Skip to content

Update ca-certificates #146

Update ca-certificates

Update ca-certificates #146

name: Update ca-certificates
"on":
schedule:
- cron: 0 4 * * 4-5
workflow_dispatch: {}
jobs:
update:
name: Update Package Dependency
runs-on:
- ubuntu-latest
steps:
- name: Docker login gcr.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v2
with:
password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
registry: gcr.io
username: _json_key
- name: Docker login docker.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v2
with:
password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
registry: docker.io
username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
- uses: actions/setup-go@v4
with:
go-version: "1.20"
- name: Install update-package-dependency
run: |
#!/usr/bin/env bash
set -euo pipefail
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest
- name: Install crane
run: |
#!/usr/bin/env bash
set -euo pipefail
echo "Installing crane ${CRANE_VERSION}"
mkdir -p "${HOME}"/bin
echo "${HOME}/bin" >> "${GITHUB_PATH}"
curl \
--show-error \
--silent \
--location \
"https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
| tar -C "${HOME}/bin" -xz crane
env:
CRANE_VERSION: 0.8.0
- name: Install yj
run: |
#!/usr/bin/env bash
set -euo pipefail
echo "Installing yj ${YJ_VERSION}"
mkdir -p "${HOME}"/bin
echo "${HOME}/bin" >> "${GITHUB_PATH}"
curl \
--location \
--show-error \
--silent \
--output "${HOME}"/bin/yj \
"https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/yj-linux"
chmod +x "${HOME}"/bin/yj
env:
YJ_VERSION: 5.0.0
- uses: actions/checkout@v3
- name: Update Package Dependency
id: package
run: |
#!/usr/bin/env bash
set -euo pipefail
NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1)
if [[ -e builder.toml ]]; then
OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version")
update-package-dependency \
--builder-toml builder.toml \
--id "${DEPENDENCY}" \
--version "${NEW_VERSION}"
git add builder.toml
fi
if [[ -e package.toml ]]; then
OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version")
update-package-dependency \
--buildpack-toml buildpack.toml \
--id "${BP_DEPENDENCY:-$DEPENDENCY}" \
--version "${NEW_VERSION}"
update-package-dependency \
--package-toml package.toml \
--id "${PKG_DEPENDENCY:-$DEPENDENCY}" \
--version "${NEW_VERSION}"
git add buildpack.toml package.toml
fi
git checkout -- .
if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then
LABEL="semver:major"
elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then
LABEL="semver:minor"
else
LABEL="semver:patch"
fi
echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT"
echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT"
env:
DEPENDENCY: gcr.io/paketo-buildpacks/ca-certificates
- uses: peter-evans/create-pull-request@v5
with:
author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com>
body: Bumps [`gcr.io/paketo-buildpacks/ca-certificates`](https://gcr.io/paketo-buildpacks/ca-certificates) from [`${{ steps.package.outputs.old-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.new-version }}).
branch: update/package/ca-certificates
commit-message: |-
Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}
Bumps gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}.
delete-branch: true
labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade
signoff: true
title: Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}