Update ca-certificates #145
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update ca-certificates | |
"on": | |
schedule: | |
- cron: 0 4 * * 4-5 | |
workflow_dispatch: {} | |
jobs: | |
update: | |
name: Update Package Dependency | |
runs-on: | |
- ubuntu-latest | |
steps: | |
- name: Docker login gcr.io | |
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} | |
uses: docker/login-action@v2 | |
with: | |
password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} | |
registry: gcr.io | |
username: _json_key | |
- name: Docker login docker.io | |
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} | |
uses: docker/login-action@v2 | |
with: | |
password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
registry: docker.io | |
username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.20" | |
- name: Install update-package-dependency | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest | |
- name: Install crane | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
echo "Installing crane ${CRANE_VERSION}" | |
mkdir -p "${HOME}"/bin | |
echo "${HOME}/bin" >> "${GITHUB_PATH}" | |
curl \ | |
--show-error \ | |
--silent \ | |
--location \ | |
"https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \ | |
| tar -C "${HOME}/bin" -xz crane | |
env: | |
CRANE_VERSION: 0.8.0 | |
- name: Install yj | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
echo "Installing yj ${YJ_VERSION}" | |
mkdir -p "${HOME}"/bin | |
echo "${HOME}/bin" >> "${GITHUB_PATH}" | |
curl \ | |
--location \ | |
--show-error \ | |
--silent \ | |
--output "${HOME}"/bin/yj \ | |
"https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/yj-linux" | |
chmod +x "${HOME}"/bin/yj | |
env: | |
YJ_VERSION: 5.0.0 | |
- uses: actions/checkout@v3 | |
- name: Update Package Dependency | |
id: package | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1) | |
if [[ -e builder.toml ]]; then | |
OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
update-package-dependency \ | |
--builder-toml builder.toml \ | |
--id "${DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
git add builder.toml | |
fi | |
if [[ -e package.toml ]]; then | |
OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
update-package-dependency \ | |
--buildpack-toml buildpack.toml \ | |
--id "${BP_DEPENDENCY:-$DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
update-package-dependency \ | |
--package-toml package.toml \ | |
--id "${PKG_DEPENDENCY:-$DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
git add buildpack.toml package.toml | |
fi | |
git checkout -- . | |
if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then | |
LABEL="semver:major" | |
elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then | |
LABEL="semver:minor" | |
else | |
LABEL="semver:patch" | |
fi | |
echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT" | |
env: | |
DEPENDENCY: gcr.io/paketo-buildpacks/ca-certificates | |
- uses: peter-evans/create-pull-request@v5 | |
with: | |
author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com> | |
body: Bumps [`gcr.io/paketo-buildpacks/ca-certificates`](https://gcr.io/paketo-buildpacks/ca-certificates) from [`${{ steps.package.outputs.old-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.new-version }}). | |
branch: update/package/ca-certificates | |
commit-message: |- | |
Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
Bumps gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}. | |
delete-branch: true | |
labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade | |
signoff: true | |
title: Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} |