From ff21dbeddef77973708ed34586eb9ca52e29dd45 Mon Sep 17 00:00:00 2001
From: Yihau Chen <yihau.chen@icloud.com>
Date: Mon, 27 May 2024 12:26:21 +0800
Subject: [PATCH] ci: move dependabot updating process to Gtihub Actions
 (#1466)

* add dependabot-pr Github Actions

* move updating dependabot pr process to Github Actions

* update user.email and user.name to dependabot itself

* only add for cargo.lock

* don't push anything if nothing to update
---
 .github/workflows/dependabot-pr.yml | 48 +++++++++++++++++++++++++++++
 ci/buildkite-pipeline-in-disk.sh    |  4 ---
 ci/buildkite-pipeline.sh            |  4 ---
 ci/buildkite-solana-private.sh      |  4 ---
 ci/dependabot-pr.sh                 | 36 ----------------------
 ci/dependabot-updater.sh            | 35 ---------------------
 6 files changed, 48 insertions(+), 83 deletions(-)
 create mode 100644 .github/workflows/dependabot-pr.yml
 delete mode 100755 ci/dependabot-pr.sh
 delete mode 100755 ci/dependabot-updater.sh

diff --git a/.github/workflows/dependabot-pr.yml b/.github/workflows/dependabot-pr.yml
new file mode 100644
index 00000000000000..15b9ad4a49b283
--- /dev/null
+++ b/.github/workflows/dependabot-pr.yml
@@ -0,0 +1,48 @@
+name: Dependabot PR
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  dependabot:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    if: github.triggering_actor == 'dependabot[bot]'
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.PAT }}
+
+      - name: update code
+        run: |
+          input="${{ github.event.pull_request.title }}"
+
+          regex="[Bb]ump (.*) from (.*) to (.*)"
+          if [[ ! "$input" =~ $regex ]]; then
+            echo "unexpected pattern"
+            exit 1
+          fi
+
+          crate_name="${BASH_REMATCH[1]}"
+          old_version="${BASH_REMATCH[2]}"
+          new_version="${BASH_REMATCH[3]}"
+          echo "crate_name: $crate_name, old_version: $old_version, new_version: $new_version"
+
+          ./scripts/cargo-for-all-lock-files.sh -- update -p $crate_name:$old_version --precise $new_version
+          ./scripts/cargo-for-all-lock-files.sh -- tree
+
+      - name: push
+        run: |
+          if [ -z "$(git status --porcelain)" ]; then
+            echo "✅ Nothing to update"
+          else
+            git config user.email "49699333+dependabot[bot]@users.noreply.github.com"
+            git config user.name "dependabot[bot]"
+            git add **/Cargo.lock
+            git commit -am "update all Cargo files"
+            git push
+          fi
diff --git a/ci/buildkite-pipeline-in-disk.sh b/ci/buildkite-pipeline-in-disk.sh
index a25852a04ebe81..81b084ea75e82b 100755
--- a/ci/buildkite-pipeline-in-disk.sh
+++ b/ci/buildkite-pipeline-in-disk.sh
@@ -309,10 +309,6 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
   annotate --style info --context pr-backlink \
     "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
 
-  if [[ $GITHUB_USER = "dependabot[bot]" ]]; then
-    command_step dependabot "ci/dependabot-pr.sh" 5
-    wait_step
-  fi
   pull_or_push_steps
   exit 0
 fi
diff --git a/ci/buildkite-pipeline.sh b/ci/buildkite-pipeline.sh
index de401381fd7137..7d19808ddb8f72 100755
--- a/ci/buildkite-pipeline.sh
+++ b/ci/buildkite-pipeline.sh
@@ -336,10 +336,6 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
   annotate --style info --context pr-backlink \
     "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
 
