Dependency Updates #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Updates | |
| on: | |
| schedule: | |
| - cron: '42 5 * * 1' # Mondays at 5:42 AM | |
| workflow_dispatch: {} # Manual runs | |
| permissions: read-all | |
| jobs: | |
| update-go: | |
| name: Update Go Dependencies | |
| runs-on: ubuntu-latest | |
| outputs: | |
| changes-needed: ${{ steps.is-tree-dirty.outputs.result }} | |
| env: | |
| GOTOOLCHAIN: local # Prohibits adding `toolchain` directives to go.mod files. | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: stable # Minimum supported go release | |
| cache-dependency-path: '**/go.mod' | |
| # Select the latest available version of gopkg.in/DataDog/dd-trace-go.v1, while ignoring all | |
| # the `v1.999.*` versions, which are experimental pre-releases. | |
| - name: Determine gopkg.in/DataDog/dd-trace-go.v1 version | |
| id: dd-trace-go | |
| run: |- | |
| set -euo pipefail | |
| version=$(go list -f '{{range .Versions}}{{.}}{{"\n"}}{{end}}' -m -versions gopkg.in/DataDog/dd-trace-go.v1 | grep -v -E '^v1\.999\.' | tail -n 1) | |
| echo "version=${version}" >> "${GITHUB_OUTPUT}" | |
| # Passing "go@<version>" to "go get -u" ensures no dependencies get upgraded to a release that | |
| # does not support that specific go release. | |
| - name: "Update: Project root" | |
| run: go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... && go mod tidy | |
| - name: "Update: Samples" | |
| run: go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... && go mod tidy | |
| working-directory: samples | |
| - name: "Update: Integration Tests" | |
| run: go get -t -u [email protected] gopkg.in/DataDog/dd-trace-go.v1@${{ steps.dd-trace-go.outputs.version }} ./... && go mod tidy | |
| working-directory: _integration-tests | |
| - id: is-tree-dirty | |
| name: Check for updates | |
| run: |- | |
| git add . | |
| git diff --staged --patch --exit-code || echo "result=true" >> "${GITHUB_OUTPUT}" | |
| - name: Update LICENSE-3rdparty.csv | |
| if: steps.is-tree-dirty.outputs.result == 'true' | |
| run: ./tools/make-licenses.sh | |
| env: | |
| TMPDIR: ${{ runner.temp }} | |
| - name: Build diff | |
| if: steps.is-tree-dirty.outputs.result == 'true' | |
| run: |- | |
| git add . | |
| git diff --staged --patch > "${{ runner.temp }}/go.diff.patch" | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| with: | |
| name: Patches | |
| path: ${{ runner.temp }}/go.diff.patch | |
| if-no-files-found: error | |
| create-pr: | |
| name: Create Pull Request | |
| runs-on: ubuntu-latest | |
| needs: [update-go] | |
| if: needs.update-go.outputs.changes-needed == 'true' | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Download patches | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| name: Patches | |
| path: ${{ runner.temp }}/patches | |
| - name: Apply patches | |
| run: find "${{ runner.temp }}/patches" -type f -name '*.patch' -exec git apply {} \; | |
| # We use ghcommit to create signed commits directly using the GitHub API | |
| - name: Create branch # The branch needs to exist before we can add commits to it | |
| id: create-branch | |
| run: |- | |
| branch="automation/dependency-updates/${{ github.run_id }}" | |
| git push origin "${{ github.sha }}":"refs/heads/${branch}" | |
| echo "branch=${branch}" >> "${GITHUB_OUTPUT}" | |
| git fetch origin "${branch}" | |
| - name: Create Commit # Adds a commit to the branch we created above | |
| uses: planetscale/ghcommit-action@88c53665a0c85bc370b410610f2bcf1979204651 # v0.1.45 | |
| with: | |
| commit_message: "chore: update all dependencies" | |
| repo: ${{ github.repository }} | |
| branch: ${{ steps.create-branch.outputs.branch }} | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Create PR | |
| run: |- | |
| git fetch origin "${{ steps.create-branch.outputs.branch }}" | |
| git switch "${{ steps.create-branch.outputs.branch }}" | |
| gh pr create --title "chore: update all dependencies" \ | |
| --body "Updated all go.mod dependencies to latest." \ | |
| --head="${{ steps.create-branch.outputs.branch }}" | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # The standard GitHub Token will not trigger downstream workflows, so in order to kick off CI, | |
| # we'll push a blank commit to the PR branch with the mutator token. | |
| - name: Trigger CI | |
| uses: planetscale/ghcommit-action@88c53665a0c85bc370b410610f2bcf1979204651 # v0.1.45 | |
| with: | |
| commit_message: "blank: trigger CI" | |
| repo: ${{ github.repository }} | |
| branch: ${{ steps.create-branch.outputs.branch }} | |
| empty: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.MUTATOR_GITHUB_TOKEN }} |