From 00e20fea4731c2fa213dbd2fac396ff84fec1cbe Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Date: Fri, 25 Aug 2023 12:51:26 +0200 Subject: [PATCH 1/3] chore: automate upgrading Node.js on cdktf-provider-project --- .gitattributes | 3 + .github/workflows/auto-approve.yml | 33 +++++++ .github/workflows/automerge.yml | 25 +++++ .github/workflows/build.yml | 4 +- .github/workflows/release.yml | 2 +- .github/workflows/upgrade-main.yml | 4 +- .github/workflows/upgrade-node.yml | 67 +++++++++++++ .gitignore | 3 + .projen/deps.json | 4 + .projen/files.json | 3 + .projenrc.ts | 21 +++- package.json | 3 +- projenrc/auto-approve.ts | 62 ++++++++++++ projenrc/automerge.ts | 55 +++++++++++ projenrc/scripts/check-node-versions.js | 83 ++++++++++++++++ projenrc/upgrade-node.ts | 121 ++++++++++++++++++++++++ yarn.lock | 39 ++++++++ 17 files changed, 521 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/auto-approve.yml create mode 100644 .github/workflows/automerge.yml create mode 100644 .github/workflows/upgrade-node.yml create mode 100644 projenrc/auto-approve.ts create mode 100644 projenrc/automerge.ts create mode 100644 projenrc/scripts/check-node-versions.js create mode 100644 projenrc/upgrade-node.ts diff --git a/.gitattributes b/.gitattributes index f84a8ed2..8749411e 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4,11 +4,14 @@ /.eslintrc.json linguist-generated /.gitattributes linguist-generated /.github/pull_request_template.md linguist-generated +/.github/workflows/auto-approve.yml linguist-generated +/.github/workflows/automerge.yml linguist-generated /.github/workflows/build.yml linguist-generated /.github/workflows/lock.yml linguist-generated /.github/workflows/pull-request-lint.yml linguist-generated /.github/workflows/release.yml linguist-generated /.github/workflows/upgrade-main.yml linguist-generated +/.github/workflows/upgrade-node.yml linguist-generated /.gitignore linguist-generated /.npmignore linguist-generated /.npmrc linguist-generated diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml new file mode 100644 index 00000000..97990d8e --- /dev/null +++ b/.github/workflows/auto-approve.yml @@ -0,0 +1,33 @@ +# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen". + +name: auto-approve +on: + pull_request: + types: + - opened + - labeled + - ready_for_review + - reopened +jobs: + approve: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false + steps: + - name: Checkout PR + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + with: + ref: ${{ github.event.pull_request.head.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - name: Auto-approve PRs by other users as team-tf-cdk + if: github.event.pull_request.user.login != 'team-tf-cdk' + env: + GH_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} + run: gh pr review ${{ github.event.pull_request.number }} --approve + - name: Auto-approve PRs by team-tf-cdk as github-actions[bot] + if: github.event.pull_request.user.login == 'team-tf-cdk' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review ${{ github.event.pull_request.number }} --approve diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 00000000..fdf5494c --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,25 @@ +# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen". + +name: automerge +on: + pull_request: + types: + - opened + - labeled + - ready_for_review + - reopened + - synchronize +concurrency: ${{ github.workflow }}-${{ github.ref }} +jobs: + automerge: + runs-on: ubuntu-latest + permissions: + contents: read + if: contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false + steps: + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - name: Turn on automerge for this PR + env: + GH_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} + run: gh pr merge --auto --squash ${{ github.event.pull_request.number }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c10b0da3..beaf0832 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -64,7 +64,7 @@ jobs: if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} ref: ${{ github.event.pull_request.head.