bump.yml #287
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check for Cargo dependencies updates, and automatically open a Pull Request | |
| # if updates are found. | |
| name: "bump.yml" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run with tmate enabled" | |
| required: false | |
| default: false | |
| schedule: | |
| # Check for updates at 3:18am every day. | |
| # I avoid midnight because everyone uses midnight and | |
| # I don't need to contribute to load spikes. | |
| - cron: "18 3 * * *" | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.ref }}" | |
| cancel-in-progress: true | |
| permissions: | |
| contents: "write" | |
| packages: "read" | |
| id-token: "write" | |
| pull-requests: "write" | |
| jobs: | |
| dpdk-sys: | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: "login to ghcr.io" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| - name: "install envsubst" | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends gettext | |
| - run: | | |
| ./scripts/bump.sh | |
| - name: "Create Pull Request" | |
| uses: "peter-evans/create-pull-request@v7" | |
| with: | |
| branch: "bump/dpdk-sys" | |
| title: "bump(dpdk-sys): new-version" | |
| labels: | | |
| automated | |
| dependencies | |
| signoff: "true" | |
| commit-message: "bump(dpdk-sys): automated bump of dpdk-sys" | |
| sign-commits: "true" | |
| body: "bump dpdk-sys" | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| cargo-upgrades: | |
| runs-on: "lab" | |
| steps: | |
| - name: "install rust" | |
| uses: "dtolnay/rust-toolchain@stable" | |
| - name: "install ansi2txt" | |
| run: | | |
| # this keeps our GH actions logs from getting messed up with color codes | |
| echo 'deb [trusted=yes] https://apt.gabe565.com /' | sudo tee /etc/apt/sources.list.d/gabe565.list | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends ansi2txt | |
| - name: "install binstall" | |
| run: | | |
| cargo install cargo-binstall | |
| - name: "install upgrade tools" | |
| run: | | |
| cargo binstall -y cargo-edit # required to make `cargo upgrade` edit the Cargo.toml file | |
| cargo binstall -y just | |
| cargo binstall -y cargo-deny | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| - name: "refresh compile-env" | |
| run: | | |
| just --yes refresh-compile-env | |
| just --yes fake-nix | |
| - name: "deny check (pre)" | |
| # Confirm that upstream licenses have not changed in some way that prevents us from using them. | |
| # We want to do this both before and after we run cargo upgrade to make it easier to decide if | |
| # the problem existed before the upgrade ran, or if the license issue was introduced by the | |
| # upgrade itself. | |
| # Similar logic applies to security vulnerabilities but even more so since those, almost by definition, were | |
| # not detected at release time by the upstream project. | |
| # We run our "pre" check with `continue-on-error` set to true because it is equally possible that the upgrade | |
| # _resolves_ the license / security issue we have had / would have had without the upgrade. | |
| run: | | |
| just cargo deny check | |
| continue-on-error: true | |
| - name: "cargo upgrade" | |
| id: upgrade | |
| run: | | |
| git config user.name 'github-actions[bot]' | |
| git config user.email '<41898282+github-actions[bot]@users.noreply.github.com>' | |
| BASE="$(git rev-parse HEAD)" | |
| # Run "cargo update" | |
| just cargo update | |
| if ! git diff --quiet; then | |
| git add Cargo.lock | |
| git commit -sm "bump(cargo)!: bump dependencies (cargo update)" | |
| fi | |
| # Check updates available with "cargo upgrade", | |
| # then bump each package individually through separate commits | |
| just cargo upgrade --incompatible=allow --dry-run > upgrade_output.txt | |
| sed '/^====/d; /^name .* new req$/d; s/ .*//' upgrade_output.txt > list_packages.txt | |
| nb_upgrades=$(wc -l < list_packages.txt) | |
| echo "Found the following ${nb_upgrades} upgrade(s) available:" | |
| cat list_packages.txt | |
| while read -r package; do | |
| echo "bump(cargo)!: bump $package (cargo upgrade)" | tee commit_msg.txt | |
| echo '' | tee -a commit_msg.txt | |
| just cargo upgrade --incompatible=allow --package "$package" | tee -a commit_msg.txt | |
| git add Cargo.lock Cargo.toml cli/Cargo.toml | |
| git commit -sF commit_msg.txt | |
| done < list_packages.txt | |
| # If we didn't create any commits, we don't need to create a PR message | |
| if [[ "$(git rev-parse HEAD)" = "${BASE}" ]]; then | |
| rm -f -- upgrade_output.txt list_packages.txt commit_msg.txt | |
| exit 0 | |
| fi | |
| echo '::notice::We created the following commits:' | |
| git log --reverse -p "${BASE}".. | |
| # Create Pull Request description | |
| echo '### :rocket: Upgrades available' | tee upgrade.log | |
| if [[ "${nb_upgrades}" -ge 1 ]]; then | |
| echo '' | tee -a upgrade.log | |
| echo '```' | tee -a upgrade.log | |
| tee -a upgrade.log < upgrade_output.txt | |
| echo '```' | tee -a upgrade.log | |
| fi | |
| echo '' | tee -a upgrade.log | |
| echo ':warning: This Pull Request was automatically generated and should be carefully reviewed before acceptance. It may introduce **breaking changes**.' | tee -a upgrade.log | |
| cat upgrade.log > "${GITHUB_STEP_SUMMARY}" | |
| { | |
| echo 'upgrade<<EOF'; | |
| cat upgrade.log; | |
| echo 'EOF'; | |
| } >> "${GITHUB_OUTPUT}" | |
| rm -f -- upgrade.log upgrade_output.txt list_packages.txt commit_msg.txt | |
| - name: "deny check (post)" | |
| run: | | |
| just cargo deny check | |
| - name: "Create Pull Request" | |
| uses: "peter-evans/create-pull-request@v7" | |
| with: | |
| branch: "bump/cargo-upgrades" | |
| title: "bump(cargo)!: :rocket: upgrades available" | |
| labels: | | |
| automated | |
| dependencies | |
| signoff: "true" | |
| sign-commits: "true" | |
| body: | | |
| ${{ steps.upgrade.outputs.upgrade }} | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true |