-
Notifications
You must be signed in to change notification settings - Fork 7
138 lines (128 loc) · 5.95 KB
/
update-dependencies.yml
File metadata and controls
138 lines (128 loc) · 5.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
name: 📦 Update
on:
pull_request:
schedule:
- cron: "30 2 * * 0"
workflow_dispatch:
permissions: {}
jobs:
update-apt-dependencies:
name: ${{ github.event_name == 'pull_request' && '🧪' || '' }} OS (🍨 ${{ matrix.flavor }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
flavor: ["base", "cpp", "rust"]
# Using our own container is required since we need all package sources
# set-up correctly.
container: ghcr.io/philips-software/amp-devcontainer-${{ matrix.flavor }}:edge
permissions:
contents: write # is needed by gh cli to create branches and push commits
pull-requests: write # is needed by gh cli to create a PR
steps:
- uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/update-apt-packages
id: update-packages
with:
input-file: .devcontainer/${{ matrix.flavor }}/apt-requirements*.json
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: token
if: github.event_name != 'pull_request'
with:
app-id: ${{ vars.FOREST_RELEASER_APP_ID }}
private-key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY }}
- name: Create pull request
if: github.event_name != 'pull_request'
env:
BRANCH: feature/amp-devcontainer-${{ matrix.flavor }}/update-apt-packages
COMMIT_MESSAGE: Update ${{ join(fromJson(steps.update-packages.outputs.updated-dependencies), ', ') }}
GH_TOKEN: ${{ steps.token.outputs.token }}
TITLE: "chore(deps, ${{ matrix.flavor }}): update ${{ join(fromJson(steps.update-packages.outputs.updated-dependencies), ', ') }}"
run: |
if [[ -z "$(git status --porcelain)" ]]; then
echo No changes detected
exit 0
fi
git config user.name github-actions[bot]
git config user.email 41898282+github-actions[bot]@users.noreply.github.com
gh auth setup-git
git checkout -B "${BRANCH}"
git add .
git commit -m "${COMMIT_MESSAGE}"
git push --force-with-lease origin "${BRANCH}"
pr_number="$(gh pr list --head "${BRANCH}" --state open --json number --jq '.[0].number')"
if [[ -n "${pr_number}" ]]; then
gh pr edit "${pr_number}" --title "${TITLE}" --add-label dependencies --add-label apt
else
gh pr create --head "${BRANCH}" --title "${TITLE}" --body "${COMMIT_MESSAGE}" --label dependencies --label apt
fi
update-vscode-extensions:
name: ${{ github.event_name == 'pull_request' && '🧪' || '' }} Extensions (🍨 ${{ matrix.flavor }}, ${{ matrix.file }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
flavor: [cpp, rust]
file: [devcontainer-metadata.json, devcontainer.json]
permissions:
contents: write # is needed by gh cli to create branches and push commits
pull-requests: write # is needed by gh cli to create a PR
steps:
- uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/update-vscode-extensions
id: update-extensions
with:
input-file: .devcontainer/${{ matrix.flavor }}/${{ matrix.file }}
- name: Generate PR body
run: |
{
echo "> [!NOTE]"
echo "> Before merging this PR, please conduct a manual test checking basic functionality of the updated plug-ins. There are limited automated tests for the VS Code Extension updates."
echo ""
cat "$MARKDOWN_SUMMARY_FILE"
} >> "${RUNNER_TEMP}/pull-request-body.md"
env:
MARKDOWN_SUMMARY_FILE: ${{ steps.update-extensions.outputs.markdown-summary-file }}
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: token
if: github.event_name != 'pull_request'
with:
app-id: ${{ vars.FOREST_RELEASER_APP_ID }}
private-key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY }}
- name: Create pull request
if: github.event_name != 'pull_request'
env:
BODY_PATH: ${{ runner.temp }}/pull-request-body.md
BRANCH: feature/amp-devcontainer-${{ matrix.flavor }}/update-vscode-extensions-${{ matrix.file }}
COMMIT_MESSAGE: Update ${{ join(fromJson(steps.update-extensions.outputs.updated-dependencies), ', ') }} in ${{ matrix.file }}
GH_TOKEN: ${{ steps.token.outputs.token }}
TITLE: "chore(deps, ${{ matrix.flavor }}): update ${{ join(fromJson(steps.update-extensions.outputs.updated-dependencies), ', ') }} in ${{ matrix.file }}"
run: |
if [[ -z "$(git status --porcelain)" ]]; then
echo No changes detected
exit 0
fi
git config user.name github-actions[bot]
git config user.email 41898282+github-actions[bot]@users.noreply.github.com
gh auth setup-git
git checkout -B "${BRANCH}"
git add .
git commit -m "${COMMIT_MESSAGE}"
git push --force-with-lease origin "${BRANCH}"
pr_number="$(gh pr list --head "${BRANCH}" --state open --json number --jq '.[0].number')"
if [[ -n "${pr_number}" ]]; then
gh pr edit "${pr_number}" --title "${TITLE}" --body-file "${BODY_PATH}" --add-label dependencies --add-label vscode-extensions
else
gh pr create --head "${BRANCH}" --title "${TITLE}" --body-file "${BODY_PATH}" --label dependencies --label vscode-extensions
fi