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10b95640..c1fd5735 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: fetch-depth: 0 - name: Set git identity diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 96bf443d..5a5bc51d 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -15,7 +15,7 @@ jobs: patch_created: ${{ steps.create_patch.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: ref: main - name: Setup Node.js @@ -46,7 +46,7 @@ jobs: if: ${{ needs.upgrade.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: ref: main - name: Download patch diff --git a/.github/workflows/upgrade-node.yml b/.github/workflows/upgrade-node.yml new file mode 100644 index 00000000..1ebed615 --- /dev/null +++ b/.github/workflows/upgrade-node.yml @@ -0,0 +1,67 @@ +# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen". + +name: upgrade-node +on: + schedule: + - cron: 23 3 * * * + workflow_dispatch: {} +concurrency: ${{ github.workflow }}-${{ github.ref }} +jobs: + upgrade: + name: Upgrade Node.js + runs-on: ubuntu-latest + permissions: + contents: read + env: + CI: "false" + steps: + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - name: Install + run: yarn install + - name: Get current Node.js version + id: current_version + run: |- + ENGINES_NODE_VERSION=$(npm pkg get engines.node | tr -d '"') + CURRENT_VERSION=$(cut -d " " -f 2 <<< "$ENGINES_NODE_VERSION") + CURRENT_VERSION_SHORT=$(cut -d "." -f 1 <<< "$CURRENT_VERSION") + echo "CURRENT_NODEJS_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV + echo "CURRENT_NODEJS_VERSION_SHORT=$CURRENT_VERSION_SHORT" >> $GITHUB_ENV + echo "value=$CURRENT_VERSION" >> $GITHUB_OUTPUT + echo "short=$CURRENT_VERSION_SHORT" >> $GITHUB_OUTPUT + - name: Get the earliest supported Node.js version whose EOL date is at least a month away + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 + with: + script: |- + const script = require('./projenrc/scripts/check-node-versions.js') + await script({github, context, core}) + - name: Set the new minNodeVersion in .projenrc.ts + if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT + run: 'sed -i "s/minNodeVersion: \".*\",/minNodeVersion: \"$NEW_NODEJS_VERSION\",/" ./.projenrc.ts' + - name: Activate Projen to propagate the new version everywhere + if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT + run: yarn projen + - name: Test compile to ensure the update doesn't introduce any major issues + if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT + run: yarn run compile + - name: Get values for pull request + id: latest_version + if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT + run: |- + echo "value=$NEW_NODEJS_VERSION" >> $GITHUB_OUTPUT + echo "short=$NEW_NODEJS_VERSION_SHORT" >> $GITHUB_OUTPUT + - name: Create Pull Request + if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT + uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 + with: + commit-message: "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}" + branch: auto/upgrade-node-${{ steps.latest_version.outputs.short }} + base: main + title: "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}" + body: This PR increases the minimum supported Node.js version to `${{ steps.latest_version.outputs.value }}` from `${{ steps.current_version.outputs.value }}` because version ${{ steps.current_version.outputs.short }} is less than 30 days away from EOL. + labels: automerge,automated,security + token: ${{ secrets.PROJEN_GITHUB_TOKEN }} + author: team-tf-cdk + committer: team-tf-cdk + signoff: true + delete-branch: true diff --git a/.gitignore b/.gitignore index f7cb91ee..f76a3d22 100644 --- a/.gitignore +++ b/.gitignore @@ -53,3 +53,6 @@ tsconfig.json !/API.md !/LICENSE !/.github/workflows/lock.yml +!/.github/workflows/auto-approve.yml +!/.github/workflows/automerge.yml +!