From 8a1764204acb1607c557a46aba717ab15fb6cd8f Mon Sep 17 00:00:00 2001 From: ptrus Date: Tue, 30 Apr 2024 14:51:43 +0200 Subject: [PATCH] .github/dependabot: update all go projects in a single PR --- .github/dependabot.yml | 47 +++----- .github/workflows/ci-dependabot-fixup.yml | 118 ------------------ .github/workflows/ci-test.yaml | 4 - .gitignore | 1 - tools/gomod-updater/README.md | 11 -- tools/gomod-updater/go.mod | 11 -- tools/gomod-updater/go.sum | 12 -- tools/gomod-updater/main.go | 139 ---------------------- 8 files changed, 15 insertions(+), 328 deletions(-) delete mode 100644 .github/workflows/ci-dependabot-fixup.yml delete mode 100644 tools/gomod-updater/README.md delete mode 100644 tools/gomod-updater/go.mod delete mode 100644 tools/gomod-updater/go.sum delete mode 100644 tools/gomod-updater/main.go diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5c355099eb..8bfc9dcd38 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,30 +12,27 @@ updates: - c:deps - c:testing - # Manage client-sdk/go package versions. + # Manage go package versions. - package-ecosystem: gomod - directory: client-sdk/go/ - schedule: - interval: daily - commit-message: - prefix: "client-sdk/go:" - labels: - - c:deps - - c:client-sdk/go - ignore: - # oasis-core is manually kept up to date. - - dependency-name: github.com/oasisprotocol/oasis-core/go - - # Manage tests/e2e package versions. - - package-ecosystem: gomod - directory: tests/e2e + directories: + # Client SDK. + - client-sdk/go/ + - client-sdk/go/ts-web/core/reflect-go/ + # Tools. + - tools/orc/ + - tools/gen_runtime_vectors/ + # Tests. + - tests/e2e/ + - tests/benchmark/ + # Examples. + - examples/client-sdk/go/minimal-runtime-client/ schedule: interval: daily commit-message: - prefix: "tests/e2e:" + prefix: "go:" labels: - c:deps - - c:testing + - golang ignore: # oasis-core is manually kept up to date. - dependency-name: github.com/oasisprotocol/oasis-core/go @@ -87,17 +84,3 @@ updates: labels: - c:deps - c:client-sdk/typescript - - # Manage client-sdk/ts-web/core/reflect-go package versions. - - package-ecosystem: gomod - directory: client-sdk/ts-web/core/reflect-go/ - schedule: - interval: daily - commit-message: - prefix: "client/reflect:" - labels: - - c:deps - - c:client-sdk/go - ignore: - # oasis-core is manually kept up to date. - - dependency-name: github.com/oasisprotocol/oasis-core/go diff --git a/.github/workflows/ci-dependabot-fixup.yml b/.github/workflows/ci-dependabot-fixup.yml deleted file mode 100644 index 9af7860a8d..0000000000 --- a/.github/workflows/ci-dependabot-fixup.yml +++ /dev/null @@ -1,118 +0,0 @@ -# This workflow runs on Dependabot PRs that update Go dependencies. The workflow -# runs the gomod-updater tool to propagate the dependency updates to all Go projets -# in the repository. This is needed due to a Dependabot limitation which -# does not support updating multiple go projects in a single PR. -# https://github.com/dependabot/dependabot-core/issues/7547 - -# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. -name: ci-dependabot-fixup - -# Trigger the workflow when: -on: - # We need pull_request_target hook since Dependabot PR's are treated as though they are from a forked repository. - # This means that the CI configuration will be taken from the base branch (main) and not the PR branch, - # which makes it safe(r) to give it access to secrets. - # https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target - pull_request_target: - types: [opened, synchronize, reopened] - branches: - - main - -# Cancel in-progress jobs on same branch. -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.head.ref }} - cancel-in-progress: true - -jobs: - check-dependabot: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.ref }} - fetch-depth: "0" - # We use a Personal Access Token (PAT) to checkout and later push the commit instead of - # the default $GITHUB_TOKEN. This is because events triggered by $GITHUB_TOKEN will not - # trigger new workflow runs, but we want to re-run the CI after pushing the updated commit. - # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow - token: ${{ secrets.BOT_GITHUB_TOKEN }} - - - name: Ensure Dependebot author and Go mod