Skip to content

Commit

Permalink
PK 4.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Shmuma committed Mar 13, 2024
1 parent 86e2ca0 commit d54ab5b
Show file tree
Hide file tree
Showing 12 changed files with 620 additions and 259 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/broken_links_checker.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 40 additions & 7 deletions .github/workflows/dependencies_check.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

175 changes: 175 additions & 0 deletions .github/workflows/dependencies_update.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
# Generated by Project Keeper
# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml
name: Update dependencies
on:
workflow_call:
inputs:
# [impl->dsn~dependency-updater.workflow.vulnerability-info~1]
vulnerability_issues:
description: "GitHub issues for vulnerable dependencies as JSONL"
required: true
type: string
workflow_dispatch:

jobs:
update_dependencies:
runs-on: ubuntu-latest
defaults:
run:
shell: "bash"
permissions:
contents: write
pull-requests: write

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Set up JDKs
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"

- name: Print issues
run: |
echo "Issues from Action input: $ISSUES"
env:
ISSUES: ${{ inputs.vulnerability_issues }}

- name: Fail if not running on a branch
if: ${{ !startsWith(github.ref, 'refs/heads/') }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch')
- name: Update dependencies
# [impl->dsn~dependency-updater.workflow.start-pk-update~1]
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \
-Dproject-keeper:vulnerabilities="$CREATED_ISSUES"
env:
CREATED_ISSUES: ${{ inputs.vulnerability_issues }}

- name: Project Keeper Fix
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Project Keeper Fix for updated Project Keeper version
# Calling PK fix a second time is necessary because the first invocation potentially updated PK itself.
# So we need to run PK fix again with the latest PK version.
# [impl->dsn~dependency-updater.workflow.start-pk-fix~1]
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Generate Pull Request comment
id: pr-comment
# [impl->dsn~dependency-updater.workflow.create-pull-request~1]
# [impl->dsn~dependency-updater.workflow.pull-request-trigger-ci-build~1]
run: |
echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT"
if [ -n "$CREATED_ISSUES" ]; then
echo 'It updates dependencies to fix the following vulnerabilities:' >> "$GITHUB_OUTPUT"
echo $CREATED_ISSUES | jq --raw-output '. | "* Closes " + .issue_url + " (" + .cve + ")"' >> "$GITHUB_OUTPUT"
else
echo 'It updates dependencies.' >> "$GITHUB_OUTPUT"
fi
echo >> "$GITHUB_OUTPUT"
echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT"
echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT"
echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT"
echo 'EOF' >> "$GITHUB_OUTPUT"
cat "$GITHUB_OUTPUT"
env:
CREATED_ISSUES: ${{ inputs.vulnerability_issues }}

- name: Generate Pull Request Title
id: pr-title
run: |
if [ -n "$CREATED_ISSUES" ]; then
echo "Security issues are available"
echo "title=🔐 Update dependencies to fix vulnerabilities" >> "$GITHUB_OUTPUT"
else
echo "Security issues are not available"
echo "title=Update dependencies" >> "$GITHUB_OUTPUT"
fi
cat "$GITHUB_OUTPUT"
env:
CREATED_ISSUES: ${{ inputs.vulnerability_issues }}

- name: Configure git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Automatic Dependency Updater"
- name: Create branch
if: ${{ github.ref == 'refs/heads/main' }}
run: |
branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")"
echo "Creating branch $branch_name"
git checkout -b "$branch_name"
- name: Commit changes & push
if: ${{ startsWith(github.ref, 'refs/heads/' ) }}
run: |
branch_name=$(git rev-parse --abbrev-ref HEAD)
echo "Current branch: $branch_name"
echo "git diff --stat"
git diff --stat
echo "git diff --numstat"
git diff --numstat
echo "git diff --name-status"
git diff --name-status
echo "Adding untracked files:"
git add . --verbose --all
echo "Committing changes..."
git commit --message "$TITLE"
echo "Pushing branch $branch_name..."
git push --set-upstream origin "$branch_name"
echo "Done."
env:
TITLE: ${{ steps.pr-title.outputs.title }}

- name: Create pull request
id: create-pr
if: ${{ github.ref == 'refs/heads/main' }}
run: |
pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT")
echo "Created Pull Request: $pr_url"
echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT"
env:
COMMENT: ${{ steps.pr-comment.outputs.comment }}
TITLE: ${{ steps.pr-title.outputs.title }}
GH_TOKEN: ${{ github.token }}

- name: Report failure Status to Slack channel
# Also run this step in case of failures
if: ${{ always() }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ secrets.GITHUB_TOKEN }}
notification_title: "Dependency check in {repo} has {status_message}"
message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
notify_when: "failure,cancelled,warnings"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}

- name: Report new Pull Request to Slack channel
if: ${{ steps.create-pr.outputs.pr_url }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
token: ${{ secrets.GITHUB_TOKEN }}
notification_title: "Dependency update for {repo} created a Pull Request"
message_format: "{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}"
env:
SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
Loading

0 comments on commit d54ab5b

Please sign in to comment.