Skip to content

dagger-update

dagger-update #26

---
name: dagger-update
on:
# using on: pull_request causes a loop
# run on pushes to renovate branches
# with path filter
push:
paths:
- "**/dagger.json"
branches:
- renovate/*
workflow_dispatch:
inputs:
#checkov:skip=CKV_GHA_7:desired to affect output to affect the build in this case
go-updates:
type: boolean
default: false
description: enable golang updates
permissions:
contents: read # required for actions/checkout
jobs:
dagger-update:
name: Update Dagger Modules
runs-on: ubuntu-latest
permissions:
contents: write # allow workflow to write to PR
steps:
- name: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
# should be used for PRs only
# https://github.com/marketplace/actions/add-commit#working-with-prs
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- name: generate app token
id: generate_app_token
if: "! github.event.pull_request.head.repo.fork"
# yamllint disable-line rule:line-length
uses: suzuki-shunsuke/github-token-action@350d7506222e3a0016491abe85b5c4dd475b67d1 # v0.2.1
with:
github_app_id: ${{ secrets.GH_APP_ID }}
github_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
github_app_permissions: >-
{ "contents": "write" }
github_app_repositories: >-
["${{github.event.repository.name}}"]
- name: install aquas (using default token)
# yamllint disable-line rule:line-length
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
if: |
steps.generate_app_token.outputs.token_type == 'empty'
&& ! github.event.pull_request.head.repo.fork
with:
policy_allow: "true"
aqua_version: v2.36.2 # renovate: depName=aquaproj/aqua
env:
AQUA_GITHUB_TOKEN: ${{ github.token }}
# yamllint disable-line rule:line-length
- name: install aquas (using generated app token)
# yamllint disable-line rule:line-length
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
if: |
steps.generate_app_token.outputs.token_type != 'empty'
&& ! github.event.pull_request.head.repo.fork
with:
policy_allow: "true"
aqua_version: v2.36.2 # renovate: depName=aquaproj/aqua
env:
AQUA_GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }}
# yamllint disable-line rule:line-length
- uses: kevincobain2000/action-gobrew@aa328ee19c95750fa612256c0a3f9bad4810fc04 # v2
with:
version: 1.23.1 # renovate: datasource=golang-version depName=go
- name: dagger develop
run: |
just goUpdates="${{ inputs.go-updates }}" develop
- name: push changes with ghcp
if: "! github.event.pull_request.head.repo.fork"
env:
GITHUB_REPOSITORY: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }}
run: |
set -eu
if ! ghcp -v; then
echo "::error ::int128/ghcp not found - needed to push."
exit 1
fi
branch=${GITHUB_HEAD_REF:-} # https://github.com/int128/ghcp
if [ -z "${branch}" ]; then
branch="${GITHUB_REF_NAME}"
fi
GO_UPDATES_STR=""
if [ "${{ inputs.go-updates }}" = "true" ]; then
GO_UPDATES_STR=" + related golang updates"
fi
# shellcheck disable=SC2046
# ^- we want it to split!
ghcp commit -r "$GITHUB_REPOSITORY" -b "${branch}" \
-m "chore(dagger): develop${GO_UPDATES_STR}" \
$(git --no-pager diff --name-only)
echo "::notice ::changes pushed to branch, 'exit 1' to force checks"
exit 1