Skip to content
This repository has been archived by the owner on Mar 19, 2024. It is now read-only.

.github/workflows/dependencies.yml #1043

.github/workflows/dependencies.yml

.github/workflows/dependencies.yml #1043

Workflow file for this run

name: dependencies
on:
push:
branches-ignore:
- 'dependabot/**'
- 'manual-dependencies/**'
paths:
- '.env.example'
- '.github/workflows/dependencies.yml'
- 'docker-compose.yml'
- 'Dockerfile'
pull_request:
branches:
- main
paths:
- '.env.example'
- '.github/workflows/dependencies.yml'
- 'docker-compose.yml'
- 'Dockerfile'
schedule:
- cron: '3 6 * * *'
defaults:
run:
shell: bash
jobs:
file_dockerfile:
name: Query versions in Dockerfile
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Query version of gosu
id: gosu
run: |
set -x
echo "version=$( awk -F'=' '/^ARG GOSU_VERSION=/ {print $NF}' Dockerfile )" >> $GITHUB_OUTPUT
- name: Query version of remco
id: remco
run: |
set -x
echo "version=$( awk -F'=' '/^ARG REMCO_VERSION=/ {print $NF}' Dockerfile )" >> $GITHUB_OUTPUT
outputs:
gosu: ${{ steps.gosu.outputs.version }}
remco: ${{ steps.remco.outputs.version }}
file_envexample:
name: Query versions in .env.example
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Query version of DHIS2
id: dhis2
run: |
set -x
echo "version=$( source .env.example && echo "$DHIS2_TAG" )" >> $GITHUB_OUTPUT
- name: Query version of Tomcat
id: tomcat
run: |
set -x
echo "version=$( grep --only-matching --extended-regexp 'tomcat[0-9]{1,2}\.[0-9.]+' .env.example | sed 's/^tomcat//' )" >> $GITHUB_OUTPUT
outputs:
dhis2: ${{ steps.dhis2.outputs.version }}
tomcat: ${{ steps.tomcat.outputs.version }}
github_tags:
name: Query versions of projects using the GitHub API
runs-on: ubuntu-22.04
steps:
- name: Query latest gosu tag
id: gosu
run: |
set -x
echo "version=$( curl -fsS https://api.github.com/repos/tianon/gosu/tags | jq --raw-output '.[].name' | sort --version-sort | tail -1 )" >> $GITHUB_OUTPUT
- name: Query latest remco tag
id: remco
run: |
set -x
echo "version=$( curl -fsS https://api.github.com/repos/HeavyHorst/remco/tags | jq --raw-output '.[].name' | sed -r 's/^[v.]{1,2}//g' | sort --version-sort | tail -1 )" >> $GITHUB_OUTPUT
outputs:
gosu: ${{ steps.gosu.outputs.version }}
remco: ${{ steps.remco.outputs.version }}
image_latest:
name: Query versions in the latest ghcr.io/baosystems/dhis2 image
runs-on: ubuntu-22.04
container: ghcr.io/baosystems/dhis2:latest
steps:
- name: Query version of DHIS2
id: dhis2
run: |
set -x
echo "version=$( awk -F'=' '/^build\.version/ {gsub(/ /, "", $NF); print $NF}' /build.properties )" >> $GITHUB_OUTPUT
- name: Query version of Tomcat
id: tomcat
run: |
set -x
echo "version=$TOMCAT_VERSION" >> $GITHUB_OUTPUT
outputs:
dhis2: ${{ steps.dhis2.outputs.version }}
tomcat: ${{ steps.tomcat.outputs.version }}
notify:
name: Notify of dependencies that need to be updated
if: |
github.ref == 'refs/heads/main'
&& github.event_name != 'pull_request'
&& (needs.file_dockerfile.outputs.gosu != needs.github_tags.outputs.gosu
|| needs.file_dockerfile.outputs.remco != needs.github_tags.outputs.remco)
needs:
- file_dockerfile
- github_tags
runs-on: ubuntu-22.04
steps:
- name: Send message to Slack about gosu version in Dockerfile
if: ${{ needs.file_dockerfile.outputs.gosu != needs.github_tags.outputs.gosu }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
payload: "{\"level\": \":warning: WARNING\", \"message\": \"gosu version in Dockerfile (${{ needs.file_dockerfile.outputs.gosu }}) does not match the latest tag in github.com/tianon/gosu (${{ needs.github_tags.outputs.gosu }})\"}"
- name: Send message to Slack about remco version in Dockerfile
