Skip to content

chore(deps): update github/codeql-action action to v3.27.1 (#2699) #2453

chore(deps): update github/codeql-action action to v3.27.1 (#2699)

chore(deps): update github/codeql-action action to v3.27.1 (#2699) #2453

name: Update Tooling
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch:
release:
types: [released]
push:
branches:
- "master"
env:
TERRAFORM_URL: "https://api.github.com/repos/hashicorp/terraform/releases/latest"
CLOUD_SDK_URL: "https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz"
KPT_URL: "https://api.github.com/repos/kptdev/kpt/releases"
CFT_CLI_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases"
MODULE_SWAPPER_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases"
TFLINT_BP_PLUGIN_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases"
GATOR_MINOR: "3.17"
GATOR_URL: "https://api.github.com/repos/open-policy-agent/gatekeeper/releases"
GCRANE_URL: "https://api.github.com/repos/google/go-containerregistry/releases/latest"
KUSTOMIZE_URL: "https://api.github.com/repos/kubernetes-sigs/kustomize/releases"
TERRAGRUNT_URL: "https://api.github.com/repos/gruntwork-io/terragrunt/releases/latest"
TFLINT_URL: "https://api.github.com/repos/terraform-linters/tflint/releases/latest"
GOLANGCI_URL: "https://api.github.com/repos/golangci/golangci-lint/releases/latest"
jobs:
update-tools:
runs-on: ubuntu-latest
if: github.repository == 'GoogleCloudPlatform/cloud-foundation-toolkit'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: master
- name: Update Tools
run: |
PR_UPDATE_BODY=""
newline=$'\n'
tools=("TERRAFORM" "CLOUD_SDK" "CFT_CLI" "GATOR" "GCRANE" "KPT" "MODULE_SWAPPER" "KUSTOMIZE" "TERRAGRUNT" "TFLINT" "GOLANGCI" "TFLINT_BP_PLUGIN")
for tool in ${tools[@]}
do
# get current tool version from Makefile
CURRENT_TOOL_VERSION=$(cat infra/build/Makefile | grep "${tool}_VERSION :=" | awk -F" " '{print $3}')
TOOL_URL=$tool\_URL
# get latest tool version from URL
if [ "$tool" == "CLOUD_SDK" ]; then
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | tar --to-stdout -xzf - google-cloud-sdk/VERSION)
elif [ "$tool" == "KPT" ]; then
# get latest release including pre-releases for kpt, excluding releases of porch
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .tag_name | contains("porch/") | not )][0].tag_name' | tr -d "v")
elif [ "$tool" == "CFT_CLI" ]; then
# get latest CFT_CLI release
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("CLI Release"))][0].tag_name' | tr -d "cli/v")
elif [ "$tool" == "MODULE_SWAPPER" ]; then
# get latest MODULE_SWAPPER release
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("infra/module-swapper"))][0].tag_name' | tr -d "infra/module\-swapper/v")
elif [ "$tool" == "TFLINT_BP_PLUGIN" ]; then
# get latest TFLINT_BP_PLUGIN release
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("tflint-ruleset-blueprint"))][0].tag_name' | tr -d "tflint\-ruleset\-blueprint/v")
elif [ "$tool" == "GATOR" ]; then
# get latest GATOR_MINOR release
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("'${GATOR_MINOR}'"))][0].tag_name' | tr -d "v")
elif [ "$tool" == "KUSTOMIZE" ]; then
# get latest KUSTOMIZE release
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("kustomize"))][0].tag_name' | tr -d "kustomize/v")
else
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output .tag_name | tr -d "v")
fi
echo "Current ${tool} version: ${CURRENT_TOOL_VERSION}"
echo "Latest ${tool} version: ${LATEST_TOOL_VERSION} via ${!TOOL_URL}"
# update tool version in Makefile if not latest
if [ "$CURRENT_TOOL_VERSION" == "$LATEST_TOOL_VERSION" ]; then
echo "${tool} is latest"
elif [[ -z "$CURRENT_TOOL_VERSION" || "$CURRENT_TOOL_VERSION" == "" || "$CURRENT_TOOL_VERSION" == "null" ]]; then
echo "${tool} version is missing"
else
echo "${tool} needs to be updated to ${LATEST_TOOL_VERSION}"
sed -i "s/${tool}_VERSION := ${CURRENT_TOOL_VERSION}/${tool}_VERSION := ${LATEST_TOOL_VERSION}/g" infra/build/Makefile
echo "LATEST_${tool}=${LATEST_TOOL_VERSION}" >> $GITHUB_ENV
echo "BUMP_IMG=true" >> $GITHUB_ENV
PR_UPDATE_BODY="$PR_UPDATE_BODY Updating ${tool} from ${CURRENT_TOOL_VERSION} to ${LATEST_TOOL_VERSION} ${newline}"
fi
done
# Create multiline PR body text
echo "PR_UPDATE_BODY<<EOF" >> $GITHUB_ENV
echo "$PR_UPDATE_BODY" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Bump image patch version
if: env.BUMP_IMG == 'true'
run: |
CURRENT_IMG_VERSION=$(cat infra/build/Makefile | grep 'DOCKER_TAG_VERSION_DEVELOPER_TOOLS :=' | awk -F" " '{print $3}')
NEW_IMG_VERSION=$(echo $CURRENT_IMG_VERSION | awk -F. '{$NF+=1; print $0}' OFS=".")
sed -i "s/DOCKER_TAG_VERSION_DEVELOPER_TOOLS := ${CURRENT_IMG_VERSION}/DOCKER_TAG_VERSION_DEVELOPER_TOOLS := ${NEW_IMG_VERSION}/g" infra/build/Makefile
echo "NEW_IMG_VERSION=${NEW_IMG_VERSION}" >> $GITHUB_ENV
- name: Commit Makefile
if: env.BUMP_IMG == 'true'
run: |
git config user.name 'Cloud Foundation Bot'
git config user.email '[email protected]'
git add infra/build/Makefile
git diff-index --quiet HEAD || git commit -m "chore: Update Tools to ${{env.NEW_IMG_VERSION}}"
- name: Create Pull Request
if: env.BUMP_IMG == 'true'
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.CFT_ROBOT_PAT }}
commit-message: Update tools to ${{env.NEW_IMG_VERSION}}
committer: "Update Tooling Action <[email protected]>"
title: "chore: Update Tools to ${{env.NEW_IMG_VERSION}}"
body: |
Updated tools to ${{env.NEW_IMG_VERSION}}
${{env.PR_UPDATE_BODY}}
labels: automated pr
reviewers: bharathkkb, apeabody
branch: create-pull-request/patch-tools-version
base: master