Skip to content

Revert "Bump dependabot-omnibus from 0.285.0 to 0.286.0 in /updater" #1334

Revert "Bump dependabot-omnibus from 0.285.0 to 0.286.0 in /updater"

Revert "Bump dependabot-omnibus from 0.285.0 to 0.286.0 in /updater" #1334

Workflow file for this run

name: Updater
on:
workflow_dispatch:
push:
branches:
- main
tags:
- '*'
# No path filters ensures we always have a docker image matching the latest commit on main
pull_request:
branches:
# Only trigger for PRs against `main` branch.
- main
paths:
- 'updater/**'
- '.rubocop*.yml'
- '.ruby-version'
- 'Rakefile'
- '.github/workflows/updater.yml'
- '!docs/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Build:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
suite:
- { ecosystem: bundler }
- { ecosystem: cargo }
- { ecosystem: composer }
- { ecosystem: docker }
- { ecosystem: dotnet-sdk }
- { ecosystem: elm }
- { ecosystem: gitsubmodule }
- { ecosystem: github-actions }
- { ecosystem: gomod }
- { ecosystem: gradle }
- { ecosystem: mix }
- { ecosystem: maven }
- { ecosystem: npm }
- { ecosystem: nuget }
- { ecosystem: pub }
- { ecosystem: pip }
- { ecosystem: swift }
- { ecosystem: devcontainers }
- { ecosystem: terraform }
env:
IMAGE_NAME: 'dependabot-updater-${{ matrix.suite.ecosystem }}'
DOCKER_BUILDKIT: 1 # Enable Docker BuildKit
# $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
BUNDLE_GEMFILE: ${{ github.workspace }}/updater/Gemfile
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Required for GitVersion
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: '6.x'
- name: Determine Version
uses: gittools/actions/gitversion/[email protected]
id: gitversion
with:
useConfigFile: true
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: bundle exec rubocop
run: bundle exec rubocop
working-directory: updater
- name: bundle exec rspec spec
run: bundle exec rspec spec
working-directory: updater
- name: Pull Docker base image & warm Docker cache
run: docker pull "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest"
# remove this after at least one release tagged 'latest'
continue-on-error: true
- name: Get dependabot-updater image tag version
id: docker-base-version
run: |
tag_name=$(grep -oP "(?<=gem \"dependabot-omnibus\", \"~>).*(?=\")" updater/Gemfile)
tag_sha=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' --url "https://api.github.com/repos/dependabot/dependabot-core/tags" | jq -r "[.[]|select(.name==\"v$tag_name\")][0].commit.sha")
echo "Using dependabot-updater image tag '$tag_sha' (v$tag_name)"
echo "version=$tag_sha" >> $GITHUB_OUTPUT
- name: Build image
run: |
docker build \
-f updater/Dockerfile \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg ECOSYSTEM=${{ matrix.suite.ecosystem }} \
--build-arg BASE_VERSION=${{ steps.docker-base-version.outputs.version }} \
--build-arg DEPENDABOT_UPDATER_VERSION=${{ steps.gitversion.outputs.fullSemVer }} \
--label com.github.image.run.id=${{ github.run_id }} \
--label com.github.image.run.number=${{ github.run_number }} \
--label com.github.image.job.id=${{ github.job }} \
--label com.github.image.source.sha=${{ github.sha }} \
--label com.github.image.source.branch=${{ github.ref }} \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.fullSemVer }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major}}.${{ steps.gitversion.outputs.minor }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" \
--cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \
.
- name: Log into registry
if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }}
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push image (latest, ShortSha)
if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }}
run: |
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest"
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}"
- name: Push image (NuGetVersionV2)
if: ${{ !startsWith(github.ref, 'refs/pull') }}
run: docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.fullSemVer }}"
- name: Push image (major, minor)
if: startsWith(github.ref, 'refs/tags')
run: |
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}.${{ steps.gitversion.outputs.minor }}"
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}"