Updater #316
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Updater | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '*' | |
| # No path filters ensures we always have a docker image matching the latest commit on main | |
| pull_request: | |
| branches: | |
| # Only trigger for PRs against `main` branch. | |
| - main | |
| paths: | |
| - 'updater/**' | |
| - '.rubocop*.yml' | |
| - '.ruby-version' | |
| - 'Rakefile' | |
| - '.github/workflows/updater.yml' | |
| - '!docs/**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| Build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| suite: | |
| - { ecosystem: bundler } | |
| - { ecosystem: cargo } | |
| - { ecosystem: composer } | |
| - { ecosystem: docker } | |
| - { ecosystem: elm } | |
| - { ecosystem: gitsubmodule } | |
| - { ecosystem: github-actions } | |
| - { ecosystem: gomod } | |
| - { ecosystem: gradle } | |
| - { ecosystem: mix } | |
| - { ecosystem: maven } | |
| - { ecosystem: npm } | |
| - { ecosystem: nuget } | |
| - { ecosystem: pub } | |
| - { ecosystem: pip } | |
| - { ecosystem: swift } | |
| - { ecosystem: devcontainers } | |
| - { ecosystem: terraform } | |
| env: | |
| IMAGE_NAME: 'dependabot-updater-${{ matrix.suite.ecosystem }}' | |
| DOCKER_BUILDKIT: 1 # Enable Docker BuildKit | |
| # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps | |
| BUNDLE_GEMFILE: ${{ github.workspace }}/updater/Gemfile | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Required for GitVersion | |
| - name: Install GitVersion | |
| uses: gittools/actions/gitversion/[email protected] | |
| with: | |
| versionSpec: '6.x' | |
| - name: Determine Version | |
| uses: gittools/actions/gitversion/[email protected] | |
| id: gitversion | |
| with: | |
| useConfigFile: true | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: bundle exec rubocop | |
| run: bundle exec rubocop | |
| working-directory: updater | |
| - name: bundle exec rspec spec | |
| run: bundle exec rspec spec | |
| working-directory: updater | |
| - name: Pull Docker base image & warm Docker cache | |
| run: docker pull "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | |
| # remove this after at least one release tagged 'latest' | |
| continue-on-error: true | |
| - name: Get dependabot-updater image tag version | |
| id: docker-base-version | |
| run: | | |
| tag_name=$(grep -oP "(?<=gem \"dependabot-omnibus\", \"~>).*(?=\")" updater/Gemfile) | |
| tag_sha=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' --url "https://api.github.com/repos/dependabot/dependabot-core/tags" | jq -r "[.[]|select(.name==\"v$tag_name\")][0].commit.sha") | |
| echo "Using dependabot-updater image tag '$tag_sha' (v$tag_name)" | |
| echo "version=$tag_sha" >> $GITHUB_OUTPUT | |
| - name: Remove + from fullSemVer | |
| id: remove_plus | |
| run: | | |
| cleanedFullSemVer=$(echo "${{ steps.gitversion.outputs.fullSemVer }}" | tr -d '+') | |
| echo "::set-output name=cleanedFullSemVer::$cleanedFullSemVer" | |
| - name: Build image | |
| run: | | |
| docker build \ | |
| -f updater/Dockerfile \ | |
| --build-arg BUILDKIT_INLINE_CACHE=1 \ | |
| --build-arg ECOSYSTEM=${{ matrix.suite.ecosystem }} \ | |
| --build-arg BASE_VERSION=${{ steps.docker-base-version.outputs.version }} \ | |
| --build-arg DEPENDABOT_UPDATER_VERSION=${{ steps.gitversion.outputs.fullSemVer }} \ | |
| --label com.github.image.run.id=${{ github.run_id }} \ | |
| --label com.github.image.run.number=${{ github.run_number }} \ | |
| --label com.github.image.job.id=${{ github.job }} \ | |
| --label com.github.image.source.sha=${{ github.sha }} \ | |
| --label com.github.image.source.branch=${{ github.ref }} \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major}}.${{ steps.gitversion.outputs.minor }}" \ | |
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" \ | |
| --cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \ | |
| . | |
| - name: Log into registry | |
| if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }} | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Push image (latest, ShortSha) | |
| if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }} | |
| run: | | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" | |
| - name: Push image (NuGetVersionV2) | |
| if: ${{ !startsWith(github.ref, 'refs/pull') }} | |
| run: docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" | |
| - name: Push image (major, minor) | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: | | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}.${{ steps.gitversion.outputs.minor }}" | |
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" |