This repository has been archived by the owner on Mar 19, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 17
248 lines (210 loc) · 8.92 KB
/
dependencies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
name: dependencies
on:
push:
branches-ignore:
- 'dependabot/**'
- 'manual-dependencies/**'
paths:
- '.env.example'
- '.github/workflows/dependencies.yml'
- 'docker-compose.yml'
- 'Dockerfile'
pull_request:
branches:
- main
paths:
- '.env.example'
- '.github/workflows/dependencies.yml'
- 'docker-compose.yml'
- 'Dockerfile'
schedule:
- cron: '3 6 * * *'
defaults:
run:
shell: bash
jobs:
file_dockerfile:
name: Query versions in Dockerfile
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Query version of gosu
id: gosu
run: |
set -x
echo "version=$( awk -F'=' '/^ARG GOSU_VERSION=/ {print $NF}' Dockerfile )" >> $GITHUB_OUTPUT
- name: Query version of remco
id: remco
run: |
set -x
echo "version=$( awk -F'=' '/^ARG REMCO_VERSION=/ {print $NF}' Dockerfile )" >> $GITHUB_OUTPUT
outputs:
gosu: ${{ steps.gosu.outputs.version }}
remco: ${{ steps.remco.outputs.version }}
file_envexample:
name: Query versions in .env.example
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Query version of DHIS2
id: dhis2
run: |
set -x
echo "version=$( source .env.example && echo "$DHIS2_TAG" )" >> $GITHUB_OUTPUT
- name: Query version of Tomcat
id: tomcat
run: |
set -x
echo "version=$( grep --only-matching --extended-regexp 'tomcat[0-9]{1,2}\.[0-9.]+' .env.example | sed 's/^tomcat//' )" >> $GITHUB_OUTPUT
outputs:
dhis2: ${{ steps.dhis2.outputs.version }}
tomcat: ${{ steps.tomcat.outputs.version }}
github_tags:
name: Query versions of projects using the GitHub API
runs-on: ubuntu-22.04
steps:
- name: Query latest gosu tag
id: gosu
run: |
set -x
echo "version=$( curl -fsS https://api.github.com/repos/tianon/gosu/tags | jq --raw-output '.[].name' | sort --version-sort | tail -1 )" >> $GITHUB_OUTPUT
- name: Query latest remco tag
id: remco
run: |
set -x
echo "version=$( curl -fsS https://api.github.com/repos/HeavyHorst/remco/tags | jq --raw-output '.[].name' | sed -r 's/^[v.]{1,2}//g' | sort --version-sort | tail -1 )" >> $GITHUB_OUTPUT
outputs:
gosu: ${{ steps.gosu.outputs.version }}
remco: ${{ steps.remco.outputs.version }}
image_latest:
name: Query versions in the latest ghcr.io/baosystems/dhis2 image
runs-on: ubuntu-22.04
container: ghcr.io/baosystems/dhis2:latest
steps:
- name: Query version of DHIS2
id: dhis2
run: |
set -x
echo "version=$( awk -F'=' '/^build\.version/ {gsub(/ /, "", $NF); print $NF}' /build.properties )" >> $GITHUB_OUTPUT
- name: Query version of Tomcat
id: tomcat
run: |
set -x
echo "version=$TOMCAT_VERSION" >> $GITHUB_OUTPUT
outputs:
dhis2: ${{ steps.dhis2.outputs.version }}
tomcat: ${{ steps.tomcat.outputs.version }}
notify:
name: Notify of dependencies that need to be updated
if: |
github.ref == 'refs/heads/main'
&& github.event_name != 'pull_request'
&& (needs.file_dockerfile.outputs.gosu != needs.github_tags.outputs.gosu
|| needs.file_dockerfile.outputs.remco != needs.github_tags.outputs.remco)
needs:
- file_dockerfile
- github_tags
runs-on: ubuntu-22.04
steps:
- name: Send message to Slack about gosu version in Dockerfile
if: ${{ needs.file_dockerfile.outputs.gosu != needs.github_tags.outputs.gosu }}
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
payload: "{\"level\": \":warning: WARNING\", \"message\": \"gosu version in Dockerfile (${{ needs.file_dockerfile.outputs.gosu }}) does not match the latest tag in github.com/tianon/gosu (${{ needs.github_tags.outputs.gosu }})\"}"
- name: Send message to Slack about remco version in Dockerfile