/.github/workflows/upgrade-node.yml diff --git a/.projen/deps.json b/.projen/deps.json index f67ec89e..86c9f804 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -80,6 +80,10 @@ "version": "1.x", "type": "build" }, + { + "name": "node-fetch", + "type": "build" + }, { "name": "npm-check-updates", "version": "^16", diff --git a/.projen/files.json b/.projen/files.json index ef00bd6c..cde6ceec 100644 --- a/.projen/files.json +++ b/.projen/files.json @@ -3,11 +3,14 @@ ".eslintrc.json", ".gitattributes", ".github/pull_request_template.md", + ".github/workflows/auto-approve.yml", + ".github/workflows/automerge.yml", ".github/workflows/build.yml", ".github/workflows/lock.yml", ".github/workflows/pull-request-lint.yml", ".github/workflows/release.yml", ".github/workflows/upgrade-main.yml", + ".github/workflows/upgrade-node.yml", ".gitignore", ".npmrc", ".prettierignore", diff --git a/.projenrc.ts b/.projenrc.ts index b2f9681c..3939b8eb 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -5,17 +5,21 @@ import { cdk } from "projen"; import { UpgradeDependenciesSchedule } from "projen/lib/javascript"; +import { AutoApprove } from "./projenrc/auto-approve"; +import { Automerge } from "./projenrc/automerge"; +import { UpgradeNode } from "./projenrc/upgrade-node"; import { CustomizedLicense } from "./src/customized-license"; import { LockIssues } from "./src/lock-issues"; const githubActionPinnedVersions = { - "actions/checkout": "8e5e7e5ab8b370d6c329ec480221332ada57f0ab", // v3.5.2 + "actions/checkout": "c85c95e3d7251135ab7dc9ce3241c5835cc595a9", // v3.5.3 + "actions/download-artifact": "9bc31d5ccc31df68ecc42ccf4149144866c47d8a", // v3.0.2 + "actions/github-script": "d7906e4ad0b1822421a7e6a35d5ca353c962f410", // v6.4.1 "actions/setup-node": "64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c", // v3.6.0 "actions/upload-artifact": "0b7f8abb1508181956e8e162db84b466c27e18ce", // v3.1.2 - "actions/download-artifact": "9bc31d5ccc31df68ecc42ccf4149144866c47d8a", // v3.0.2 - "dessant/lock-threads": "c1b35aecc5cdb1a34539d14196df55838bb2f836", // v4.0.0 "amannn/action-semantic-pull-request": "c3cd5d1ea3580753008872425915e343e351ab54", // v5.2.0 + "dessant/lock-threads": "c1b35aecc5cdb1a34539d14196df55838bb2f836", // v4.0.0 "peter-evans/create-pull-request": "284f54f989303d2699d373481a0cfa13ad5a6666", // v5.0.1 }; @@ -23,12 +27,16 @@ const project = new cdk.JsiiProject({ name: "@cdktf/provider-project", author: "HashiCorp", authorAddress: "https://hashicorp.com", - repositoryUrl: "https://github.com/hashicorp/cdktf-provider-project.git", + repositoryUrl: "https://github.com/cdktf/cdktf-provider-project.git", authorOrganization: true, licensed: false, // we do supply our own license file with a custom header peerDeps: ["projen@^0.71.46"], deps: ["change-case", "fs-extra"], - devDeps: ["@types/fs-extra", "glob"], + devDeps: [ + "@types/fs-extra", + "glob", + "node-fetch", // @TODO this can be removed once we upgrade to Node 18 and use native fetch + ], bundledDeps: ["change-case", "fs-extra"], license: "MPL-2.0", defaultReleaseBranch: "main", @@ -56,6 +64,9 @@ project.addFields({ publishConfig: { access: "public" } }); new CustomizedLicense(project, 2020); new LockIssues(project); +new AutoApprove(project); +new Automerge(project); +new UpgradeNode(project); // Run copywrite tool to add copyright headers to all files // This is for this repository itself, not for the projects diff --git a/package.json b/package.json index c9fa4557..76eba156 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "@cdktf/provider-project", "repository": { "type": "git", - "url": "https://github.com/hashicorp/cdktf-provider-project.git" + "url": "https://github.com/cdktf/cdktf-provider-project.git" }, "scripts": { "build": "npx projen build", @@ -53,6 +53,7 @@ "jsii-diff": "^1.70.0", "jsii-docgen": "^3.8.31", "jsii-pacmak": "^1.70.0", + "node-fetch": "^3.3.2", "npm-check-updates": "^16", "prettier": "^2.7.1", "projen": "0.71.46", diff --git a/projenrc/auto-approve.ts b/projenrc/auto-approve.ts new file mode 100644 index 00000000..89591a76 --- /dev/null +++ b/projenrc/auto-approve.ts @@ -0,0 +1,62 @@ +/** + * Copyright (c) HashiCorp, Inc. + * SPDX-License-Identifier: MPL-2.0 + */ + +import { javascript } from "projen"; +import { JobPermission } from "projen/lib/github/workflows-model"; + +/** + * Approves PRs with the "auto-approve" label + */ +export class AutoApprove { + constructor(project: javascript.NodeProject) { + const workflow = project.github?.addWorkflow("auto-approve"); + + if (!workflow) throw new Error("no workflow defined"); + + workflow.on({ + pullRequest: { + types: ["opened", "labeled", "ready_for_review", "reopened"], + }, + }); + + workflow.addJobs({ + approve: { + runsOn: ["ubuntu-latest"], + if: "contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false", + steps: [ + { + name: "Checkout PR", + uses: "actions/checkout@v3", + with: { + ref: "${{ github.event.pull_request.head.ref }}", + repository: + "${{ github.event.pull_request.head.repo.full_name }}", + }, + }, + { + name: "Auto-approve PRs by other users as team-tf-cdk", + if: "github.event.pull_request.user.login != 'team-tf-cdk'", + run: "gh pr review ${{ github.event.pull_request.number }} --approve", + env: { + GH_TOKEN: "${{ secrets.PROJEN_GITHUB_TOKEN }}", + }, + }, + { + name: "Auto-approve PRs by team-tf-cdk as github-actions[bot]", + if: "github.event.pull_request.user.login == 'team-tf-cdk'", + run: "gh pr review ${{ github.event.pull_request.number }} --approve", + env: { + GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}", + }, + }, + ], + permissions: { + contents: JobPermission.READ, + pullRequests: JobPermission.WRITE, + }, + }, + }); + } +} diff --git a/projenrc/automerge.ts b/projenrc/automerge.ts new file mode 100644 index 00000000..03ba365c --- /dev/null +++ b/projenrc/automerge.ts @@ -0,0 +1,55 @@ +/** + * Copyright (c) HashiCorp, Inc. + * SPDX-License-Identifier: MPL-2.0 + */ + +import { javascript } from "projen"; +import { JobPermission } from "projen/lib/github/workflows-model"; + +/** + * Turns on GitHub's native automerge for PRs with the "automerge" label + */ +export class Automerge { + constructor(project: javascript.NodeProject) { + const workflow = project.github?.addWorkflow("automerge"); + + if (!workflow) throw new Error("no workflow defined"); + + workflow.on({ + pullRequest: { + types: [ + "opened", + "labeled", + "ready_for_review", + "reopened", + "synchronize", + ], + }, + }); + + (workflow.concurrency as any) = "${{ github.workflow }}-${{ github.ref }}"; + + workflow.addJobs({ + automerge: { + runsOn: ["ubuntu-latest"], + if: "contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false", + steps: [ + { + name: "Checkout", + uses: "actions/checkout@v3", + }, + { + name: "Turn on automerge for this PR", + run: "gh pr merge --auto --squash ${{ github.event.pull_request.number }}", + env: { + GH_TOKEN: "${{ secrets.PROJEN_GITHUB_TOKEN }}", + }, + }, + ], + permissions: { + contents: JobPermission.READ, + }, + }, + }); + } +} diff --git a/projenrc/scripts/check-node-versions.js b/projenrc/scripts/check-node-versions.js new file mode 100644 index 00000000..75562f62 --- /dev/null +++ b/projenrc/scripts/check-node-versions.js @@ -0,0 +1,83 @@ +/** + * Copyright (c) HashiCorp, Inc. + * SPDX-License-Identifier: MPL-2.0 + */ +const fetch = require("node-fetch"); // @TODO this can be removed once we upgrade to Node 18 and use native fetch + +const today = new Date(); +const oneMonthFromToday = new Date(); +oneMonthFromToday.setDate(today.getDate() + 30); +// console.debug("oneMonthFromToday", oneMonthFromToday.toDateString()); + +// Code below adapted from https://stackoverflow.com/a/71520193 +const versionRegex = /v(\d+)\.(\d+)\.(\d+)/; // 'v16.14.3' + +// convert version string to a number for easier sorting +function calcVersion(x) { + const match = x.match(versionRegex); + if (!match) { + throw new Error(`version regex failed to match version string '${x}'`); + } + return (+match[1] * 1000000) + (+match[2] * 1000) + (+match[3]); +} + +async function getLTSVersions() { + const response = await fetch("https://nodejs.org/download/release/index.json"); + const data = await response.json(); + const allLTSVersions = data.filter(item => item.lts); + + // for performance reasons when sorting, + // precalculate an actual version number from the version string + allLTSVersions.forEach(item => item.numVersion = calcVersion(item.version)); + allLTSVersions.sort((a, b) => a.numVersion - b.numVersion); + + // console.debug("All LTS versions - sorted oldest first"); + // console.debug(allLTSVersions.map(item => item.version)); + + const firstLTSVersions = {}; + allLTSVersions.forEach((item) => { + const majorVersion = `v${item.version.match(versionRegex)[1]}`; + if (!firstLTSVersions[majorVersion]) { + firstLTSVersions[majorVersion] = item.version; + } + }); + + console.debug("First LTS versions"); + console.debug(firstLTSVersions); + + return firstLTSVersions; +} + +/** Return the earliest supported version whose EOL date is at least a month away */ +async function getEarliestSupportedVersion() { + // https://github.com/nodejs/Release/blob/main/schedule.json + const response = await fetch("https://raw.githubusercontent.com/nodejs/Release/main/schedule.json"); + const data = await response.json(); + const activelySupportedVersions = Object.entries(data).filter(([version, metadata]) => { + return new Date(metadata.lts) <= today && new Date(metadata.end) > oneMonthFromToday; + }).sort((a, b) => new Date(a[1].start) - new Date(b[1].start)); + + console.debug("Actively supported versions with an EOL date at least 1 month away") + console.debug(Object.fromEntries(activelySupportedVersions)); + + return activelySupportedVersions[0][0]; +} + +async function getDesiredVersion() { + const ltsVersions = await getLTSVersions(); + const earliestSupportedVersion = await getEarliestSupportedVersion(); + const version = ltsVersions[earliestSupportedVersion]; + + // console.debug("earliestSupportedVersion", earliestSupportedVersion); + console.log("desired version", version); + + return version; +} + +module.exports = async ({github, context, core}) => { + const version = await getDesiredVersion(); + const short = version.match(versionRegex)[1]; + + core.exportVariable('NEW_NODEJS_VERSION', version.slice(1)); // strip the 'v' from the start of the string + core.exportVariable('NEW_NODEJS_VERSION_SHORT', short); +} diff --git a/projenrc/upgrade-node.ts b/projenrc/upgrade-node.ts new file mode 100644 index 00000000..93db4720 --- /dev/null +++ b/projenrc/upgrade-node.ts @@ -0,0 +1,121 @@ +/** + * Copyright (c) HashiCorp, Inc. + * SPDX-License-Identifier: MPL-2.0 + */ + +import { javascript } from "projen"; +import { JobPermission } from "projen/lib/github/workflows-model"; + +/** + * Auto-updates Node to the next LTS version a month before the previous one goes EOL + * NOTE: This script is only used by cdktf-provider-project itself, not by the individual providers + */ +export class UpgradeNode { + constructor(project: javascript.NodeProject) { + const workflow = project.github?.addWorkflow("upgrade-node"); + + if (!workflow) throw new Error("no workflow defined"); + + workflow.on({ + schedule: [{ cron: "23 3 * * *" }], // Runs once a day + workflowDispatch: {}, // allow manual triggering + }); + + (workflow.concurrency as any) = "${{ github.workflow }}-${{ github.ref }}"; + + workflow.addJobs({ + upgrade: { + name: "Upgrade Node.js", + runsOn: ["ubuntu-latest"], + steps: [ + { + name: "Checkout", + uses: "actions/checkout@v3", + }, + { + name: "Install", + run: "yarn install", + }, + { + name: "Get current Node.js version", + id: "current_version", + run: [ + `ENGINES_NODE_VERSION=$(npm pkg get engines.node | tr -d '"')`, + `CURRENT_VERSION=$(cut -d " " -f 2 <<< "$ENGINES_NODE_VERSION")`, + `CURRENT_VERSION_SHORT=$(cut -d "." -f 1 <<< "$CURRENT_VERSION")`, + `echo "CURRENT_NODEJS_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV`, + `echo "CURRENT_NODEJS_VERSION_SHORT=$CURRENT_VERSION_SHORT" >> $GITHUB_ENV`, + `echo "value=$CURRENT_VERSION" >> $GITHUB_OUTPUT`, + `echo "short=$CURRENT_VERSION_SHORT" >> $GITHUB_OUTPUT`, + ].join("\n"), + }, + { + name: "Get the earliest supported Node.js version whose EOL date is at least a month away", + uses: "actions/github-script@v6", + with: { + script: [ + `const script = require('./projenrc/scripts/check-node-versions.js')`, + `await script({github, context, core})`, + ].join("\n"), + }, + }, + { + name: "Set the new minNodeVersion in .projenrc.ts", + if: "env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT", + run: `sed -i "s/minNodeVersion: \\".