-
-
Notifications
You must be signed in to change notification settings - Fork 66
142 lines (125 loc) · 5.67 KB
/
updater.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Updater
on:
workflow_dispatch:
push:
branches:
- main
tags:
- '*'
# No path filters ensures we always have a docker image matching the latest commit on main
pull_request:
branches:
# Only trigger for PRs against `main` branch.
- main
paths:
- 'updater/**'
- '.rubocop*.yml'
- '.ruby-version'
- 'Rakefile'
- '.github/workflows/updater.yml'
- '!docs/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Build:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
suite:
- { ecosystem: bundler }
- { ecosystem: cargo }
- { ecosystem: composer }
- { ecosystem: docker }
- { ecosystem: dotnet-sdk }
- { ecosystem: elm }
- { ecosystem: gitsubmodule }
- { ecosystem: github-actions }
- { ecosystem: gomod }
- { ecosystem: gradle }
- { ecosystem: mix }
- { ecosystem: maven }
- { ecosystem: npm }
- { ecosystem: nuget }
- { ecosystem: pub }
- { ecosystem: pip }
- { ecosystem: swift }
- { ecosystem: devcontainers }
- { ecosystem: terraform }
env:
IMAGE_NAME: 'dependabot-updater-${{ matrix.suite.ecosystem }}'
DOCKER_BUILDKIT: 1 # Enable Docker BuildKit
# $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
BUNDLE_GEMFILE: ${{ github.workspace }}/updater/Gemfile
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Required for GitVersion
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: '6.x'
- name: Determine Version
uses: gittools/actions/gitversion/[email protected]
id: gitversion
with:
useConfigFile: true
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: bundle exec rubocop
run: bundle exec rubocop
working-directory: updater
- name: bundle exec rspec spec
run: bundle exec rspec spec
working-directory: updater
- name: Pull Docker base image & warm Docker cache
run: docker pull "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest"
# remove this after at least one release tagged 'latest'
continue-on-error: true
- name: Get dependabot-updater image tag version
id: docker-base-version
run: |
tag_name=$(grep -oP "(?<=gem \"dependabot-omnibus\", \"~>).*(?=\")" updater/Gemfile)
tag_sha=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' --url "https://api.github.com/repos/dependabot/dependabot-core/tags" | jq -r "[.[]|select(.name==\"v$tag_name\")][0].commit.sha")
echo "Using dependabot-updater image tag '$tag_sha' (v$tag_name)"
echo "version=$tag_sha" >> $GITHUB_OUTPUT
- name: Build image
run: |
docker build \
-f updater/Dockerfile \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg ECOSYSTEM=${{ matrix.suite.ecosystem }} \
--build-arg BASE_VERSION=${{ steps.docker-base-version.outputs.version }} \
--build-arg DEPENDABOT_UPDATER_VERSION=${{ steps.gitversion.outputs.fullSemVer }} \
--label com.github.image.run.id=${{ github.run_id }} \
--label com.github.image.run.number=${{ github.run_number }} \
--label com.github.image.job.id=${{ github.job }} \
--label com.github.image.source.sha=${{ github.sha }} \
--label com.github.image.source.branch=${{ github.ref }} \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.fullSemVer }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major}}.${{ steps.gitversion.outputs.minor }}" \
-t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" \
--cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \
.
- name: Log into registry
if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }}
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push image (latest, ShortSha)
if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }}
run: |
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest"
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}"
- name: Push image (NuGetVersionV2)
if: ${{ !startsWith(github.ref, 'refs/pull') }}
run: docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.fullSemVer }}"
- name: Push image (major, minor)
if: startsWith(github.ref, 'refs/tags')
run: |
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}.${{ steps.gitversion.outputs.minor }}"
docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}"