Improve Action Logging (#18)

* Improve action line documentation

* Add interim logs to make debugging easier

* Explicitly set pr title and body

* Deduplicate title/body

* Add documentation

* Add documentation

.github/ISSUE_TEMPLATE/bug_report.md

@@ -10,24 +10,19 @@ about: Create a report to help us improve
 
 A clear and concise description of what the bug is.
 
-### Steps to Reproduce
+### Recorded Logs
 
-Steps to reproduce the behavior:
-
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+Please link to an invocation of this action, or copy the exact log output of your job.
+NOTE: Do not copy an sensitive information, customer data, or access tokens into this area.
 
 ### Expected Behavior
 
 A clear and concise description of what you expected to happen.
 
 ### User Information
 
-- OS: [e.g. iOS]
-- Browser [e.g. chrome, safari]
-- Version [e.g. 22]
+Please link to or copy the relevant sections of your GitHub Action definition `.yml` file here.
+NOTE: Do not copy an sensitive information, customer data, or access tokens into this area.
 
 ### Additional Context
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,9 +1,11 @@
-Changes proposed in this merge request:
+# Proposed Changes
+
 - Additions:
 - Updates:
 - Deletions:
 
-### Pre-merge Checklist
+## Pre-merge Checklist
+
 - [ ] Write + run tests
-- [ ] Update documentation
 - [ ] Update CHANGELOG and increment version
+- [ ] Update README and relevant documentation

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## v5 - 04/01/2023
+
+- Group logs emitted during the action for easier consumption
+- Emit intermittent logs to describe settings and progress
+- FIX: Explicitly set the Pull Request title/body for more recent GitHub CLI requirements
+- Add advisory not regrading `actions/checkout` version requirements
+
 ## v4 - 01/29/2022
 
 - Dependency update commit messages now link to the github diff between the old and new version.

CODE_OF_CONDUCT.md

@@ -45,8 +45,6 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+This Code of Conduct is adapted from the [Contributor Covenant, version 1.4](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html)
 
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq
+They supply answers to most [frequently asked questions.](https://www.contributor-covenant.org/faq)

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021-2022 Nick A Nichols
+Copyright (c) 2021-2023 Nick A Nichols
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,6 +1,6 @@
 # Clojure Dependency Update Action
 
-A simple GitHub action to create Pull Requests for your out-of-date dependencies in clojure projects.
+A GitHub Action to create Pull Requests for your out-of-date dependencies in clojure projects.
 This action can automatically update the following dependency files:
 
 - [deps.edn](https://github.com/clojure/tools.deps.alpha)
@@ -9,7 +9,16 @@ This action can automatically update the following dependency files:
 - [build.boot](https://github.com/boot-clj/boot)
 - [pom.xml](https://github.com/apache/maven)
 
-This action uses [antq](https://github.com/liquidz/antq) to check dependencies.
+This action uses [antq](https://github.com/liquidz/antq) to check and update dependencies.
+
+## Requirements
+
+The Actions platform is constantly being refined by the GitHub team.
+To ensure the safety of all end-users, they occasionally deprecate functionality which poses security risks.
+This impacts all first and third party Actions which you may use in your workflows.
+When diagnosing issues, please check your Actions tab for any deprecation notices.
+
+As of writing, this action requires that `actions/checkout` is set to at least `3.x.y`.
 
 ## Sample Usage
 
@@ -27,9 +36,11 @@ jobs:
 
     steps:
     - name: Checkout Latest Commit
-      uses: actions/checkout@v3.0.2
+      uses: actions/checkout@v3.5.0
+      with:
+        ref: ${{ github.head_ref }}
 
-    - name: Check deps
+    - name: Check Clojure Dependencies
       uses: nnichols/clojure-dependency-update-action@v4
       with:
         github-token: ${{ secrets.github_token }}
@@ -50,10 +61,12 @@ jobs:
 
     steps:
     - name: Checkout Latest Commit
-      uses: actions/checkout@v3.0.2
+      uses: actions/checkout@v3.5.0
+      with:
+        ref: ${{ github.head_ref }}
 
