diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index c88cd70..957c542 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -10,14 +10,10 @@ about: Create a report to help us improve A clear and concise description of what the bug is. -### Steps to Reproduce +### Recorded Logs -Steps to reproduce the behavior: - -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error +Please link to an invocation of this action, or copy the exact log output of your job. +NOTE: Do not copy an sensitive information, customer data, or access tokens into this area. ### Expected Behavior @@ -25,9 +21,8 @@ A clear and concise description of what you expected to happen. ### User Information -- OS: [e.g. iOS] -- Browser [e.g. chrome, safari] -- Version [e.g. 22] +Please link to or copy the relevant sections of your GitHub Action definition `.yml` file here. +NOTE: Do not copy an sensitive information, customer data, or access tokens into this area. ### Additional Context diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 43cf69c..50e6203 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,9 +1,11 @@ -Changes proposed in this merge request: +# Proposed Changes + - Additions: - Updates: - Deletions: -### Pre-merge Checklist +## Pre-merge Checklist + - [ ] Write + run tests -- [ ] Update documentation - [ ] Update CHANGELOG and increment version +- [ ] Update README and relevant documentation diff --git a/CHANGELOG.md b/CHANGELOG.md index 26ab601..698b703 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## v5 - 04/01/2023 + +- Group logs emitted during the action for easier consumption +- Emit intermittent logs to describe settings and progress +- FIX: Explicitly set the Pull Request title/body for more recent GitHub CLI requirements +- Add advisory not regrading `actions/checkout` version requirements + ## v4 - 01/29/2022 - Dependency update commit messages now link to the github diff between the old and new version. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b11ca28..e66bcf8 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -45,8 +45,6 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +This Code of Conduct is adapted from the [Contributor Covenant, version 1.4](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html) -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq +They supply answers to most [frequently asked questions.](https://www.contributor-covenant.org/faq) diff --git a/LICENSE b/LICENSE index 3bd264f..3254c00 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2021-2022 Nick A Nichols +Copyright (c) 2021-2023 Nick A Nichols Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index a5793f5..de11340 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Clojure Dependency Update Action -A simple GitHub action to create Pull Requests for your out-of-date dependencies in clojure projects. +A GitHub Action to create Pull Requests for your out-of-date dependencies in clojure projects. This action can automatically update the following dependency files: - [deps.edn](https://github.com/clojure/tools.deps.alpha) @@ -9,7 +9,16 @@ This action can automatically update the following dependency files: - [build.boot](https://github.com/boot-clj/boot) - [pom.xml](https://github.com/apache/maven) -This action uses [antq](https://github.com/liquidz/antq) to check dependencies. +This action uses [antq](https://github.com/liquidz/antq) to check and update dependencies. + +## Requirements + +The Actions platform is constantly being refined by the GitHub team. +To ensure the safety of all end-users, they occasionally deprecate functionality which poses security risks. +This impacts all first and third party Actions which you may use in your workflows. +When diagnosing issues, please check your Actions tab for any deprecation notices. + +As of writing, this action requires that `actions/checkout` is set to at least `3.x.y`. ## Sample Usage @@ -27,9 +36,11 @@ jobs: steps: - name: Checkout Latest Commit - uses: actions/checkout@v3.0.2 + uses: actions/checkout@v3.5.0 + with: + ref: ${{ github.head_ref }} - - name: Check deps + - name: Check Clojure Dependencies uses: nnichols/clojure-dependency-update-action@v4 with: github-token: ${{ secrets.github_token }} @@ -50,10 +61,12 @@ jobs: steps: - name: Checkout Latest Commit - uses: actions/checkout@v3.0.2 + uses: actions/checkout@v3.5.0 + with: + ref: ${{ github.head_ref }} - - name: Check deps - uses: nnichols/clojure-dependency-update-action@v4 + - name: Check Clojure Dependencies + uses: nnichols/clojure-dependency-update-action@v4 with: github-token: ${{ secrets.github_token }} git-username: nnichols @@ -65,21 +78,28 @@ jobs: ## Supported Arguments -* `github-token`: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository. -* `branch`: The branch that dependencies should be checked on and Pull Requests created against. Defaults to `master` -* `git-email`: The email address each commit should be associated with. Defaults to a github provided noreply address -* `git-username`: The GitHub username each commit should be associated with. Defaults to `github-actions[bot]` -* `excludes`: Artifact names to be excluded from the `antq` check. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. -* `directories`: Directories to search for project files in. Defaults to the root of the repository. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. -* `skips`: Build tools/files to skip by default. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. -* `batch`: Updates all outdated dependencies in a single pull request. Set to "true" to enable +- `github-token`: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository. +- `branch`: The branch that dependencies should be checked on and Pull Requests created against. Defaults to `master` +- `git-email`: The email address each commit should be associated with. Defaults to a github provided noreply address +- `git-username`: The GitHub username each commit should be associated with. Defaults to `github-actions[bot]` +- `excludes`: Artifact names to be excluded from the `antq` check. