-
Notifications
You must be signed in to change notification settings - Fork 3
141 lines (117 loc) · 6.08 KB
/
pb-update-ca-certificates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Update ca-certificates
"on":
schedule:
- cron: 0 4 * * 4-5
workflow_dispatch: {}
jobs:
update:
name: Update Package Dependency
runs-on:
- ubuntu-latest
steps:
- name: Docker login gcr.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v2
with:
password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
registry: gcr.io
username: _json_key
- name: Docker login docker.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v2
with:
password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
registry: docker.io
username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
- uses: actions/setup-go@v4
with:
go-version: "1.20"
- name: Install update-package-dependency
run: |
#!/usr/bin/env bash
set -euo pipefail
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest
- name: Install crane
run: |
#!/usr/bin/env bash
set -euo pipefail
echo "Installing crane ${CRANE_VERSION}"
mkdir -p "${HOME}"/bin
echo "${HOME}/bin" >> "${GITHUB_PATH}"
curl \
--show-error \
--silent \
--location \
"https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
| tar -C "${HOME}/bin" -xz crane
env:
CRANE_VERSION: 0.8.0
- name: Install yj
run: |
#!/usr/bin/env bash
set -euo pipefail
echo "Installing yj ${YJ_VERSION}"
mkdir -p "${HOME}"/bin
echo "${HOME}/bin" >> "${GITHUB_PATH}"
curl \
--location \
--show-error \
--silent \
--output "${HOME}"/bin/yj \
"https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/yj-linux"
chmod +x "${HOME}"/bin/yj
env:
YJ_VERSION: 5.0.0
- uses: actions/checkout@v3
- name: Update Package Dependency
id: package
run: |
#!/usr/bin/env bash
set -euo pipefail
NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1)
if [[ -e builder.toml ]]; then
OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version")
update-package-dependency \
--builder-toml builder.toml \
--id "${DEPENDENCY}" \
--version "${NEW_VERSION}"
git add builder.toml
fi
if [[ -e package.toml ]]; then
OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version")
update-package-dependency \
--buildpack-toml buildpack.toml \
--id "${BP_DEPENDENCY:-$DEPENDENCY}" \
--version "${NEW_VERSION}"
update-package-dependency \
--package-toml package.toml \
--id "${PKG_DEPENDENCY:-$DEPENDENCY}" \
--version "${NEW_VERSION}"
git add buildpack.toml package.toml
fi
git checkout -- .
if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then
LABEL="semver:major"
elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then
LABEL="semver:minor"
else
LABEL="semver:patch"
fi
echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT"
echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT"
env:
DEPENDENCY: gcr.io/paketo-buildpacks/ca-certificates
- uses: peter-evans/create-pull-request@v5
with:
author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com>
body: Bumps [`gcr.io/paketo-buildpacks/ca-certificates`](https://gcr.io/paketo-buildpacks/ca-certificates) from [`${{ steps.package.outputs.old-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://gcr.io/paketo-buildpacks/ca-certificates:${{ steps.package.outputs.new-version }}).
branch: update/package/ca-certificates
commit-message: |-
Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}
Bumps gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}.
delete-branch: true
labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade
signoff: true
title: Bump gcr.io/paketo-buildpacks/ca-certificates from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}