-
Notifications
You must be signed in to change notification settings - Fork 52
100 lines (90 loc) · 4.11 KB
/
dependency-updates-post-processing.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: "Dependency Updates Post-Processing"
on:
pull_request:
paths:
- ".github/workflows/dependency-updates-post-processing.yaml"
- "src/**/go.mod"
- "src/**/go.sum"
workflow_dispatch: {}
jobs:
dependency-updates-post-processing:
if: github.actor == 'renovate[bot]'
name: "Dependency Updates Post-Processing"
runs-on: ubuntu-latest
container:
image: ghcr.io/cloudfoundry/app-autoscaler-release-tools:main
permissions:
pull-requests: write
contents: write
steps:
# We potentially want to add at the end a commit by the author of the most recent
# commit in this branch. However github has some protection which prevents workflows
# to run in case a commit has been pushed with the default job-specific github-token.
# For this case we need to use another one here.
#
# For more information, see:
# <https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow>
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
token: ${{ secrets.APP_AUTOSCALER_CI_TOKEN }} # With push token that can trigger new PR jobs
- name: Configure git
id: configure_git
shell: bash
run: |
#! /usr/bin/env bash
set -eu -o pipefail
git config --global --add safe.directory "${GITHUB_WORKSPACE}"
declare -r commit_author_name="$(git log -1 --pretty=format:'%an')"
declare -r commit_author_email="$(git log -1 --pretty=format:'%ae')"
declare -r commit_subject="$(git log -1 ${{ github.head_ref }} --pretty=format:'%s')"
git config user.name "${commit_author_name}"
git config user.email "${commit_author_email}"
echo "commit_author_name=${commit_author_name}" >> $GITHUB_OUTPUT
echo "commit_subject=${commit_subject}" >> $GITHUB_OUTPUT
- name: go-mod-tidy and make package-specs
shell: bash
env:
GH_TOKEN: ${{ secrets.APP_AUTOSCALER_CI_TOKEN }}
run: |
#! /usr/bin/env bash
set -eu -o pipefail
# We need the subsequent standard-message to determine if the last commit
# has already cleaned up everything. In this case this workflow should not
# change anything and we exit early.
# An alternative would be to use a tag for this. But this does affect the whole
# PR instead of just the latest commit.
declare -r tidy_message='🤖🦾🛠️ go mod tidy & make package-specs'
declare -r commit_author_name="${{steps.configure_git.outputs.commit_author_name}}"
declare -r commit_message="${{steps.configure_git.outputs.commit_subject}}"
if [[ ! "${commit_author_name}" == 'renovate[bot]' ]] \
|| [[ "${commit_message}" == "${tidy_message}" ]]
then
echo 'This commit was not by a known bot or already an automatic `go mod tidy`! Exiting …'
exit 0
fi
# Generated files are needed for `go mod tidy` which is a dependency of the
# target `package-specs`. However the generation of them itself already
# requires go-modules to be tidied up. So we need to generate the files
# before changing `go.mod` and `go.sum`.
declare -r current_branch="${{ github.head_ref }}"
git checkout 'HEAD~1'
make generate-fakes
make generate-openapi-generated-clients-and-servers
git checkout "${current_branch}"
# ⚠️ For this workflow to be successful, the subsequent line must not
# trigger again the creation of the generated files.
make package-specs
declare -i -r num_changed_files="$(git status --porcelain | wc --lines)"
if ((num_changed_files > 0))
then
echo 'Changes to some files were necessary!'
git add .
git commit --message="${tidy_message}"
git push
gh pr review --approve
else
echo 'No files changed!'
fi
echo '🏁'