-
Notifications
You must be signed in to change notification settings - Fork 2
103 lines (90 loc) · 3.61 KB
/
dependencies_update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# Generated by Project Keeper
# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml
name: Update dependencies
on:
workflow_call:
inputs:
vulnerability_issues:
description: "GitHub issues for vulnerable dependencies as JSONL"
required: false
type: string
workflow_dispatch:
jobs:
update_dependencies:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Set up JDKs
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: |
11
17
cache: "maven"
- name: Print issues
run: |
echo "Issues from Action input: $ISSUES"
env:
ISSUES: ${{ inputs.vulnerability_issues }}
- name: Fail if not running on a branch
if: ${{ !startsWith(github.ref, 'refs/heads/') }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch')
- name: Update dependencies
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \
-Dproject-keeper:vulnerabilities="$CREATED_ISSUES"
env:
CREATED_ISSUES: ${{ inputs.vulnerability_issues }}
- name: Project Keeper Fix
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Project Keeper Fix for updated Project Keeper version
# Calling PK fix a second time is necessary because the first invocation potentially updated PK itself.
# So we need to run PK fix again with the latest PK version.
run: |
mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects .
- name: Generate PR comment
id: pr-comment
run: |
echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
echo 'This Pull Request was created by `dependencies_update.yml` workflow' >> "$GITHUB_OUTPUT"
echo $CREATED_ISSUES | jq --raw-output '. | "Closes " + .issue_url + " (" + .cve + ")"' >> "$GITHUB_OUTPUT"
echo 'EOF' >> "$GITHUB_OUTPUT"
env:
CREATED_ISSUES: ${{ inputs.vulnerability_issues }}
- name: Configure git
run: |
git config --global user.email "opensource@exasol.com"
git config --global user.name "Automatic Dependency Updater"
- name: Create branch
if: ${{ github.ref == 'refs/heads/main' }}
run: |
branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")"
echo "Creating branch $branch_name"
git checkout -b "$branch_name"
- name: Commit changes & push
if: ${{ startsWith(github.ref, 'refs/heads/' ) }}
run: |
branch_name=$(git rev-parse --abbrev-ref HEAD)
echo "Current branch: $branch_name, local changes:"
git diff --stat
git diff --numstat
echo "Committing changes..."
git commit --all --message "Update dependencies"
echo "Pushing branch $branch_name..."
git push --set-upstream origin $branch_name
echo "Done."
- name: Create pull request
if: ${{ github.ref == 'refs/heads/main' }}
run: |
gh pr create --base main --title "Update dependencies" --body "$COMMENT"
env:
COMMENT: ${{ steps.pr-comment.outputs.comment }}
GH_TOKEN: ${{ github.token }}