if: ${{ needs.file_dockerfile.outputs.remco != needs.github_tags.outputs.remco }}
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
payload: "{\"level\": \":warning: WARNING\", \"message\": \"remco version in Dockerfile (${{ needs.file_dockerfile.outputs.remco }}) does not match the latest tag in github.com/HeavyHorst/remco (${{ needs.github_tags.outputs.remco }})\"}"
envexample:
name: Update versions in .env.example and create auto-merging pull request
if: |
github.ref == 'refs/heads/main'
&& github.event_name != 'pull_request'
&& (needs.file_envexample.outputs.dhis2 != needs.image_latest.outputs.dhis2
|| needs.file_envexample.outputs.tomcat != needs.image_latest.outputs.tomcat)
needs:
- file_envexample
- image_latest
runs-on: ubuntu-22.04
steps:
- name: Checkout this repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Update version of DHIS2
if: ${{ needs.file_envexample.outputs.dhis2 != needs.image_latest.outputs.dhis2 }}
run: |
set -x
echo '[DEBUG] DHIS2_TAG_CURRENT=${{ needs.file_envexample.outputs.dhis2 }}'
echo '[DEBUG] DHIS2_TAG_NEXT=${{ needs.image_latest.outputs.dhis2 }}'
DHIS2_MAJOR_CURRENT="$( cut -c1-4 <<< "${{ needs.file_envexample.outputs.dhis2 }}" )"
DHIS2_MAJOR_NEXT="$( cut -c1-4 <<< "${{ needs.image_latest.outputs.dhis2 }}" )"
echo "[DEBUG] DHIS2_MAJOR_CURRENT=$DHIS2_MAJOR_CURRENT"
echo "[DEBUG] DHIS2_MAJOR_NEXT=$DHIS2_MAJOR_NEXT"
sed \
-e 's/${{ needs.file_envexample.outputs.dhis2 }}/${{ needs.image_latest.outputs.dhis2 }}/g' \
-e "s/${DHIS2_MAJOR_CURRENT}/${DHIS2_MAJOR_NEXT}/g" \
-i .env.example
echo '[DEBUG] contents of .env.example:'
cat .env.example
- name: Update version of Tomcat
if: ${{ needs.file_envexample.outputs.tomcat != needs.image_latest.outputs.tomcat }}
run: |
set -x
echo '[DEBUG] current=${{ needs.file_envexample.outputs.tomcat }}'
echo '[DEBUG] next=${{ needs.image_latest.outputs.tomcat }}'
sed \
-e 's/${{ needs.file_envexample.outputs.tomcat }}/${{ needs.image_latest.outputs.tomcat }}/g' \
-i .env.example
echo '[DEBUG] contents of .env.example:'
cat .env.example
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc
with:
# GITHUB_TOKEN does not have "repo" permissions (https://docs.github.com/en/actions/security-guides/automatic-token-authentication)
# Personal Access Token with "repo" is necessary to create commits
token: ${{ secrets.PAT }} # Added at https://github.com/baosystems/docker-dhis2/settings/secrets/actions
author: baosystems[utility] <[email protected]> # Public profile name and private email for the owner of the PAT
commit-message: "chore: update dependencies in .env.example"
title: Update dependencies in .env.example
add-paths: |
.env.example
delete-branch: true
branch: manual-dependencies/envexample
labels: |
dependencies
- name: Enable Pull Request Automerge
if: steps.cpr.outputs.pull-request-operation == 'created'
run: gh pr merge --rebase --auto "${{ steps.cpr.outputs.pull-request-number }}"
env:
GH_TOKEN: ${{ secrets.PAT }}
- name: Auto-approve Pull Request
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: juliangruber/approve-pull-request-action@b71c44ff142895ba07fad34389f1938a4e8ee7b0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
number: ${{ steps.cpr.outputs.pull-request-number }}
check:
name: Check if required jobs passed # this job name is to be used as the single required status check in branch protection
if: always()
needs:
- file_dockerfile
- file_envexample
- github_tags
- image_latest
- notify
- envexample
runs-on: ubuntu-22.04
steps:
# See https://github.com/re-actors/alls-green/blob/3a2de129/README.md for why this is here
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
allowed-skips: notify, envexample
jobs: ${{ toJSON(needs) }}