ci: Auto-update composite actions with scripting (#842)

kubernetes-sigs · Dec 7, 2023 · d438b3c · d438b3c
1 parent 3c16d48
commit d438b3c
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/.github/dependabot.yml → .github/dependabot.yaml b/.github/dependabot.yml → .github/dependabot.yaml
@@ -31,4 +31,17 @@ updates:
       # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
       actions-deps:
         patterns:
-          - "*"
+          - "*"
+  # Everything under this line is currently auto-generated by hack/dependabot.sh
+  # This needs to be generated since composite actions are currently not supported for auto-updates
+  # through dependabot without explicitly setting their directory: https://github.com/dependabot/dependabot-core/issues/6704
+  # If you need to make a change to this file, ensure that you make a change to hack/github/dependabot.sh first
+  # That script assumes that the number of elements above this line is static and bases the append operation on it
+  - package-ecosystem: github-actions
+    directory: .github/actions/install-deps
+    schedule:
+      interval: weekly
+    groups:
+      action-deps:
+        patterns:
+          - '*'
diff --git a/Makefile b/Makefile
@@ -35,6 +35,7 @@ verify: ## Verify code. Includes codegen, dependencies, linting, formatting, etc
 	hack/validation/taint.sh
 	hack/validation/requirements.sh
 	hack/validation/labels.sh
+	hack/dependabot.sh
 	@# Use perl instead of sed due to https://stackoverflow.com/questions/4247068/sed-command-with-i-option-failing-on-mac-but-works-on-linux
 	@# We need to do this "sed replace" until controller-tools fixes this parameterized types issue: https://github.com/kubernetes-sigs/controller-tools/issues/756
 	@perl -i -pe 's/sets.Set/sets.Set[string]/g' pkg/scheduling/zz_generated.deepcopy.go

diff --git a/hack/dependabot.sh b/hack/dependabot.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script ensures that we get all the directories that contain an "action.yaml" composite action
+# and make sure that we have a dependabot entry for them. Currently, dependabot doesn't support wildcarding
+# composite actions in a way that enables us to set a single entry for them. Instead, you need to grab all directories
+# that contain actions that you want to auto-update and add an entry for each one in "dependabot.yaml"
+# https://github.com/dependabot/dependabot-core/issues/6704
+
+DIRS=($(find .github/actions -name "action.yaml" -type f -print0 | xargs -0 dirname | sort))
+i=2 # Set the index to the starting index after all of the manually configured dependabot entries
+for DIR in "${DIRS[@]}"; do
+  i=$i dir=$DIR yq -i '.updates[env(i)] = {"package-ecosystem": "github-actions", "directory": env(dir), "schedule": {"interval": "weekly"}, "groups": {"action-deps": {"patterns": ["*"]}}}' .github/dependabot.yaml
+  i=$((i+1))
+done