Watch dependencies #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a GitHub workflow defining a set of jobs with a set of steps. | |
| # ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
| # | |
| # This Workflow watches dependencies and automatically creates PRs to update | |
| # them. | |
| # | |
| # - Watch multiple images tags referenced in values.yaml to match the latest | |
| # stable image tag (ignoring pre-releases). | |
| # - Refreeze images/*/requirements.txt based on images/*/requirements.in | |
| # | |
| name: Watch dependencies | |
| on: | |
| pull_request: | |
| paths: | |
| - ".github/workflows/watch-dependencies.yaml" | |
| push: | |
| paths: | |
| - "images/*/requirements.in" | |
| - ".github/workflows/watch-dependencies.yaml" | |
| branches: ["main"] | |
| schedule: | |
| # Run at 05:00 on day-of-month 1, ref: https://crontab.guru/#0_5_1_*_* | |
| - cron: "0 5 1 * *" | |
| workflow_dispatch: | |
| jobs: | |
| update-image-dependencies: | |
| if: github.repository == '2i2c-org/binderhub-service' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: docker | |
| registry: docker.io | |
| repository: library/docker | |
| values_path: dockerApi.image.tag | |
| tag_prefix: "" | |
| tag_suffix: -dind | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get values.yaml pinned tag of ${{ matrix.registry }}/${{ matrix.repository }} | |
| id: local | |
| run: | | |
| local_tag=$(cat binderhub-service/values.yaml | yq e '.${{ matrix.values_path }}' -) | |
| echo "tag=$local_tag" >> $GITHUB_OUTPUT | |
| - name: Get latest tag of ${{ matrix.registry }}/${{ matrix.repository }} | |
| id: latest | |
| # The skopeo image helps us list tags consistently from different docker | |
| # registries. We identify the latest docker image tag based on the | |
| # version numbers of format x.y.z included in a pattern with an optional | |
| # prefix and suffix, like the tags "v4.5.0" (v prefix) and "23.0.5-dind" | |
| # (-dind suffix). | |
| run: | | |
| latest_tag=$( | |
| docker run --rm quay.io/skopeo/stable list-tags docker://${{ matrix.registry }}/${{ matrix.repository }} \ | |
| | jq -r '[.Tags[] | select(. | match("^${{ matrix.tag_prefix }}\\d+\\.\\d+\\.\\d+${{ matrix.tag_suffix }}$") | .string)] | sort_by(split(".") | map(ltrimstr("${{ matrix.tag_prefix }}") | rtrimstr("${{ matrix.tag_suffix }}") | tonumber)) | last' | |
| ) | |
| echo "tag=$latest_tag" >> $GITHUB_OUTPUT | |
| - name: Update values.yaml pinned tag | |
| if: steps.local.outputs.tag != steps.latest.outputs.tag | |
| run: | | |
| sed --in-place 's/tag: "${{ steps.local.outputs.tag }}"/tag: "${{ steps.latest.outputs.tag }}"/g' binderhub-service/values.yaml | |
| - name: git diff | |
| if: steps.local.outputs.tag != steps.latest.outputs.tag | |
| run: git --no-pager diff --color=always | |
| # ref: https://github.com/peter-evans/create-pull-request | |
| - uses: peter-evans/create-pull-request@v6 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| branch: update-image-dependencies | |
| labels: dependencies | |
| commit-message: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} | |
| title: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} | |
| body: >- | |
| A new ${{ matrix.repository }} image version has been detected, version | |
| `${{ steps.latest.outputs.tag }}`. | |
| refreeze-dockerfile-requirements-txt: | |
| if: github.repository == '2i2c-org/binderhub-service' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Refreeze requirements.txt based on requirements.in | |
| run: ci/refreeze | |
| - name: git diff | |
| run: git --no-pager diff --color=always | |
| # ref: https://github.com/peter-evans/create-pull-request | |
| - uses: peter-evans/create-pull-request@v6 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| branch: update-image-requirements | |
| labels: dependencies | |
| commit-message: "binderhub-service image: refreeze requirements.txt" | |
| title: "binderhub-service image: refreeze requirements.txt" | |
| body: >- | |
| The binderhub-service image's requirements.txt has been refrozen | |
| based on requirements.in. | |
| The push to this branch was made by a bot account so all tests | |
| aren't triggered to run. Close and re-open this PR to trigger them | |
| manually. |