Sync Submodules and Dependencies #419
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sync Submodules and Dependencies | |
# Pulls changes from the main branch of submodules daily at 9:00 UTC and opens a PR. | |
on: | |
schedule: | |
- cron: '0 9 * * *' | |
workflow_dispatch: | |
permissions: | |
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. | |
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings | |
id-token: write | |
contents: write | |
pull-requests: write | |
jobs: | |
update: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
submodules: recursive | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
aws-region: ${{ secrets.REGION }} | |
role-to-assume: ${{ secrets.ROLE }} | |
role-session-name: sync-submodules-and-deps-session | |
- name: Update submodules | |
run: | | |
git submodule update --remote | |
- name: Create PR | |
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
signoff: true | |
title: 'build(deps): Bump submodules and dependencies' | |
body: > | |
Bump for Finch's dependencies. | |
Updates finch-core submodule which defines the core dependencies for Finch on each respective | |
platform such as: operating system images and Lima bundle (Lima version and it's dependencies) | |
as `lima-and-qemu.macos-*.*.tar.gz` archives. | |
Since updating the Lima version may also update the default version of the `nerdctl-full` | |
archive (which contains nerdctl, containerd, buildkit, etc.), this may require a manual | |
update to | |
[`e2e/vm/version_test.go`](https://github.com/runfinch/finch/tree/create-pull-request/patch/e2e/vm/version_test.go). | |
To do so, checkout this PR branch locally, add a new commit to the branch, | |
and push back to the branch: | |
```bash | |
git fetch --all | |
git switch create-pull-request/patch | |
# make changes | |
git add e2e/vm/version_test.go | |
git commit -s "update dependency versions in version test" | |
git push | |
``` |