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. +- `directories`: Directories to search for project files in. Defaults to the root of the repository. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. +- `skips`: Build tools/files to skip by default. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information. +- `batch`: Updates all outdated dependencies in a single pull request. Set to "true" to enable + +## Alternatives + +As the Clojure ecosystem matures, more first-class options for dependency management now support the language. +The following is a growing list of alternative tools to consider: + +- [Renovatebot](https://github.com/renovatebot/renovate "The RenovateBot repository") ## Acknowledgements -Special thanks to [Chad Taylor](https://github.com/tessellator) for figuring out the initial bash script this is based on. +Special thanks to [Chad Taylor](https://github.com/tessellator "Chad's GitHub Profile") for figuring out the initial bash script this is based on. ## Licensing -Copyright © 2021-2022 [Nick Nichols](https://nnichols.github.io/) +Copyright © 2021-2023 [Nick Nichols](https://nnichols.github.io/) Distributed under the [MIT License](https://github.com/nnichols/clojure-dependency-update-action/blob/master/LICENSE) diff --git a/dependency-check.sh b/dependency-check.sh index bad0adc..9061f20 100755 --- a/dependency-check.sh +++ b/dependency-check.sh @@ -1,38 +1,80 @@ #!/bin/bash +# Set active git user to the tokens provided git config --global user.email $EMAIL git config --global user.name $NAME export GITHUB_TOKEN=$TOKEN + +# Checkout the base branch for all updates +echo "Checking out base branch" $BRANCH git checkout $BRANCH +# Convert the list of excluded artifacts into a set of --exclude flags +echo "::group::Setting Excludes" +echo "Original excludes: ${EXCLUDE}" EXCLUDES="" for artifact in $EXCLUDE; do EXCLUDES="${EXCLUDES} --exclude=${artifact}" + echo ${EXCLUDES} done +echo "::endgroup::" +# If no directory is specified, default to the current directory +echo "::group::Setting Directory" +echo "Original directory: ${DIRECTORY}" if [ -z "${DIRECTORY}" ]; then DIRECTORY="." + echo "No directory specified. Defaulting to current directory" fi +# Convert the list of directories into a set of --directory flags DIRECTORIES="" for directory in $DIRECTORY; do DIRECTORIES="${DIRECTORIES} --directory=${directory}" + echo ${DIRECTORIES} done +echo "::endgroup::" +# Convert the list of skip flags into a set of --skip flags +echo "::group::Setting Skips" +echo "Original skip: ${SKIP}" SKIPS="" for skip in $SKIP; do SKIPS="${SKIPS} --skip=${skip}" + echo ${SKIPS} done +echo "::endgroup::" +# Pre-fetch Antq. This prevents the action from parsing the output of loading the app dependencies +echo "::group::Pre-fetching dependencies" PREFETCH=$(clojure -Stree -Sdeps '{:deps {antq/antq {:mvn/version "RELEASE"}}}') +echo "::endgroup::" + +# Set the reporter for antq to be parsable FORMATTER="--reporter=format --error-format=\"{{name}},{{version}},{{latest-version}},{{diff-url}}\"" +echo "::group::Selected options" +echo "Formatter: ${FORMATTER}" +echo "::endgroup::" + +# Run antq to check for outdated dependencies +echo "::group::Checking for outdated dependencies" UPGRADE_CMD="clojure -Sdeps '{:deps {antq/antq {:mvn/version \"RELEASE\"}}}' -m antq.core ${FORMATTER} ${EXCLUDES} ${DIRECTORIES} ${SKIPS}" UPGRADE_LIST=$(eval ${UPGRADE_CMD}) +echo "::endgroup::" + +# Parse the output of antq into a list of upgrades, and remove any failed fetches UPGRADES=$(echo ${UPGRADE_LIST} | sed '/Failed to fetch/d' | sed '/Unable to fetch/d' | sed '/Logging initialized/d' | sort -u) UPDATE_TIME=$(date +"%Y-%m-%d-%H-%M-%S") +echo "::group::Upgrades" +echo ${UPGRADES} +echo "::endgroup::" + +# Iterate over all upgrades for upgrade in $UPGRADES; do + echo "::group::Processing upgrade" + # Parse each upgrade into its constituent parts IFS=',' temp=($upgrade) DEP_NAME=${temp[0]} @@ -53,6 +95,7 @@ for upgrade in $UPGRADES; do echo "Checking out" $BRANCH_NAME git checkout $BRANCH_NAME || git checkout -b $BRANCH_NAME + # IF we successfully created a new branch, update the dependency if [[ $? == 0 ]]; then # Use antq to update the dependency @@ -60,24 +103,32 @@ for upgrade in $UPGRADES; do UPDATE_CMD="clojure -Sdeps '{:deps {antq/antq {:mvn/version \"RELEASE\"}}}' -m antq.core --upgrade --force ${DIRECTORIES} --focus=${DEP_NAME}" eval ${UPDATE_CMD} || $(echo "Cannot update ${DEP_NAME}. Continuing" && git checkout ${BRANCH} && continue) + TITLE="Bumped $DEP_NAME from $OLD_VERSION to $NEW_VERSION" + BODY="Inspect dependency changes here: $DIFF_URL" + # Commit the dependency update, and link to the diff git add . - git commit -m "Bumped $DEP_NAME from $OLD_VERSION to $NEW_VERSION." -m "Inspect dependency changes here: $DIFF_URL" + git commit -m ${TITLE} -m ${BODY} git push -u "https://$GITHUB_ACTOR:$TOKEN@github.com/$GITHUB_REPOSITORY.git" $BRANCH_NAME # We only create pull requests per dependency in non-batch mode if [ "$BATCH" != "true" ]; then - gh pr create --fill --head $BRANCH_NAME --base $BRANCH + echo "Opening pull request for" $DEP_NAME + gh pr create --head $BRANCH_NAME --base $BRANCH --title ${TITLE} --body ${BODY} fi # Print a blank line, and reset the branch - echo + echo "Checking out" $BRANCH git checkout $BRANCH fi + + echo "::endgroup::" + done # Once all updates have been made, open the pull request for batch mode if [ "$BATCH" == "true" ]; then git checkout $BRANCH_NAME + echo "Opening pull request for batch update" gh pr create --fill --head $BRANCH_NAME --base $BRANCH fi