updates - id: check - run: | - # Ensure Dependabot author. - if [ "${{ github.event.pull_request.user.login }}" != "dependabot[bot]" ] - then - echo "This PR was not created by Dependabot. No further action is being taken." - echo "skip=true" >> $GITHUB_OUTPUT - exit 0; - fi - - # Ensure only Dependabot commits. - git fetch --no-tags origin +refs/heads/${BASE_BRANCH}:refs/remotes/origin/${BASE_BRANCH} - if git log origin/${BASE_BRANCH}..HEAD --pretty=format:'%an' | grep -v '^dependabot\[bot\]$' | grep -q . - then - echo "This PR has commits not by Dependabot." - echo "skip=true" >> $GITHUB_OUTPUT - exit 0; - fi - - # Ensure Go dependency updates. - if ! git diff --name-only origin/${BASE_BRANCH}..HEAD | grep -q 'go\.mod$' - then - echo "This PR does not update any Go dependencies." - echo "skip=true" >> $GITHUB_OUTPUT - exit 0; - fi - - echo "All commits are by Dependabot and update Go modules." - env: - BASE_BRANCH: ${{ github.base_ref }} - - - name: Set up Go - if: steps.check.outputs.skip != 'true' - uses: actions/setup-go@v5 - with: - go-version: "1.22.x" - - - name: Build gomod updater - if: steps.check.outputs.skip != 'true' - working-directory: tools/gomod-updater - run: go build - - # Dependabot titles are: - # : bump from to in - # e.g. client-sdk/go: bump github.com/ethereum/go-ethereum from 1.12.1 to 1.13.3 in /client-sdk/go - # as long as the (configurable) is without whitespace, the bellow parsing should work. - - name: Try extracting package name and version - if: steps.check.outputs.skip != 'true' - id: extract - run: | - title="${{ github.event.pull_request.title }}" - repo=$(echo $title | awk '{print $3}') - version=$(echo $title | awk '{print $7}') - - # Set the output variables for subsequent steps - echo "repo=$repo" >> $GITHUB_OUTPUT - echo "version=$version" >> $GITHUB_OUTPUT - - - name: Run gomod updater - if: steps.check.outputs.skip != 'true' - run: | - # Ensure client-sdk is updated first, as some other packages depend on it. - client_sdk="./client-sdk/go/go.mod" - file_list=$(echo $client_sdk | awk -vORS=, '{ print $1 }') - file_list+=$(find . -type f -name 'go.mod' ! -path "$client_sdk" | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/') - tools/gomod-updater/gomod-updater ${{ steps.extract.outputs.repo }} ${{ steps.extract.outputs.version }} --packages "$file_list" - - - name: Commit and push all changed files - if: steps.check.outputs.skip != 'true' - env: - CI_COMMIT_MESSAGE: Dependabot dependencies fixup 👷 - CI_COMMIT_AUTHOR: oasisprotocol-bot - run: | - git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}" - git config --global user.email "oasisprotocol-bot@users.noreply.github.com" - git commit -a -m "${{ env.CI_COMMIT_MESSAGE }}" || echo "No changes." - git push diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml index 78925f4b47..dc4878fe2e 100644 --- a/.github/workflows/ci-test.yaml +++ b/.github/workflows/ci-test.yaml @@ -126,10 +126,6 @@ jobs: working-directory: tools/gen_runtime_vectors run: go build - - name: Test build gomod updater - working-directory: tools/gomod-updater - run: go build - typecheck: # NOTE: This name appears in GitHub's Checks API. name: typecheck diff --git a/.gitignore b/.gitignore index 4d4542da11..f9d5e66eb6 100644 --- a/.gitignore +++ b/.gitignore @@ -27,4 +27,3 @@ tests/benchmark/benchmark client-sdk/ts-web/core/reflect-go/reflect-go tools/gen_runtime_vectors/gen_runtime_vectors tools/orc/orc -tools/gomod-updater/gomod-updater diff --git a/tools/gomod-updater/README.md b/tools/gomod-updater/README.md deleted file mode 100644 index e792e4bc86..0000000000 --- a/tools/gomod-updater/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# gomod-udpater - -### Examples - -Update all (direct) dependencies in packages with (skips examples/minimal-runtime-client): - -```bash -$ ./tools/gomod-updater/gomod-updater update-all \ - --packages="./client-sdk/go/go.mod,./tests/e2e/go.mod,./tests/benchmark/go.mod,./tools/orc/go.mod,./tools/gomod-updater/go.mod,./tools/gen_runtime_vectors/go.mod,./client-sdk/ts-web/core/reflect-go/go.mod" \ - --skip github.com/oasisprotocol/oasis-sdk/client-sdk/go -``` diff --git a/tools/gomod-updater/go.mod b/tools/gomod-updater/go.mod deleted