chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /infra… #2555
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Tooling | |
on: | |
schedule: | |
- cron: "0 2 * * *" | |
workflow_dispatch: | |
release: | |
types: [released] | |
push: | |
branches: | |
- "master" | |
env: | |
TERRAFORM_URL: "https://api.github.com/repos/hashicorp/terraform/releases/latest" | |
CLOUD_SDK_URL: "https://dl.google.com/dl/cloudsdk/channels/rapid/google-cloud-sdk.tar.gz" | |
KPT_URL: "https://api.github.com/repos/kptdev/kpt/releases" | |
CFT_CLI_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases" | |
MODULE_SWAPPER_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases" | |
TFLINT_BP_PLUGIN_URL: "https://api.github.com/repos/GoogleCloudPlatform/cloud-foundation-toolkit/releases" | |
GATOR_MINOR: "3.17" | |
GATOR_URL: "https://api.github.com/repos/open-policy-agent/gatekeeper/releases" | |
GCRANE_URL: "https://api.github.com/repos/google/go-containerregistry/releases/latest" | |
KUSTOMIZE_URL: "https://api.github.com/repos/kubernetes-sigs/kustomize/releases" | |
TERRAGRUNT_URL: "https://api.github.com/repos/gruntwork-io/terragrunt/releases/latest" | |
TFLINT_URL: "https://api.github.com/repos/terraform-linters/tflint/releases/latest" | |
GOLANGCI_URL: "https://api.github.com/repos/golangci/golangci-lint/releases/latest" | |
jobs: | |
update-tools: | |
runs-on: ubuntu-latest | |
if: github.repository == 'GoogleCloudPlatform/cloud-foundation-toolkit' | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: master | |
- name: Update Tools | |
run: | | |
PR_UPDATE_BODY="" | |
newline=$'\n' | |
tools=("TERRAFORM" "CLOUD_SDK" "CFT_CLI" "GATOR" "GCRANE" "KPT" "MODULE_SWAPPER" "KUSTOMIZE" "TERRAGRUNT" "TFLINT" "GOLANGCI" "TFLINT_BP_PLUGIN") | |
for tool in ${tools[@]} | |
do | |
# get current tool version from Makefile | |
CURRENT_TOOL_VERSION=$(cat infra/build/Makefile | grep "${tool}_VERSION :=" | awk -F" " '{print $3}') | |
TOOL_URL=$tool\_URL | |
# get latest tool version from URL | |
if [ "$tool" == "CLOUD_SDK" ]; then | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | tar --to-stdout -xzf - google-cloud-sdk/VERSION) | |
elif [ "$tool" == "KPT" ]; then | |
# get latest release including pre-releases for kpt, excluding releases of porch | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .tag_name | contains("porch/") | not )][0].tag_name' | tr -d "v") | |
elif [ "$tool" == "CFT_CLI" ]; then | |
# get latest CFT_CLI release | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("CLI Release"))][0].tag_name' | tr -d "cli/v") | |
elif [ "$tool" == "MODULE_SWAPPER" ]; then | |
# get latest MODULE_SWAPPER release | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("infra/module-swapper"))][0].tag_name' | tr -d "infra/module\-swapper/v") | |
elif [ "$tool" == "TFLINT_BP_PLUGIN" ]; then | |
# get latest TFLINT_BP_PLUGIN release | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("tflint-ruleset-blueprint"))][0].tag_name' | tr -d "tflint\-ruleset\-blueprint/v") | |
elif [ "$tool" == "GATOR" ]; then | |
# get latest GATOR_MINOR release | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("'${GATOR_MINOR}'"))][0].tag_name' | tr -d "v") | |
elif [ "$tool" == "KUSTOMIZE" ]; then | |
# get latest KUSTOMIZE release | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output '[ .[] | select( .name | contains("kustomize"))][0].tag_name' | tr -d "kustomize/v") | |
else | |
LATEST_TOOL_VERSION=$(curl -s ${!TOOL_URL} | jq --raw-output .tag_name | tr -d "v") | |
fi | |
echo "Current ${tool} version: ${CURRENT_TOOL_VERSION}" | |
echo "Latest ${tool} version: ${LATEST_TOOL_VERSION} via ${!TOOL_URL}" | |
# update tool version in Makefile if not latest | |
if [ "$CURRENT_TOOL_VERSION" == "$LATEST_TOOL_VERSION" ]; then | |
echo "${tool} is latest" | |
elif [[ -z "$CURRENT_TOOL_VERSION" || "$CURRENT_TOOL_VERSION" == "" || "$CURRENT_TOOL_VERSION" == "null" ]]; then | |
echo "${tool} version is missing" | |
else | |
echo "${tool} needs to be updated to ${LATEST_TOOL_VERSION}" | |
sed -i "s/${tool}_VERSION := ${CURRENT_TOOL_VERSION}/${tool}_VERSION := ${LATEST_TOOL_VERSION}/g" infra/build/Makefile | |
echo "LATEST_${tool}=${LATEST_TOOL_VERSION}" >> $GITHUB_ENV | |
echo "BUMP_IMG=true" >> $GITHUB_ENV | |
PR_UPDATE_BODY="$PR_UPDATE_BODY Updating ${tool} from ${CURRENT_TOOL_VERSION} to ${LATEST_TOOL_VERSION} ${newline}" | |
fi | |
done | |
# Create multiline PR body text | |
echo "PR_UPDATE_BODY<<EOF" >> $GITHUB_ENV | |
echo "$PR_UPDATE_BODY" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- name: Bump image patch version | |
if: env.BUMP_IMG == 'true' | |
run: | | |
CURRENT_IMG_VERSION=$(cat infra/build/Makefile | grep 'DOCKER_TAG_VERSION_DEVELOPER_TOOLS :=' | awk -F" " '{print $3}') | |
NEW_IMG_VERSION=$(echo $CURRENT_IMG_VERSION | awk -F. '{$NF+=1; print $0}' OFS=".") | |
sed -i "s/DOCKER_TAG_VERSION_DEVELOPER_TOOLS := ${CURRENT_IMG_VERSION}/DOCKER_TAG_VERSION_DEVELOPER_TOOLS := ${NEW_IMG_VERSION}/g" infra/build/Makefile | |
echo "NEW_IMG_VERSION=${NEW_IMG_VERSION}" >> $GITHUB_ENV | |
- name: Commit Makefile | |
if: env.BUMP_IMG == 'true' | |
run: | | |
git config user.name 'Cloud Foundation Bot' | |
git config user.email '[email protected]' | |
git add infra/build/Makefile | |
git diff-index --quiet HEAD || git commit -m "chore: Update Tools to ${{env.NEW_IMG_VERSION}}" | |
- name: Create Pull Request | |
if: env.BUMP_IMG == 'true' | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
with: | |
token: ${{ secrets.CFT_ROBOT_PAT }} | |
commit-message: Update tools to ${{env.NEW_IMG_VERSION}} | |
committer: "Update Tooling Action <[email protected]>" | |
title: "chore: Update Tools to ${{env.NEW_IMG_VERSION}}" | |
body: | | |
Updated tools to ${{env.NEW_IMG_VERSION}} | |
${{env.PR_UPDATE_BODY}} | |
labels: automated pr | |
reviewers: bharathkkb, apeabody | |
branch: create-pull-request/patch-tools-version | |
base: master |