if: ${{ needs.file_dockerfile.outputs.remco != needs.github_tags.outputs.remco }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
payload: "{\"level\": \":warning: WARNING\", \"message\": \"remco version in Dockerfile (${{ needs.file_dockerfile.outputs.remco }}) does not match the latest tag in github.com/HeavyHorst/remco (${{ needs.github_tags.outputs.remco }})\"}"
envexample:
name: Update versions in .env.example and create auto-merging pull request
if: |
github.ref == 'refs/heads/main'
&& github.event_name != 'pull_request'
&& (needs.file_envexample.outputs.dhis2 != needs.image_latest.outputs.dhis2
|| needs.file_envexample.outputs.tomcat != needs.image_latest.outputs.tomcat)
needs:
- file_envexample
- image_latest
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Update version of DHIS2
if: ${{ needs.file_envexample.outputs.dhis2 != needs.image_latest.outputs.dhis2 }}
run: |
set -x
echo '[DEBUG] DHIS2_TAG_CURRENT=${{ needs.file_envexample.outputs.dhis2 }}'
echo '[DEBUG] DHIS2_TAG_NEXT=${{ needs.image_latest.outputs.dhis2 }}'
DHIS2_MAJOR_CURRENT="$( cut -c1-4 <<< "${{ needs.file_envexample.outputs.dhis2 }}" )"
DHIS2_MAJOR_NEXT="$( cut -c1-4 <<< "${{ needs.image_latest.outputs.dhis2 }}" )"
echo "[DEBUG] DHIS2_MAJOR_CURRENT=$DHIS2_MAJOR_CURRENT"
echo "[DEBUG] DHIS2_MAJOR_NEXT=$DHIS2_MAJOR_NEXT"
sed \
-e 's/${{ needs.file_envexample.outputs.dhis2 }}/${{ needs.image_latest.outputs.dhis2 }}/g' \
-e "s/${DHIS2_MAJOR_CURRENT}/${DHIS2_MAJOR_NEXT}/g" \
-i .env.example
echo '[DEBUG] contents of .env.example:'
cat .env.example
- name: Update version of Tomcat
if: ${{ needs.file_envexample.outputs.tomcat != needs.image_latest.outputs.tomcat }}
run: |
set -x
echo '[DEBUG] current=${{ needs.file_envexample.outputs.tomcat }}'
echo '[DEBUG] next=${{ needs.image_latest.outputs.tomcat }}'
sed \
-e 's/${{ needs.file_envexample.outputs.tomcat }}/${{ needs.image_latest.outputs.tomcat }}/g' \
-i .env.example
echo '[DEBUG] contents of .env.example:'
cat .env.example
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
with:
# GITHUB_TOKEN does not have "repo" permissions (https://docs.github.com/en/actions/security-guides/automatic-token-authentication)
# Personal Access Token with "repo" is necessary to create commits
token: ${{ secrets.PAT }} # Added at https://github.com/baosystems/docker-dhis2/settings/secrets/actions
author: baosystems[utility] <[email protected]> # Public profile name and private email for the owner of the PAT
commit-message: "chore: update dependencies in .env.example"
title: Update dependencies in .env.example
add-paths: |
.env.example
delete-branch: true
branch: manual-dependencies/envexample
labels: |
dependencies
- name: Enable Pull Request Automerge
if: steps.cpr.outputs.pull-request-operation == 'created'
run: gh pr merge --rebase --auto "${{ steps.cpr.outputs.pull-request-number }}"
env:
GH_TOKEN: ${{ secrets.PAT }}
- name: Auto-approve Pull Request
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: juliangruber/approve-pull-request-action@dcc4effb325c0b503408619918d56e40653dcc91
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
number: ${{ steps.cpr.outputs.pull-request-number }}
check:
name: Check if required jobs passed # this job name is to be used as the single required status check in branch protection
if: always()
needs:
- file_dockerfile
- file_envexample
- github_tags
- image_latest
- notify
- envexample
runs-on: ubuntu-22.04
steps:
# See https://github.com/re-actors/alls-green/blob/3a2de129/README.md for why this is here
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
allowed-skips: notify, envexample
jobs: ${{ toJSON(needs) }}