Skip to content

Dependency Updates

Dependency Updates #36

Workflow file for this run

name: Dependency Updates
on:
schedule:
- cron: '42 5 * * 1' # Mondays at 5:42 AM
workflow_dispatch: {} # Manual runs
permissions: read-all
jobs:
update-go:
name: Update Go Dependencies
runs-on: ubuntu-latest
outputs:
changes-needed: ${{ steps.is-tree-dirty.outputs.result }}
env:
GOTOOLCHAIN: local # Prohibits adding `toolchain` directives to go.mod files.
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version: oldstable # Minimum supported go release
cache-dependency-path: '**/go.mod'
# Select the latest available version of gopkg.in/DataDog/dd-trace-go.v1, while ignoring all
# the `v1.999.*` versions, which are experimental pre-releases.
- name: Determine gopkg.in/DataDog/dd-trace-go.v1 version
id: dd-trace-go
run: |-
set -euo pipefail
version=$(go list -f '{{range .Versions}}{{.}}{{"\n"}}{{end}}' -m -versions gopkg.in/DataDog/dd-trace-go.v1 | grep -v -E '^v1\.999\.' | tail -n 1)
echo "version=${version}" >> "${GITHUB_OUTPUT}"
# Passing "go@<version>" to "go get -u" ensures no dependencies get upgraded to a release that
# does not support that specific go release.
- name: Update dependencies
run: find . -name go.mod -execdir go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... \;
- name: Run go mod tidy
run: find . -name go.mod -execdir go mod tidy \;
- name: Ensure no toolchain directive
run: find . -name go.mod -execdir go mod edit -toolchain=none \;
- id: is-tree-dirty
name: Check for updates
run: |-
git add .
git diff --staged --patch --exit-code || echo "result=true" >> "${GITHUB_OUTPUT}"
- name: Update LICENSE-3rdparty.csv
if: steps.is-tree-dirty.outputs.result == 'true'
run: ./_tools/make-licenses.sh
env:
TMPDIR: ${{ runner.temp }}
- name: Build diff
if: steps.is-tree-dirty.outputs.result == 'true'
run: |-
git add .
git diff --staged --patch > "${{ runner.temp }}/go.diff.patch"
- name: Upload Artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4
with:
name: Patches
path: ${{ runner.temp }}/go.diff.patch
if-no-files-found: error
create-pr:
name: Create Pull Request
runs-on: ubuntu-latest
needs: [update-go]
if: needs.update-go.outputs.changes-needed == 'true'
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download patches
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: Patches
path: ${{ runner.temp }}/patches
- name: Apply patches
run: find "${{ runner.temp }}/patches" -type f -name '*.patch' -exec git apply {} \;
# We use ghcommit to create signed commits directly using the GitHub API
- name: Create branch # The branch needs to exist before we can add commits to it
id: create-branch
run: |-
branch="automation/dependency-updates/${{ github.run_id }}"
git push origin "${{ github.sha }}":"refs/heads/${branch}"
echo "branch=${branch}" >> "${GITHUB_OUTPUT}"
git fetch origin "${branch}"
- name: Create Commit # Adds a commit to the branch we created above
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0
with:
commit_message: "chore: update all dependencies"
repo: ${{ github.repository }}
branch: ${{ steps.create-branch.outputs.branch }}
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Create PR
run: |-
git fetch origin "${{ steps.create-branch.outputs.branch }}"
git reset --hard HEAD
git switch "${{ steps.create-branch.outputs.branch }}"
gh pr create --title "chore: update all dependencies" \
--body "Updated all go.mod dependencies to latest." \
--head="${{ steps.create-branch.outputs.branch }}"
env:
# Create the PR as "github-actions[bot]" so that even the owner of the mutator token can
# approve the PR.
GITHUB_TOKEN: ${{ github.token }}
# The standard GitHub Token will not trigger downstream workflows, so in order to kick off CI,
# we'll push a blank commit to the PR branch with the mutator token.
- name: Trigger CI
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0
with:
commit_message: "blank: trigger CI"
repo: ${{ github.repository }}
branch: ${{ steps.create-branch.outputs.branch }}
empty: true
env:
GITHUB_TOKEN: ${{ secrets.MUTATOR_GITHUB_TOKEN }}