Update packages #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update packages | |
on: | |
workflow_dispatch: | |
schedule: | |
# Runs Wednesdays at a weird time (22:21 UTC) to avoid delays during | |
# periods of high loads of GitHub Actions workflow runs. | |
- cron: '4 22 * * 3' | |
jobs: | |
update: | |
runs-on: windows-2022 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install python dependency 'requests' | |
run: pip install requests | |
- name: Set git up | |
run: | | |
git config user.email '[email protected]' | |
git config user.name 'vm-packages' | |
- name: Update packages | |
run: | | |
$root = pwd | |
New-Item test_logs -itemType Directory | Out-Null | |
foreach ($packagePath in (Get-ChildItem packages)){ | |
$package = $packagePath.Name | |
$newVersion = 0 | |
# Test indepdendly every type of update and commit what works | |
foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL', 'VERSION_URL')) { | |
$version = python scripts\utils\update_package.py $package --update_type $UPDATE_TYPE | |
$updated = $? | |
echo "$package $version" | |
if ($updated -and $version) { | |
# Test package before committing | |
scripts\test\test_install.ps1 -max_tries 1 $package | out-null | |
$tested = $? | |
cd $root | |
if ($tested) { | |
git add "packages/$package/" | |
$newVersion = $version | |
} else { | |
echo "$package $version FAILED" | |
git diff | |
} | |
} | |
# Clean changes and built packages | |
git restore . | |
Remove-Item built_pkgs -Recurse -ErrorAction Ignore | |
} | |
if ($newVersion) { | |
git commit -m "Update $package to $newVersion" | |
} | |
} | |
Exit(0) | |
- name: Upload logs to artifacts | |
uses: ./.github/actions/upload-logs | |
if: always() | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1 | |
with: | |
title: ':robot: Package update' | |
body: 'Automated package update created by [update_packages.yml](https://github.com/mandiant/VM-Packages/blob/main/.github/workflows/update_packages.yml). Note the update is triggered weekly and will modify this PR if it has not been merged.' | |
branch: package-update | |
author: vm-packages <[email protected]> | |
add-paths: packages/* | |
# GH actions can not trigger other GH actions, | |
# use a Personal Access Token to trigger the CI workflow in the created PR | |
token: ${{ secrets.REPO_TOKEN }} | |