Update Dependencies with Updatecli #78
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Update Dependencies with Updatecli | |
| # TESTING | |
| # This workflow depends on elastic/apm-pipeline-library/.github/actions/updatecli, which is tricky to test | |
| # | |
| # TEST LOCALLY (with act): | |
| # 1. Logging to github with `gh auth` | |
| # | |
| # 2. Configure the job you want to run by replacing the step `elastic/apm-pipeline-library/.github/actions/updatecli` by | |
| # ``` | |
| # - name: Install Updatecli in the runner | |
| # uses: updatecli/updatecli-action@v2 | |
| # - name: Run Updatecli in apply mode | |
| # run: "updatecli apply --debug --config .ci/updatecli/updatecli.d/update-beats.yml --values .ci/updatecli/values.yml" | |
| # env: | |
| # GITHUB_TOKEN: "${{ secrets.MY_GITHUB_TOKEN }}" | |
| # GIT_USER: foo | |
| # ``` | |
| # | |
| # 3. Pass the secret `MY_GITHUB_TOKEN` in the act command. e.g: | |
| # ``` | |
| # act --container-architecture linux/amd64 \ | |
| # -s MY_GITHUB_TOKEN="$(gh auth token)" \ | |
| # --workflows ./.github/workflows/updatecli.yml \ | |
| # schedule | |
| # ``` | |
| # | |
| # TEST ON YOUR FORK: | |
| # It doesn't work in forks because of lacking vault permissions | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Run all jobs weekly at 07:00 UTC on Monday. | |
| - cron: '0 7 * * 1' | |
| permissions: | |
| contents: read | |
| env: | |
| JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| jobs: | |
| updatecli: | |
| name: "[${{ matrix.git-branch }}] Update ${{ matrix.pipeline-name }} dependencies" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| pipeline-name: [ beats, golang, hermit, mods ] | |
| git-branch: [ main, 8.x ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Init Hermit | |
| run: ./bin/hermit env -r >> $GITHUB_ENV | |
| - name: Install Updatecli in the runner | |
| uses: updatecli/updatecli-action@cb631ef5547ed05db3db64bb2ad42a6cc36e3097 # v0.76.1 | |
| - name: Run Updatecli in Apply mode | |
| run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml | |
| env: | |
| GIT_BRANCH: ${{ matrix.git-branch }} | |
| GIT_USER: "Cloud Security Machine" | |
| GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }} | |
| updatecli-backport: | |
| name: Update ${{ matrix.pipeline-name }} dependencies - backport | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| pipeline-name: [ golang, beats ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Init Hermit | |
| run: ./bin/hermit env -r >> $GITHUB_ENV | |
| - name: Set Branch | |
| run: | | |
| branchName=$(git ls-remote --heads \ | |
| | awk '{print $2}' \ | |
| | grep -E 'refs/heads/[0-9]+\.[0-9]+' \ | |
| | awk -F/ '{print $3}' \ | |
| | sort -Vr \ | |
| | head -n 1) | |
| echo "GIT_BRANCH=$branchName" >> $GITHUB_ENV | |
| - name: Install Updatecli in the runner | |
| uses: updatecli/updatecli-action@cb631ef5547ed05db3db64bb2ad42a6cc36e3097 # v0.76.1 | |
| - name: Run Updatecli in Apply mode | |
| run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml | |
| env: | |
| GIT_USER: "Cloud Security Machine" | |
| GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }} |