Added script to check latest version regularly.

Author: GollyTicker

.github/workflows/check-manual-dependencies.yml

@@ -0,0 +1,16 @@
+name: Check manual dependencies
+
+on:
+  schedule:
+    - cron: "25 3 * * 2" # weekly: tuesdays at 3:25
+  workflow_dispatch: # Allow manual run
+
+jobs:
+  check-dependencies:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Check versions of manually managed dependencies
+        run: |
+          ./release/100-check-latest-versions.sh

RELEASE.md

@@ -41,3 +41,11 @@ The release process works like this:
 After fixing the code and the tests, a release candidate's tag can be overwritten by setting the option `force`
 to `force-reuse-tag` when invoking the workflow. This should only be used when a release candidate is released again
 should be overwritten. If the archive was already released on github, then it should be deleted first - as goreleaser will not force to overwrite it ([issue](https://github.com/goreleaser/goreleaser/issues/557)).
+
+
+## Updating Dependencies
+
+Most dependencies are automatically checked for updates via [Dependabot](.github/dependabot.yml).
+
+The remaining dependencies cannot be managed via Dependabot, because they are manually retrieved
+during release via [0-get-latest-dependencies-versions.sh](./release/0-get-latest-dependencies-versions.sh). Hence, a weekly GitHub Action [check-manual-dependencies](.github/workflows/check-manual-dependencies.yml) checks whether the committed [versions.txt](release/versions.txt) matches the actual latest versions. If there is a new version, then the build fails and the maintainers are automatically notified. To incorporate the new version, simply follow the instructions in the failed build.

release/.gitignore

@@ -1,3 +1,4 @@
 tmp
 generated.Dockerfile
 .cache
+new.versions.txt

release/0-get-latest-dependencies-versions.sh

@@ -5,6 +5,19 @@ LATEST_VERSION=""
 
 HEADERS_FILE="release/.cache/headers.txt"
 
+# track all versions, so that we can detect any changes.
+export ALL_VERSIONS=""
+
+registerVersion() {
+  NAME="$1"
+  VERSION_VAR="$2"
+  VERSION_VALUE="${!VERSION_VAR}"
+
+  ALL_VERSIONS="$ALL_VERSIONS"$'\n'"$NAME $VERSION_VALUE"
+
+  echo "Established $NAME version $VERSION_VALUE"
+}
+
 retrieveLatestVersion() {
   TYPE="$1" # tag or release
   REPO="$2"
@@ -68,23 +81,23 @@ retrieveLatestVersion() {
 # retrieve version: Google Protobuf
 retrieveLatestVersion "release" "protocolbuffers/protobuf" "v[0-9]+[.][0-9]+"
 export PROTO_VERSION="${LATEST_VERSION#"v"}"
-echo "Established Protobuf version $PROTO_VERSION"
+registerVersion "Protobuf" "PROTO_VERSION"
 
 # retrieve version: go
 retrieveLatestVersion "tag" "golang/go" "go1[.][0-9]+[.][0-9]+"
 GO_VERSION="${LATEST_VERSION#"go"}"
 GO_VERSION="$(echo "$GO_VERSION" | sed -E "s/\.[0-9]+$//")" # remove patch version
-echo "Established Go version: $GO_VERSION"
+registerVersion "go" "GO_VERSION"
 
 # retrieve version: goreleaser
 retrieveLatestVersion "tag" "goreleaser/goreleaser" "v1[.][0-9]+[.][0-9]+"
 export GORELEASER_VERSION="$LATEST_VERSION"
-echo "Established Goreleaser version: $GORELEASER_VERSION"
+registerVersion "Goreleaser" "GORELEASER_VERSION"
 
 # retrieve version: protocurl
 retrieveLatestVersion "tag" "qaware/protocurl" "v[0-9]+[.][0-9]+[.][0-9]+"
 export PROTOCURL_RELEASED_VVERSION="$LATEST_VERSION"
-echo "Established latest released protoCURL version: $PROTOCURL_RELEASED_VVERSION"
+registerVersion "Latest released protoCURL" "PROTOCURL_RELEASED_VVERSION"
 
 # compute download urls
 ARCH="$(uname -m | sed "s/x86_64/amd64/" | sed "s/x86_32/386/")"

release/100-check-latest-versions.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -euo pipefail
+
+SAVED="release/versions.txt"
+NEW="release/new.versions.txt"
+
+echo "Checking $SAVED against latest versions..."
+
+# Ths scripts checks the latest versions of the dependencies against what
+# is checked in at versions.log. Any difference indicates, that a new
+# version is available and that a new release may be created.
+OUT="$NEW" ./release/101-save-latest-versions.sh
+
+if diff "$SAVED" "$NEW"; then
+  echo "✅ No new dependency versions."
+else
+  echo "❗❗ New dependency versions found ❗❗"
+  # diff is automatically printed in the if statement
+  echo "Please do the following:
+  1. Run ./release/101-save-latest-versions.sh
+  2. Commit new versions
+  3. Create a new release"
+  exit 1
+fi

release/101-save-latest-versions.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -euo pipefail
+
+source release/0-get-latest-dependencies-versions.sh
+
+OUT="${OUT:-"release/versions.txt"}"
+
+echo "$ALL_VERSIONS" | sed '/^$/d' >"$OUT"
+echo "Saved latest versions into $OUT."

release/versions.txt

@@ -0,0 +1,4 @@
+Protobuf 21.5
+go 1.18
+Goreleaser v1.11.2
+Latest released protoCURL v1.5.3