Upgrade Lockfiles #150
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upgrade Lockfiles | |
| description: | | |
| This workflow updates the devcontainer features lockfiles to the latest versions. | |
| It creates a pull request for the lockfiles if changes are detected. | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 1 */2 * *" # Every 2 days at 01:00 UTC (1 hour after bartventer/devcontainer-images' cron job) | |
| jobs: | |
| upgrade-devcontainer-features: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| - name: Run upgrade script | |
| shell: bash | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y jq curl | |
| make upgrade-lockfiles | |
| - name: Create PR for Lockfiles | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| shell: bash | |
| run: | | |
| [[ -z "$(git status --porcelain)" ]] && echo "No changes detected." && exit 0 | |
| echo "🚀 Creating PR for lockfiles..." | |
| git config --global user.name "GitHub Action" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| git config pull.rebase false | |
| branch_name="update-lockfiles-${GITHUB_RUN_ID}" | |
| git checkout -b $branch_name | |
| git add src/*/devcontainer-feature.json src/*/devcontainer-feature-lock.json | |
| changelog=$(cat features-changelog.md) | |
| git commit \ | |
| -m "build: Automated lockfile update" \ | |
| -m "This PR updates the devcontainer features to the latest versions detected by the 'scripts/feature_lock.sh' script." \ | |
| -m ":robot: This PR was created by a GitHub Action" \ | |
| -m "$changelog" \ | |
| -m "Co-authored-by: Bart Venter <bartventer@outlook.com>" || export NO_UPDATES=true | |
| [[ $NO_UPDATES == "true" ]] && echo "No updates to commit." && exit 0 | |
| git push origin "$branch_name" | |
| pr_url=$(gh pr create --fill --label "devcontainer") | |
| gh pr merge "${pr_url}" --admin --rebase --delete-branch |