*\\",/minNodeVersion: \\"$NEW_NODEJS_VERSION\\",/" ./.projenrc.ts`, + }, + { + name: "Activate Projen to propagate the new version everywhere", + if: "env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT", + run: "yarn projen", + }, + { + name: "Test compile to ensure the update doesn't introduce any major issues", + if: "env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT", + run: "yarn run compile", + }, + { + name: "Get values for pull request", + id: "latest_version", + if: "env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT", + run: [ + `echo "value=$NEW_NODEJS_VERSION" >> $GITHUB_OUTPUT`, + `echo "short=$NEW_NODEJS_VERSION_SHORT" >> $GITHUB_OUTPUT`, + ].join("\n"), + }, + { + name: "Create Pull Request", + if: "env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT", + uses: "peter-evans/create-pull-request@v3", + with: { + "commit-message": + "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}", + branch: + "auto/upgrade-node-${{ steps.latest_version.outputs.short }}", + base: "main", + title: + "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}", + body: [ + "This PR increases the minimum supported Node.js version", + "to `${{ steps.latest_version.outputs.value }}` from `${{ steps.current_version.outputs.value }}`", + "because version ${{ steps.current_version.outputs.short }} is less than 30 days away from EOL.", + ].join(" "), + labels: "automerge,automated,security", + token: "${{ secrets.PROJEN_GITHUB_TOKEN }}", + author: "team-tf-cdk ", + committer: "team-tf-cdk ", + signoff: true, + "delete-branch": true, + }, + }, + ], + env: { + CI: "false", // otherwise, `npx projen` will fail because it tries to update the lockfile + }, + permissions: { + contents: JobPermission.READ, + }, + }, + }); + } +} diff --git a/yarn.lock b/yarn.lock index eca73450..fabe38b4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2043,6 +2043,11 @@ dargs@^7.0.0: resolved "https://registry.yarnpkg.com/dargs/-/dargs-7.0.0.tgz#04015c41de0bcb69ec84050f3d9be0caf8d6d5cc" integrity sha512-2iy1EkLdlBzQGvbweYRFxmFath8+K7+AKB0TlhHWkNuH+TmovaMH/Wp7V7R4u7f4SnX3OgLsU9t1NI9ioDnUpg== +data-uri-to-buffer@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz#d8feb2b2881e6a4f58c2e08acfd0e2834e26222e" + integrity sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A== + data-urls@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-2.0.0.tgz#156485a72963a970f5d5821aaf642bef2bf2db9b" @@ -2656,6 +2661,14 @@ fb-watchman@^2.0.0: dependencies: bser "2.1.1" +fetch-blob@^3.1.2, fetch-blob@^3.1.4: + version "3.2.0" + resolved "https://registry.yarnpkg.com/fetch-blob/-/fetch-blob-3.2.0.tgz#f09b8d4bbd45adc6f0c20b7e787e793e309dcce9" + integrity sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ== + dependencies: + node-domexception "^1.0.0" + web-streams-polyfill "^3.0.3" + figures@^3.1.0: version "3.2.0" resolved "https://registry.yarnpkg.com/figures/-/figures-3.2.0.tgz#625c18bd293c604dc4a8ddb2febf0c88341746af" @@ -2734,6 +2747,13 @@ form-data@^3.0.0: combined-stream "^1.0.8" mime-types "^2.1.12" +formdata-polyfill@^4.0.10: + version "4.0.10" + resolved "https://registry.yarnpkg.com/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz#24807c31c9d402e002ab3d8c720144ceb8848423" + integrity sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g== + dependencies: + fetch-blob "^3.1.2" + fp-and-or@^0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/fp-and-or/-/fp-and-or-0.1.3.tgz#e6fba83872a5853a56b3ebdf8d3167f5dfca1882" @@ -4632,6 +4652,20 @@ no-case@^3.0.4: lower-case "^2.0.2" tslib "^2.0.3" +node-domexception@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/node-domexception/-/node-domexception-1.0.0.tgz#6888db46a1f71c0b76b3f7555016b63fe64766e5" + integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ== + +node-fetch@^3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-3.3.2.tgz#d1e889bacdf733b4ff3b2b243eb7a12866a0b78b" + integrity sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA== + dependencies: + data-uri-to-buffer "^4.0.0" + fetch-blob "^3.1.4" + formdata-polyfill "^4.0.10" + node-gyp@^9.0.0: version "9.3.0" resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-9.3.0.tgz#f8eefe77f0ad8edb3b3b898409b53e697642b319" @@ -6425,6 +6459,11 @@ walker@^1.0.7: dependencies: makeerror "1.0.12" +web-streams-polyfill@^3.0.3: + version "3.2.1" + resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-3.2.1.tgz#71c2718c52b45fd49dbeee88634b3a60ceab42a6" + integrity sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q== + webidl-conversions@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff" From 3ea6d61d38842f39ab9821a56a250980987043e7 Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Kwon <855115+xiehan@users.noreply.github.com> Date: Wed, 4 Oct 2023 14:26:26 +0200 Subject: [PATCH 2/3] chore(deps): update pinned versions of GitHub Actions --- .projenrc.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.projenrc.ts b/.projenrc.ts index 3939b8eb..91452ec4 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -12,15 +12,15 @@ import { CustomizedLicense } from "./src/customized-license"; import { LockIssues } from "./src/lock-issues"; const githubActionPinnedVersions = { - "actions/checkout": "c85c95e3d7251135ab7dc9ce3241c5835cc595a9", // v3.5.3 + "actions/checkout": "8ade135a41bc03ea155e62e844d188df1ea18608", // v4.1.0 "actions/download-artifact": "9bc31d5ccc31df68ecc42ccf4149144866c47d8a", // v3.0.2 "actions/github-script": "d7906e4ad0b1822421a7e6a35d5ca353c962f410", // v6.4.1 - "actions/setup-node": "64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c", // v3.6.0 - "actions/upload-artifact": "0b7f8abb1508181956e8e162db84b466c27e18ce", // v3.1.2 + "actions/setup-node": "5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d", // v3.8.1 + "actions/upload-artifact": "a8a3f3ad30e3422c9c7b888a15615d19a852ae32", // v3.1.3 "amannn/action-semantic-pull-request": - "c3cd5d1ea3580753008872425915e343e351ab54", // v5.2.0 - "dessant/lock-threads": "c1b35aecc5cdb1a34539d14196df55838bb2f836", // v4.0.0 - "peter-evans/create-pull-request": "284f54f989303d2699d373481a0cfa13ad5a6666", // v5.0.1 + "47b15d52c5c30e94a17ec87eb8dd51ff5221fed9", // v5.3.0 + "dessant/lock-threads": "be8aa5be94131386884a6da4189effda9b14aa21", // v4.0.1 + "peter-evans/create-pull-request": "153407881ec5c347639a548ade7d8ad1d6740e38", // v5.0.2 }; const project = new cdk.JsiiProject({ From 636e63a9e62d1958644c233e320a2860db3c8b79 Mon Sep 17 00:00:00 2001 From: team-tf-cdk Date: Wed, 4 Oct 2023 12:28:50 +0000 Subject: [PATCH 3/3] chore: self mutation Signed-off-by: team-tf-cdk --- .github/workflows/auto-approve.yml | 2 +- .github/workflows/automerge.yml | 2 +- .github/workflows/build.yml | 12 ++++++------ .github/workflows/lock.yml | 2 +- .github/workflows/pull-request-lint.yml | 2 +- .github/workflows/release.yml | 10 +++++----- .github/workflows/upgrade-main.yml | 10 +++++----- .github/workflows/upgrade-node.yml | 4 ++-- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 97990d8e..e789e65a 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -17,7 +17,7 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false steps: - name: Checkout PR - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index fdf5494c..587809c3 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -18,7 +18,7 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Turn on automerge for this PR env: GH_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index beaf0832..b65b4476 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,12 +15,12 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Setup Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Install dependencies @@ -38,7 +38,7 @@ jobs: git diff --staged --patch --exit-code > .repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT - name: Upload patch if: steps.self_mutation.outputs.self_mutation_happened - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: .repo.patch path: .repo.patch @@ -52,7 +52,7 @@ jobs: run: cd dist && getfacl -R . > permissions-backup.acl