-
Notifications
You must be signed in to change notification settings - Fork 12
132 lines (116 loc) · 5.14 KB
/
deps-update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Dependency Updates
on:
schedule:
- cron: '42 5 * * 1' # Mondays at 5:42 AM
workflow_dispatch: {} # Manual runs
permissions: read-all
jobs:
update-go:
name: Update Go Dependencies
runs-on: ubuntu-latest
outputs:
changes-needed: ${{ steps.is-tree-dirty.outputs.result }}
env:
GOTOOLCHAIN: local # Prohibits adding `toolchain` directives to go.mod files.
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version: oldstable # Minimum supported go release
cache-dependency-path: '**/go.mod'
# Select the latest available version of gopkg.in/DataDog/dd-trace-go.v1, while ignoring all
# the `v1.999.*` versions, which are experimental pre-releases.
- name: Determine gopkg.in/DataDog/dd-trace-go.v1 version
id: dd-trace-go
run: |-
set -euo pipefail
version=$(go list -f '{{range .Versions}}{{.}}{{"\n"}}{{end}}' -m -versions gopkg.in/DataDog/dd-trace-go.v1 | grep -v -E '^v1\.999\.' | tail -n 1)
echo "version=${version}" >> "${GITHUB_OUTPUT}"
# Passing "go@<version>" to "go get -u" ensures no dependencies get upgraded to a release that
# does not support that specific go release.
- name: Update dependencies
run: find . -name go.mod -execdir go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... \;
- name: Run go mod tidy
run: find . -name go.mod -execdir go mod tidy \;
- name: Ensure no toolchain directive
run: find . -name go.mod -execdir go mod edit -toolchain=none \;
- id: is-tree-dirty
name: Check for updates
run: |-
git add .
git diff --staged --patch --exit-code || echo "result=true" >> "${GITHUB_OUTPUT}"
- name: Update LICENSE-3rdparty.csv
if: steps.is-tree-dirty.outputs.result == 'true'
run: ./_tools/make-licenses.sh
env:
TMPDIR: ${{ runner.temp }}
- name: Build diff
if: steps.is-tree-dirty.outputs.result == 'true'
run: |-
git add .
git diff --staged --patch > "${{ runner.temp }}/go.diff.patch"
- name: Upload Artifact
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4
with:
name: Patches
path: ${{ runner.temp }}/go.diff.patch
if-no-files-found: error
create-pr:
name: Create Pull Request
runs-on: ubuntu-latest
needs: [update-go]
if: needs.update-go.outputs.changes-needed == 'true'
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download patches
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: Patches
path: ${{ runner.temp }}/patches
- name: Apply patches
run: find "${{ runner.temp }}/patches" -type f -name '*.patch' -exec git apply {} \;
# We use ghcommit to create signed commits directly using the GitHub API
- name: Create branch # The branch needs to exist before we can add commits to it
id: create-branch
run: |-
branch="automation/dependency-updates/${{ github.run_id }}"
git push origin "${{ github.sha }}":"refs/heads/${branch}"
echo "branch=${branch}" >> "${GITHUB_OUTPUT}"
git fetch origin "${branch}"
- name: Create Commit # Adds a commit to the branch we created above
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0
with:
commit_message: "chore: update all dependencies"
repo: ${{ github.repository }}
branch: ${{ steps.create-branch.outputs.branch }}
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Create PR
run: |-
git fetch origin "${{ steps.create-branch.outputs.branch }}"
git reset --hard HEAD
git switch "${{ steps.create-branch.outputs.branch }}"
gh pr create --title "chore: update all dependencies" \
--body "Updated all go.mod dependencies to latest." \
--head="${{ steps.create-branch.outputs.branch }}"
env:
# Create the PR as "github-actions[bot]" so that even the owner of the mutator token can
# approve the PR.
GITHUB_TOKEN: ${{ github.token }}
# The standard GitHub Token will not trigger downstream workflows, so in order to kick off CI,
# we'll push a blank commit to the PR branch with the mutator token.
- name: Trigger CI
uses: planetscale/ghcommit-action@d4176bfacef926cc2db351eab20398dfc2f593b5 # v0.2.0
with:
commit_message: "blank: trigger CI"
repo: ${{ github.repository }}
branch: ${{ steps.create-branch.outputs.branch }}
empty: true
env:
GITHUB_TOKEN: ${{ secrets.MUTATOR_GITHUB_TOKEN }}