-  if [[ $GITHUB_USER = "dependabot[bot]" ]]; then
-    command_step dependabot "ci/dependabot-pr.sh" 5
-    wait_step
-  fi
   pull_or_push_steps
   exit 0
 fi
diff --git a/ci/buildkite-solana-private.sh b/ci/buildkite-solana-private.sh
index 516ac0b3fb33c3..d514ac0ad25c65 100755
--- a/ci/buildkite-solana-private.sh
+++ b/ci/buildkite-solana-private.sh
@@ -289,10 +289,6 @@ if [[ $BUILDKITE_BRANCH =~ ^pull ]]; then
   annotate --style info --context pr-backlink \
     "Github Pull Request: https://github.com/anza-xyz/agave/$BUILDKITE_BRANCH"
 
-  if [[ $GITHUB_USER = "dependabot[bot]" ]]; then
-    command_step dependabot "ci/dependabot-pr.sh" 5
-    wait_step
-  fi
   pull_or_push_steps
   exit 0
 fi
diff --git a/ci/dependabot-pr.sh b/ci/dependabot-pr.sh
deleted file mode 100755
index bb019001a0bcfa..00000000000000
--- a/ci/dependabot-pr.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-set -ex
-
-cd "$(dirname "$0")/.."
-
-if ! echo "$BUILDKITE_BRANCH" | grep -E '^pull/[0-9]+/head$'; then
-  echo "not pull request!?" >&2
-  exit 1
-fi
-
-source ci/rust-version.sh stable
-
-ci/docker-run-default-image.sh ci/dependabot-updater.sh
-
-if [[ $(git status --short :**/Cargo.lock | wc -l) -eq 0 ]]; then
-  echo --- ok
-  exit 0
-fi
-
-echo --- "(FAILING) Backpropagating dependabot-triggered Cargo.lock updates"
-
-name="dependabot-buildkite"
-api_base="https://api.github.com/repos/anza-xyz/agave/pulls"
-pr_num=$(echo "$BUILDKITE_BRANCH" | grep -Eo '[0-9]+')
-branch=$(curl -s "$api_base/$pr_num" | python3 -c 'import json,sys;print(json.load(sys.stdin)["head"]["ref"])')
-
-git add :**/Cargo.lock
-EMAIL="dependabot-buildkite@noreply.solana.com" \
-  GIT_AUTHOR_NAME="$name" \
-  GIT_COMMITTER_NAME="$name" \
-  git commit -m "[auto-commit] Update all Cargo lock files"
-git push origin "HEAD:$branch"
-
-echo "Source branch is updated; failing this build for the next"
-exit 1
diff --git a/ci/dependabot-updater.sh b/ci/dependabot-updater.sh
deleted file mode 100755
index 262c565d5b93c1..00000000000000
--- a/ci/dependabot-updater.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-set -ex
-cd "$(dirname "$0")/.."
-source ci/_
-
-commit_range="$(git merge-base HEAD origin/master)..HEAD"
-parsed_update_args="$(
-  git log "$commit_range" --author "dependabot\[bot\]" --oneline -n1 |
-    grep -o '[Bb]ump.*$' |
-    sed -r 's/[Bb]ump ([^ ]+) from ([^ ]+) to ([^ ]+)/-p \1:\2 --precise \3/'
-)"
-# relaxed_parsed_update_args is temporal measure...
-relaxed_parsed_update_args="$(
-  git log "$commit_range" --author "dependabot\[bot\]" --oneline -n1 |
-    grep -o '[Bb]ump.*$' |
-    sed -r 's/[Bb]ump ([^ ]+) from [^ ]+ to ([^ ]+)/-p \1 --precise \2/'
-)"
-package=$(echo "$parsed_update_args" | awk '{print $2}' | grep -o "^[^:]*")
-if [[ -n $parsed_update_args ]]; then
-  # find other Cargo.lock files and update them, excluding the default Cargo.lock
-  # shellcheck disable=SC2086
-  for lock in $(git grep --files-with-matches '^name = "'$package'"$' :**/Cargo.lock); do
-    # it's possible our current versions are out of sync across lock files,
-    # in that case try to sync them up with $relaxed_parsed_update_args
-    _ scripts/cargo-for-all-lock-files.sh \
-      "$lock" -- \
-      update $parsed_update_args ||
-      _ scripts/cargo-for-all-lock-files.sh \
-        "$lock" -- \
-        update $relaxed_parsed_update_args
-  done
-fi
-
-echo --- ok