continue-on-error: true - name: Upload artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: build-artifact path: dist @@ -64,7 +64,7 @@ jobs: if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} ref: ${{ github.event.pull_request.head.ref }} @@ -93,7 +93,7 @@ jobs: permissions: {} if: "! needs.build.outputs.self_mutation_happened" steps: - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Download build artifacts diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index b9f06d3f..1b52a4d2 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -11,7 +11,7 @@ jobs: pull-requests: write issues: write steps: - - uses: dessant/lock-threads@c1b35aecc5cdb1a34539d14196df55838bb2f836 + - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 with: issue-comment: I'm going to lock this issue because it has been closed for at least 7 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please [open a new issue](https://github.com/cdktf/cdktf-provider-project/issues/new) so we can investigate further. issue-inactive-days: 7 diff --git a/.github/workflows/pull-request-lint.yml b/.github/workflows/pull-request-lint.yml index b7ffb5bd..a8ddc6cf 100644 --- a/.github/workflows/pull-request-lint.yml +++ b/.github/workflows/pull-request-lint.yml @@ -17,7 +17,7 @@ jobs: permissions: pull-requests: write steps: - - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 + - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c1fd5735..86897859 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: fetch-depth: 0 - name: Set git identity @@ -25,7 +25,7 @@ jobs: git config user.name "github-actions" git config user.email "github-actions@github.com" - name: Setup Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Install dependencies @@ -41,7 +41,7 @@ jobs: continue-on-error: true - name: Upload artifact if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: build-artifact path: dist @@ -53,7 +53,7 @@ jobs: contents: write if: needs.release.outputs.latest_commit == github.sha steps: - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Download build artifacts @@ -82,7 +82,7 @@ jobs: contents: read if: needs.release.outputs.latest_commit == github.sha steps: - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Download build artifacts diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 5a5bc51d..8888e6cc 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -15,11 +15,11 @@ jobs: patch_created: ${{ steps.create_patch.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: ref: main - name: Setup Node.js - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d with: node-version: 16.14.0 - name: Install dependencies @@ -33,7 +33,7 @@ jobs: git diff --staged --patch --exit-code > .repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT - name: Upload patch if: steps.create_patch.outputs.patch_created - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: .repo.patch path: .repo.patch @@ -46,7 +46,7 @@ jobs: if: ${{ needs.upgrade.outputs.patch_created }} steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: ref: main - name: Download patch @@ -62,7 +62,7 @@ jobs: git config user.email "github-team-tf-cdk@hashicorp.com" - name: Create Pull Request id: create-pr - uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 with: token: ${{ secrets.PROJEN_GITHUB_TOKEN }} commit-message: |- diff --git a/.github/workflows/upgrade-node.yml b/.github/workflows/upgrade-node.yml index 1ebed615..975ea13a 100644 --- a/.github/workflows/upgrade-node.yml +++ b/.github/workflows/upgrade-node.yml @@ -16,7 +16,7 @@ jobs: CI: "false" steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Install run: yarn install - name: Get current Node.js version @@ -52,7 +52,7 @@ jobs: echo "short=$NEW_NODEJS_VERSION_SHORT" >> $GITHUB_OUTPUT - name: Create Pull Request if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT - uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 with: commit-message: "chore!: increase minimum supported Node.js version to ${{ steps.latest_version.outputs.short }}" branch: auto/upgrade-node-${{ steps.latest_version.outputs.short }}