-    - name: Check deps
-      uses:  nnichols/clojure-dependency-update-action@v4
+    - name: Check Clojure Dependencies
+      uses: nnichols/clojure-dependency-update-action@v4
       with:
         github-token: ${{ secrets.github_token }}
         git-username: nnichols
@@ -65,21 +78,28 @@ jobs:
 
 ## Supported Arguments
 
-* `github-token`: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository.
-* `branch`: The branch that dependencies should be checked on and Pull Requests created against. Defaults to `master`
-* `git-email`: The email address each commit should be associated with. Defaults to a github provided noreply address
-* `git-username`: The GitHub username each commit should be associated with. Defaults to `github-actions[bot]`
-* `excludes`: Artifact names to be excluded from the `antq` check. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
-* `directories`: Directories to search for project files in. Defaults to the root of the repository. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
-* `skips`: Build tools/files to skip by default. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
-* `batch`:  Updates all outdated dependencies in a single pull request. Set to "true" to enable
+- `github-token`: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository.
+- `branch`: The branch that dependencies should be checked on and Pull Requests created against. Defaults to `master`
+- `git-email`: The email address each commit should be associated with. Defaults to a github provided noreply address
+- `git-username`: The GitHub username each commit should be associated with. Defaults to `github-actions[bot]`
+- `excludes`: Artifact names to be excluded from the `antq` check. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
+- `directories`: Directories to search for project files in. Defaults to the root of the repository. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
+- `skips`: Build tools/files to skip by default. Defaults to an empty list. See [antq-action](https://github.com/liquidz/antq-action#inputs) for more information.
+- `batch`:  Updates all outdated dependencies in a single pull request. Set to "true" to enable
+
+## Alternatives
+
+As the Clojure ecosystem matures, more first-class options for dependency management now support the language.
+The following is a growing list of alternative tools to consider:
+
+- [Renovatebot](https://github.com/renovatebot/renovate "The RenovateBot repository")
 
 ## Acknowledgements
 
-Special thanks to [Chad Taylor](https://github.com/tessellator) for figuring out the initial bash script this is based on.
+Special thanks to [Chad Taylor](https://github.com/tessellator "Chad's GitHub Profile") for figuring out the initial bash script this is based on.
 
 ## Licensing
 
-Copyright © 2021-2022 [Nick Nichols](https://nnichols.github.io/)
+Copyright © 2021-2023 [Nick Nichols](https://nnichols.github.io/)
 
 Distributed under the [MIT License](https://github.com/nnichols/clojure-dependency-update-action/blob/master/LICENSE)

dependency-check.sh

@@ -1,38 +1,80 @@
 #!/bin/bash
 
+# Set active git user to the tokens provided
 git config --global user.email $EMAIL
 git config --global user.name $NAME
 export GITHUB_TOKEN=$TOKEN
+
+# Checkout the base branch for all updates
+echo "Checking out base branch" $BRANCH
 git checkout $BRANCH
 
+# Convert the list of excluded artifacts into a set of --exclude flags
+echo "::group::Setting Excludes"
+echo "Original excludes: ${EXCLUDE}"
 EXCLUDES=""
 for artifact in $EXCLUDE; do
     EXCLUDES="${EXCLUDES} --exclude=${artifact}"
+    echo ${EXCLUDES}
 done
+echo "::endgroup::"
 
+# If no directory is specified, default to the current directory
+echo "::group::Setting Directory"
+echo "Original directory: ${DIRECTORY}"
 if [ -z "${DIRECTORY}" ]; then
     DIRECTORY="."
+    echo "No directory specified. Defaulting to current directory"
 fi
 
+# Convert the list of directories into a set of --directory flags
 DIRECTORIES=""
 for directory in $DIRECTORY; do
     DIRECTORIES="${DIRECTORIES} --directory=${directory}"
+    echo ${DIRECTORIES}
 done
+echo "::endgroup::"
 
+# Convert the list of skip flags into a set of --skip flags
+echo "::group::Setting Skips"
+echo "Original skip: ${SKIP}"
 SKIPS=""
 for skip in $SKIP; do
     SKIPS="${SKIPS} --skip=${skip}"
+    echo ${SKIPS}
 done
+echo "::endgroup::"
 
