JS PRs issue #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: JS PRs issue | |
on: | |
# At 12:00 on day-of-month 1 in every 3rd month. | |
# This is 12 hours after update-js workflows run on repos such as silverstripe/asset-admin | |
schedule: | |
- cron: '0 12 1 */3 *' | |
workflow_dispatch: | |
jobs: | |
js-prs-issue: | |
name: JS PRs issue | |
# Only run cron on the silverstripe account | |
if: (github.event_name == 'schedule' && github.repository_owner == 'silverstripe') || (github.event_name != 'schedule') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get Alerts List | |
id: get-alerts-list | |
run: | | |
ALERTS_LIST='' | |
# Get list of supported modules | |
# Assumes CMS 5 is the most recent stable version | |
curl -s -o __modules.json https://raw.githubusercontent.com/silverstripe/supported-modules/5/modules.json | |
# If we can't parse the JSON at all, $MODULES will be an empty string and that means we couldn't fetch the file. | |
MODULES=$(jq -e '.' __modules.json) || true | |
if [[ $MODULES == "" ]]; then | |
# If there is some error getting the file, the error will be in the __modules.json file - importantly, not in JSON format. | |
echo "Cannot parse supported-modules JSON. Aborting. The content we tried to parse was:" | |
cat __modules.json | |
# Instead of exiting, output an error instead of the dependabot alert list. | |
# We don't have any reporting indicating if this workflow fails, so this is a good way to track that. | |
ALERTS_LIST='Failed to parse supported-modules JSON. Please check the GitHub action log.' | |
fi | |
# Create a list of markdown links for supported module dependabot stuff | |
ALERTS_LIST=$(php -r ' | |
$json = json_decode(file_get_contents("__modules.json"), true); | |
foreach ($json as $module) { | |
# Skip non-github modules, if any listed | |
if (!$module["github"]) { | |
continue; | |
} | |
$githubRef = $module["github"]; | |
$branch = end($module["branches"]); | |
$packageJsonURL = "https://raw.githubusercontent.com/$githubRef/$branch/package.json"; | |
$headers = get_headers($packageJsonURL); | |
# $headers[0] includes the response code in a format like: "HTTP/1.1 404 Not Found" | |
$response = $headers[0]; | |
# Skip modules which do not have a package.json file | |
if (strpos($response, "404") !== false) { | |
continue; | |
} | |
# If we have something other than 404 (above) or 200, output an error string for the list | |
# and move on. | |
if (strpos($response, "200") === false) { | |
echo "- $githubRef: Unable to check package.json, response was $response.\\n"; | |
continue; | |
} | |
# If we get here, we have a package.json file so we should add a dependabot alerts URL to the list | |
echo "- [$githubRef](https://github.com/$githubRef/security/dependabot)\\n"; | |
} | |
') | |
echo 'ALERTS_LIST is:' | |
echo $ALERTS_LIST | |
echo "alerts_list=$ALERTS_LIST" >> $GITHUB_OUTPUT | |
- name: JS PRs issue | |
uses: silverstripe/gha-issue@v1 | |
env: | |
ALERTS_LIST: ${{ steps.get-alerts-list.outputs.alerts_list }} | |
with: | |
title: JS pull-requests | |
description: | | |
This is an automatically created issue used to list automatically created | |
javascript pull requests every 3 months.\n | |
\n | |
It was created by the `.github/workflows/js-prs-issue.yml` workflow in the [silverstripe/.github](https://github.com/silverstripe/.github/) repository.\n | |
\n | |
### Triage instructions (Silverstripe Ltd CMS Squad)\n | |
1. Put on the following labels:\n | |
- `type/enhancement`\n | |
- `impact/low`\n | |
- `affects/v5`\n | |
2. Move this issue to the "Ready" column on our internal zenhub board\n | |
\n | |
### Update JS pull-requests:\n | |
- [List of update JS pull-requests](https://emtek.net.nz/rhino/tables?t=open-prs&filters={%22title%22%3A%22DEP%20Update%20JS%20dependencies%22})\n | |
- Merge these PRs if there are no merge-conflicts\n | |
- If there are merge conflicts in some PRs, then manually run the "Update JS" github action in the | |
affected module. The github action will automatically close the old PR and delete the old branch. | |
- If the new PRs still have merge conflicts, then close those PRs and run the steps below in the | |
"Manually creating update JS pull-requests" section below for those relevant modules\n | |
\n | |
### Manually creating update JS pull-requests:\n | |
1. Ensure you have the default branch checked out for the module you are updating e.g. `5`\n | |
2. Ensure `silverstripe/silverstripe-admin` is installed in a *sibling* directory\n | |
3. In the `silverstripe-admin` directory, ensure the default branch is checked out e.g. `2`\n | |
4. In the `silverstripe-admin` directory, run `yarn install`\n | |
5. In the directory of module you're updating JS for, run `yarn upgrade`\n | |
6. Run `yarn build` in the directory of module you're updating JS for\n | |
7. Git commit, push the changes and create a pull-request\n | |
8. List the pull-request(s) on this issue\n | |
9. Move this issue to the peer review column on the CMS Squad internal zenhub board\n | |
\n | |
### Dependabot pull-requests:\n | |
- [List of dependabot pull-requests](https://emtek.net.nz/rhino/tables?t=open-prs&filters={%22author%22%3A%22dependabot%22})\n | |
- Most of these should be automatically closed if the "Update JS pull-requests" above are merged\n | |
- You can make a judgement call as to whether to merge any easy ones that are left\n | |
\n | |
### Dependabot alerts:\n | |
After all of the above have been completed and resolved, check for any outstanding dependabot alerts:\n | |
${{ env.ALERTS_LIST }} | |
- name: Delete temporary files | |
shell: bash | |
if: always() | |
run: | | |
if [[ -f __modules.json ]]; then | |
rm __modules.json | |
fi |