-
Notifications
You must be signed in to change notification settings - Fork 7
86 lines (82 loc) · 3.71 KB
/
update-dependencies.yml
File metadata and controls
86 lines (82 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---
name: Update Dependencies
on:
schedule:
- cron: "30 2 * * 0"
workflow_dispatch:
permissions: {}
jobs:
update-apt-dependencies:
name: Update APT Dependencies (🍨 ${{ matrix.flavor }})
runs-on: ubuntu-latest
strategy:
matrix:
flavor: ["cpp", "rust"]
# Using our own container is required since we need all package sources
# set-up correctly.
container: ghcr.io/philips-software/amp-devcontainer-${{ matrix.flavor }}:edge
permissions:
contents: write
pull-requests: write
steps:
- uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: ./.github/actions/update-apt-packages
id: update-packages
with:
input-file: .devcontainer/${{ matrix.flavor }}/apt-requirements-*.json
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: token
with:
app-id: ${{ vars.FOREST_RELEASER_APP_ID }}
private-key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY }}
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
commit-message: "Update ${{ join(fromJson(steps.update-packages.outputs.updated-dependencies), ', ') }}"
branch: feature/amp-devcontainer-${{ matrix.flavor }}/update-apt-packages
title: "chore(deps, ${{ matrix.flavor }}): update ${{ join(fromJson(steps.update-packages.outputs.updated-dependencies), ', ') }}"
labels: dependencies,apt
token: ${{ steps.token.outputs.token }}
sign-commits: true
update-vscode-extensions:
name: Update VS Code Extensions (🍨 ${{ matrix.flavor }}, ${{ matrix.file }})
runs-on: ubuntu-latest
strategy:
matrix:
flavor: ["cpp", "rust"]
file: ["devcontainer-metadata.json", "devcontainer.json"]
permissions:
contents: write
pull-requests: write
steps:
- uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: ./.github/actions/update-vscode-extensions
id: update-extensions
with:
input-file: .devcontainer/${{ matrix.flavor }}/${{ matrix.file }}
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: token
with:
app-id: ${{ vars.FOREST_RELEASER_APP_ID }}
private-key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY }}
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
commit-message: "Update ${{ join(fromJson(steps.update-extensions.outputs.updated-dependencies), ', ') }} in ${{ matrix.file }}"
branch: feature/amp-devcontainer-${{ matrix.flavor }}/update-vscode-extensions-${{ matrix.file }}
body: |
> [!NOTE]
> Before merging this PR, please conduct a manual test checking basic functionality of the updated plug-ins. There are limited automated tests for the VS Code Extension updates.
${{ steps.update-extensions.outputs.markdown-summary }}
title: "chore(deps, ${{ matrix.flavor }}): update ${{ join(fromJson(steps.update-extensions.outputs.updated-dependencies), ', ') }} in ${{ matrix.file }}"
labels: dependencies,vscode-extensions
token: ${{ steps.token.outputs.token }}
sign-commits: true