUMMARY}"
135- {
136- echo "upgrade<<EOF";
137- cat upgrade.log;
138- echo "EOF";
139- } >> "${GITHUB_OUTPUT}"
140-
141- rm -f -- upgrade.log upgrade_output.txt list_packages.txt commit_msg.txt
83+ just bump-cargo-deps
14284
14385 - name : " check-dependencies (post)"
144- run : |
145- set -euo pipefail;
146- just check-dependencies
86+ uses : *just
87+ with :
88+ recipe : " check-dependencies"
14789
14890 - name : " Create Pull Request"
14991 # zizmor: ignore[superfluous-actions] -- relies on this action's diff-detection,
15092 # labeling, draft, and sign-commits behavior; not worth reimplementing over `gh pr create`.
151- uses : " peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 " # v8.1.1
93+ uses : " peter-evans/create-pull-request@v8.1.1"
15294 with :
15395 token : " ${{ steps.app-token.outputs.token }}"
15496 branch : " bump/cargo-upgrades"
155- title : " bump(cargo) !: :rocket: upgrades available"
97+ title : " bump!: :rocket: upgrades available"
15698 # ci:+cross/full opts the bump PR into the full cross matrix
15799 # (build + qemu-user test on musl) to catch upstream regressions.
158100 labels : |
159101 automated
160102 dependencies
161103 ci:+cross/full
104+ ci:+vlab
162105 signoff : " true"
163106 sign-commits : " true"
164107 body : |
0 commit comments