Update ca-certificates #252
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update ca-certificates | |
| "on": | |
| schedule: | |
| - cron: 0 4 * * 4-5 | |
| workflow_dispatch: {} | |
| jobs: | |
| update: | |
| name: Update Package Dependency | |
| runs-on: | |
| - ubuntu-latest | |
| steps: | |
| - name: Docker login gcr.io | |
| if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} | |
| uses: docker/login-action@v3 | |
| with: | |
| password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} | |
| registry: gcr.io | |
| username: _json_key | |
| - name: Docker login docker.io | |
| if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} | |
| uses: docker/login-action@v3 | |
| with: | |
| password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
| registry: docker.io | |
| username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.23" | |
| - name: Install update-package-dependency | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest | |
| - uses: buildpacks/github-actions/setup-tools@v5.7.2 | |
| with: | |
| crane-version: 0.19.1 | |
| yj-version: 5.1.0 | |
| - uses: actions/checkout@v4 | |
| - name: Update Package Dependency | |
| id: package | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1) | |
| if [[ -e builder.toml ]]; then | |
| OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
| update-package-dependency \ | |
| --builder-toml builder.toml \ | |
| --id "${DEPENDENCY}" \ | |
| --version "${NEW_VERSION}" | |
| git add builder.toml | |
| fi | |
| if [[ -e package.toml ]]; then | |
| OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
| update-package-dependency \ | |
| --buildpack-toml buildpack.toml \ | |
| --id "${BP_DEPENDENCY:-$DEPENDENCY}" \ | |
| --version "${NEW_VERSION}" | |
| update-package-dependency \ | |
| --package-toml package.toml \ | |
| --id "${PKG_DEPENDENCY:-$DEPENDENCY}" \ | |
| --version "${NEW_VERSION}" | |
| git add buildpack.toml package.toml | |
| fi | |
| git checkout -- . | |
| if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then | |
| LABEL="semver:major" | |
| elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then | |
| LABEL="semver:minor" | |
| else | |
| LABEL="semver:patch" | |
| fi | |
| echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT" | |
| echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" | |
| echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT" | |
| env: | |
| DEPENDENCY: gcr.io/paketo-buildpacks/ca-certificates | |
| - uses: peter-evans/create-pull-request@v6 | |
| with: | |
| author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com> | |
| body: Bumps [`gcr.io/paketo-buildpacks/ca-certificates`](https://gcr.io/paketo-buildpacks/ca-certificates) from [`${{ steps.package.outputs.old-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.new-version }}). | |
| branch: update/package/ca-certificates | |
| commit-message: |- | |
| Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
| Bumps gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}. | |
| delete-branch: true | |
| labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade | |
| signoff: true | |
| title: Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
| token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} |