file mode 100644 index 4f69e8998d..0000000000 --- a/tools/gomod-updater/go.mod +++ /dev/null @@ -1,11 +0,0 @@ -module github.com/oasisprotocol/oasis-sdk/tools/gomod-updater - -go 1.22 - -require ( - github.com/spf13/cobra v1.8.0 - github.com/spf13/pflag v1.0.5 - golang.org/x/mod v0.15.0 -) - -require github.com/inconshreveable/mousetrap v1.1.0 // indirect diff --git a/tools/gomod-updater/go.sum b/tools/gomod-updater/go.sum deleted file mode 100644 index 9a3e1eec8b..0000000000 --- a/tools/gomod-updater/go.sum +++ /dev/null @@ -1,12 +0,0 @@ -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/tools/gomod-updater/main.go b/tools/gomod-updater/main.go deleted file mode 100644 index 622f81010c..0000000000 --- a/tools/gomod-updater/main.go +++ /dev/null @@ -1,139 +0,0 @@ -package main - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - - "github.com/spf13/cobra" - flag "github.com/spf13/pflag" - "golang.org/x/mod/modfile" -) - -var ( - packages []string - - rootCmd = &cobra.Command{ - Use: "updater [--packages ,...]]", - Short: "Utility for updating go packages in the oasis-sdk repo", - Version: "0.1.0", - Args: cobra.ExactArgs(2), - Run: func(cmd *cobra.Command, args []string) { - pkg, version := args[0], args[1] - - // Go through all packages and update the dependency (if it exists). - for _, path := range packages { - data, err := os.ReadFile(path) - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to read go.mod file: %w", err)) - } - file, err := modfile.ParseLax(path, data, nil) - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to parse go.mod file: %w", err)) - } - var requiresPkg bool - for _, req := range file.Require { - if !req.Indirect && req.Mod.Path == pkg { - requiresPkg = true - break - } - } - - fmt.Println("Updating", path) - if requiresPkg { - // Update the dependency. - cmd := exec.Command("go", "get", "-u", pkg+"@v"+version) - cmd.Dir = filepath.Dir(path) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to update dependency: %w", err)) - } - } - - // Tidy all projects since a dependency could have been updated - // in a dependent project (some projects depend on client-sdk). - cmd := exec.Command("go", "mod", "tidy") - cmd.Dir = filepath.Dir(path) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to run go mod tidy: %w", err)) - } - } - }, - } - - skip []string - updateCmd = &cobra.Command{ - Use: "update-all [--packages ,...]]", - Short: "Utility for updating all go packages in the oasis-sdk repo", - Version: "0.1.0", - Run: func(cmd *cobra.Command, args []string) { - // Go through all packages and their direct dependencies. - for _, path := range packages { - data, err := os.ReadFile(path) - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to read go.mod file: %w", err)) - } - file, err := modfile.ParseLax(path, data, nil) - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to parse go.mod file: %w", err)) - } - fmt.Println("Updating packages in:", path) - OUTER: - for _, req := range file.Require { - // Skip indirect dependencies. - if req.Indirect { - continue - } - for _, s := range skip { - if req.Mod.Path == s { - fmt.Println("Skipping", req.Mod.Path) - continue OUTER - } - } - - fmt.Println("Updating...", req.Mod.Path) - // Update the dependency. - cmd := exec.Command("go", "get", "-u", req.Mod.Path) - cmd.Dir = filepath.Dir(path) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to update dependency: %w", err)) - } - } - - // Tidy the go.mod file after updating all packages. - fmt.Println("Tidying...", path) - cmd := exec.Command("go", "mod", "tidy") - cmd.Dir = filepath.Dir(path) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - cobra.CheckErr(fmt.Errorf("failed to run go mod tidy: %w", err)) - } - } - }, - } -) - -func main() { - flags := flag.NewFlagSet("", flag.ContinueOnError) - flags.StringSliceVar(&packages, "packages", []string{"./go.mod"}, "go.mod files to update") - rootCmd.Flags().AddFlagSet(flags) - - updateFlags := flag.NewFlagSet("", flag.ContinueOnError) - updateFlags.StringSliceVar(&skip, "skip", []string{}, "dependencies to skip") - updateCmd.Flags().AddFlagSet(updateFlags) - updateCmd.Flags().AddFlagSet(flags) - rootCmd.AddCommand(updateCmd) - - _ = rootCmd.Execute() -}