Dependency Updates #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependency Updates | |
on: | |
schedule: | |
- cron: '42 5 * * 1' # Mondays at 5:42 AM | |
workflow_dispatch: {} # Manual runs | |
permissions: read-all | |
jobs: | |
update-go: | |
name: Update Go Dependencies | |
runs-on: ubuntu-latest | |
outputs: | |
changes-needed: ${{ steps.is-tree-dirty.outputs.result }} | |
env: | |
GOTOOLCHAIN: local # Prohibits adding `toolchain` directives to go.mod files. | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
with: | |
go-version: oldstable # Minimum supported go release | |
cache-dependency-path: '**/go.mod' | |
# Select the latest available version of gopkg.in/DataDog/dd-trace-go.v1, while ignoring all | |
# the `v1.999.*` versions, which are experimental pre-releases. | |
- name: Determine gopkg.in/DataDog/dd-trace-go.v1 version | |
id: dd-trace-go | |
run: |- | |
set -euo pipefail | |
version=$(go list -f '{{range .Versions}}{{.}}{{"\n"}}{{end}}' -m -versions gopkg.in/DataDog/dd-trace-go.v1 | grep -v -E '^v1\.999\.' | tail -n 1) | |
echo "version=${version}" >> "${GITHUB_OUTPUT}" | |
# Passing "go@<version>" to "go get -u" ensures no dependencies get upgraded to a release that | |
# does not support that specific go release. | |
- name: Update dependencies | |
run: find . -name go.mod -execdir go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... \; | |
- name: Run go mod tidy | |
run: find . -name go.mod -execdir go mod tidy \; | |
- name: Ensure no toolchain directive | |
run: find . -name go.mod -execdir go mod edit -toolchain=none \; | |
- id: is-tree-dirty | |
name: Check for updates | |
run: |- | |
git add . | |
git diff --staged --patch --exit-code || echo "result=true" >> "${GITHUB_OUTPUT}" | |
- name: Update LICENSE-3rdparty.csv | |
if: steps.is-tree-dirty.outputs.result == 'true' | |
run: ./_tools/make-licenses.sh | |
env: | |
TMPDIR: ${{ runner.temp }} | |
- name: Build diff | |
if: steps.is-tree-dirty.outputs.result == 'true' | |
run: |- | |
git add . | |
git diff --staged --patch > "${{ runner.temp }}/go.diff.patch" | |
- name: Upload Artifact | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 | |
with: | |
name: Patches | |
path: ${{ runner.temp }}/go.diff.patch | |
if-no-files-found: error | |
create-pr: | |
name: Create Pull Request | |
runs-on: ubuntu-latest | |
needs: [update-go] | |
if: needs.update-go.outputs.changes-needed == 'true' | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Download patches | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
with: | |
name: Patches | |
path: ${{ runner.temp }}/patches | |
- name: Apply patches | |
run: find "${{ runner.temp }}/patches" -type f -name '*.patch' -exec git apply {} \; | |
# We use ghcommit to create signed commits directly using the GitHub API | |
- name: Create branch # The branch needs to exist before we can add commits to it | |
id: create-branch | |
run: |- | |
branch="automation/dependency-updates/${{ github.run_id }}" | |
git push origin "${{ github.sha }}":"refs/heads/${branch}" | |
echo "branch=${branch}" >> "${GITHUB_OUTPUT}" | |
git fetch origin "${branch}" | |
- name: Create Commit # Adds a commit to the branch we created above | |
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0 | |
with: | |
commit_message: "chore: update all dependencies" | |
repo: ${{ github.repository }} | |
branch: ${{ steps.create-branch.outputs.branch }} | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Create PR | |
run: |- | |
git fetch origin "${{ steps.create-branch.outputs.branch }}" | |
git reset --hard HEAD | |
git switch "${{ steps.create-branch.outputs.branch }}" | |
gh pr create --title "chore: update all dependencies" \ | |
--body "Updated all go.mod dependencies to latest." \ | |
--head="${{ steps.create-branch.outputs.branch }}" | |
env: | |
# Create the PR as "github-actions[bot]" so that even the owner of the mutator token can | |
# approve the PR. | |
GITHUB_TOKEN: ${{ github.token }} | |
# The standard GitHub Token will not trigger downstream workflows, so in order to kick off CI, | |
# we'll push a blank commit to the PR branch with the mutator token. | |
- name: Trigger CI | |
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0 | |
with: | |
commit_message: "blank: trigger CI" | |
repo: ${{ github.repository }} | |
branch: ${{ steps.create-branch.outputs.branch }} | |
empty: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.MUTATOR_GITHUB_TOKEN }} |