Skip to content

Watch dependencies

Watch dependencies #27

# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
# This Workflow watches dependencies and automatically creates PRs to update
# them.
#
# - Watch multiple images tags referenced in values.yaml to match the latest
# stable image tag (ignoring pre-releases).
# - Refreeze images/*/requirements.txt based on images/*/requirements.in
#
name: Watch dependencies
on:
pull_request:
paths:
- ".github/workflows/watch-dependencies.yaml"
push:
paths:
- "images/*/requirements.in"
- ".github/workflows/watch-dependencies.yaml"
branches: ["main"]
schedule:
# Run at 05:00 on day-of-month 1, ref: https://crontab.guru/#0_5_1_*_*
- cron: "0 5 1 * *"
workflow_dispatch:
jobs:
update-image-dependencies:
if: github.repository == '2i2c-org/binderhub-service'
runs-on: ubuntu-22.04
permissions:
contents: write
pull-requests: write
strategy:
fail-fast: false
matrix:
include:
- name: docker
registry: docker.io
repository: library/docker
values_path: dockerApi.image.tag
tag_prefix: ""
tag_suffix: -dind
steps:
- uses: actions/checkout@v4
- name: Get values.yaml pinned tag of ${{ matrix.registry }}/${{ matrix.repository }}
id: local
run: |
local_tag=$(cat binderhub-service/values.yaml | yq e '.${{ matrix.values_path }}' -)
echo "tag=$local_tag" >> $GITHUB_OUTPUT
- name: Get latest tag of ${{ matrix.registry }}/${{ matrix.repository }}
id: latest
# The skopeo image helps us list tags consistently from different docker
# registries. We identify the latest docker image tag based on the
# version numbers of format x.y.z included in a pattern with an optional
# prefix and suffix, like the tags "v4.5.0" (v prefix) and "23.0.5-dind"
# (-dind suffix).
run: |
latest_tag=$(
docker run --rm quay.io/skopeo/stable list-tags docker://${{ matrix.registry }}/${{ matrix.repository }} \
| jq -r '[.Tags[] | select(. | match("^${{ matrix.tag_prefix }}\\d+\\.\\d+\\.\\d+${{ matrix.tag_suffix }}$") | .string)] | sort_by(split(".") | map(ltrimstr("${{ matrix.tag_prefix }}") | rtrimstr("${{ matrix.tag_suffix }}") | tonumber)) | last'
)
echo "tag=$latest_tag" >> $GITHUB_OUTPUT
- name: Update values.yaml pinned tag
if: steps.local.outputs.tag != steps.latest.outputs.tag
run: |
sed --in-place 's/tag: "${{ steps.local.outputs.tag }}"/tag: "${{ steps.latest.outputs.tag }}"/g' binderhub-service/values.yaml
- name: git diff
if: steps.local.outputs.tag != steps.latest.outputs.tag
run: git --no-pager diff --color=always
# ref: https://github.com/peter-evans/create-pull-request
- uses: peter-evans/create-pull-request@v5
if: github.event_name != 'pull_request'
with:
branch: update-image-dependencies
labels: dependencies
commit-message: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }}
title: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }}
body: >-
A new ${{ matrix.repository }} image version has been detected, version
`${{ steps.latest.outputs.tag }}`.
refreeze-dockerfile-requirements-txt:
if: github.repository == '2i2c-org/binderhub-service'
runs-on: ubuntu-22.04
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Refreeze requirements.txt based on requirements.in
run: ci/refreeze
- name: git diff
run: git --no-pager diff --color=always
# ref: https://github.com/peter-evans/create-pull-request
- uses: peter-evans/create-pull-request@v5
if: github.event_name != 'pull_request'
with:
branch: update-image-requirements
labels: dependencies
commit-message: "binderhub-service image: refreeze requirements.txt"
title: "binderhub-service image: refreeze requirements.txt"
body: >-
The binderhub-service image's requirements.txt has been refrozen
based on requirements.in.
The push to this branch was made by a bot account so all tests
aren't triggered to run. Close and re-open this PR to trigger them
manually.