dagger-update #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: dagger-update | |
on: | |
# using on: pull_request causes a loop | |
# run on pushes to renovate branches | |
# with path filter | |
push: | |
paths: | |
- "**/dagger.json" | |
branches: | |
- renovate/* | |
workflow_dispatch: | |
inputs: | |
#checkov:skip=CKV_GHA_7:desired to affect output to affect the build in this case | |
go-updates: | |
type: boolean | |
default: false | |
description: enable golang updates | |
permissions: | |
contents: read # required for actions/checkout | |
jobs: | |
dagger-update: | |
name: Update Dagger Modules | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # allow workflow to write to PR | |
steps: | |
- name: checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
# should be used for PRs only | |
# https://github.com/marketplace/actions/add-commit#working-with-prs | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
ref: ${{ github.event.pull_request.head.ref }} | |
- name: generate app token | |
id: generate_app_token | |
if: "! github.event.pull_request.head.repo.fork" | |
# yamllint disable-line rule:line-length | |
uses: suzuki-shunsuke/github-token-action@350d7506222e3a0016491abe85b5c4dd475b67d1 # v0.2.1 | |
with: | |
github_app_id: ${{ secrets.GH_APP_ID }} | |
github_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
github_app_permissions: >- | |
{ "contents": "write" } | |
github_app_repositories: >- | |
["${{github.event.repository.name}}"] | |
- name: install aquas (using default token) | |
# yamllint disable-line rule:line-length | |
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
if: | | |
steps.generate_app_token.outputs.token_type == 'empty' | |
&& ! github.event.pull_request.head.repo.fork | |
with: | |
policy_allow: "true" | |
aqua_version: v2.36.2 # renovate: depName=aquaproj/aqua | |
env: | |
AQUA_GITHUB_TOKEN: ${{ github.token }} | |
# yamllint disable-line rule:line-length | |
- name: install aquas (using generated app token) | |
# yamllint disable-line rule:line-length | |
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
if: | | |
steps.generate_app_token.outputs.token_type != 'empty' | |
&& ! github.event.pull_request.head.repo.fork | |
with: | |
policy_allow: "true" | |
aqua_version: v2.36.2 # renovate: depName=aquaproj/aqua | |
env: | |
AQUA_GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }} | |
# yamllint disable-line rule:line-length | |
- uses: kevincobain2000/action-gobrew@aa328ee19c95750fa612256c0a3f9bad4810fc04 # v2 | |
with: | |
version: 1.23.1 # renovate: datasource=golang-version depName=go | |
- name: dagger develop | |
run: | | |
just goUpdates="${{ inputs.go-updates }}" develop | |
- name: push changes with ghcp | |
if: "! github.event.pull_request.head.repo.fork" | |
env: | |
GITHUB_REPOSITORY: ${{ github.event.repository.name }} | |
GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }} | |
run: | | |
set -eu | |
if ! ghcp -v; then | |
echo "::error ::int128/ghcp not found - needed to push." | |
exit 1 | |
fi | |
branch=${GITHUB_HEAD_REF:-} # https://github.com/int128/ghcp | |
if [ -z "${branch}" ]; then | |
branch="${GITHUB_REF_NAME}" | |
fi | |
GO_UPDATES_STR="" | |
if [ "${{ inputs.go-updates }}" = "true" ]; then | |
GO_UPDATES_STR=" + related golang updates" | |
fi | |
# shellcheck disable=SC2046 | |
# ^- we want it to split! | |
ghcp commit -r "$GITHUB_REPOSITORY" -b "${branch}" \ | |
-m "chore(dagger): develop${GO_UPDATES_STR}" \ | |
$(git --no-pager diff --name-only) | |
echo "::notice ::changes pushed to branch, 'exit 1' to force checks" | |
exit 1 |