+# Pre-fetch Antq. This prevents the action from parsing the output of loading the app dependencies
+echo "::group::Pre-fetching dependencies"
 PREFETCH=$(clojure -Stree -Sdeps '{:deps {antq/antq {:mvn/version "RELEASE"}}}')
+echo "::endgroup::"
+
+# Set the reporter for antq to be parsable
 FORMATTER="--reporter=format --error-format=\"{{name}},{{version}},{{latest-version}},{{diff-url}}\""
+echo "::group::Selected options"
+echo "Formatter: ${FORMATTER}"
+echo "::endgroup::"
+
+# Run antq to check for outdated dependencies
+echo "::group::Checking for outdated dependencies"
 UPGRADE_CMD="clojure -Sdeps '{:deps {antq/antq {:mvn/version \"RELEASE\"}}}' -m antq.core ${FORMATTER} ${EXCLUDES} ${DIRECTORIES} ${SKIPS}"
 UPGRADE_LIST=$(eval ${UPGRADE_CMD})
+echo "::endgroup::"
+
+# Parse the output of antq into a list of upgrades, and remove any failed fetches
 UPGRADES=$(echo ${UPGRADE_LIST} | sed '/Failed to fetch/d' | sed '/Unable to fetch/d' | sed '/Logging initialized/d' | sort -u)
 UPDATE_TIME=$(date +"%Y-%m-%d-%H-%M-%S")
 
+echo "::group::Upgrades"
+echo ${UPGRADES}
+echo "::endgroup::"
+
+# Iterate over all upgrades
 for upgrade in $UPGRADES; do
 
+  echo "::group::Processing upgrade"
+
   # Parse each upgrade into its constituent parts
   IFS=',' temp=($upgrade)
   DEP_NAME=${temp[0]}
@@ -53,31 +95,40 @@ for upgrade in $UPGRADES; do
   echo "Checking out" $BRANCH_NAME
   git checkout $BRANCH_NAME || git checkout -b $BRANCH_NAME
 
+  # IF we successfully created a new branch, update the dependency
   if [[ $? == 0 ]]; then
 
     # Use antq to update the dependency
     echo "Updating" $DEP_NAME "version" $OLD_VERSION "to" $NEW_VERSION
     UPDATE_CMD="clojure -Sdeps '{:deps {antq/antq {:mvn/version \"RELEASE\"}}}' -m antq.core --upgrade --force ${DIRECTORIES} --focus=${DEP_NAME}"
     eval ${UPDATE_CMD} || $(echo "Cannot update ${DEP_NAME}. Continuing" && git checkout ${BRANCH} && continue)
 
+    TITLE="Bumped $DEP_NAME from $OLD_VERSION to $NEW_VERSION"
+    BODY="Inspect dependency changes here: $DIFF_URL"
+
     # Commit the dependency update, and link to the diff
     git add .
-    git commit -m "Bumped $DEP_NAME from $OLD_VERSION to $NEW_VERSION." -m "Inspect dependency changes here: $DIFF_URL"
+    git commit -m ${TITLE} -m ${BODY}
     git push -u "https://$GITHUB_ACTOR:$TOKEN@github.com/$GITHUB_REPOSITORY.git" $BRANCH_NAME
 
     # We only create pull requests per dependency in non-batch mode
     if [ "$BATCH" != "true" ]; then
-      gh pr create --fill --head $BRANCH_NAME --base $BRANCH
+      echo "Opening pull request for" $DEP_NAME
+      gh pr create --head $BRANCH_NAME --base $BRANCH --title ${TITLE} --body ${BODY}
     fi
 
     # Print a blank line, and reset the branch
-    echo
+    echo "Checking out" $BRANCH
     git checkout $BRANCH
   fi
+
+  echo "::endgroup::"
+
 done
 
 # Once all updates have been made, open the pull request for batch mode
 if [ "$BATCH" == "true" ]; then
   git checkout $BRANCH_NAME
+  echo "Opening pull request for batch update"
   gh pr create --fill --head $BRANCH_NAME --base $BRANCH
 fi