Skip to content
Update Pinned Library Versions

Update Pinned Library Versions #16

Sign in to view logs

Update Pinned Library Versions

Update Pinned Library Versions #16

Workflow file for this run

.github/workflows/update-pinned-libs.yml at 989bf70
name: Update Pinned Library Versions
on:
schedule:
# Check for updates every 2 weeks (1st and 15th of each month) at 6:00 AM UTC
- cron: '0 6 1,15 * *'
workflow_dispatch: # Allow manual trigger
jobs:
check-library-versions:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get current Istio version
id: current-istio
run: |
CURRENT_VERSION=$(grep 'ENV ISTIO_VERSION=' linux/base.Dockerfile | cut -d'=' -f2)
if [ -z "${CURRENT_VERSION}" ]; then
echo "Error: Unable to determine current Istio version from linux/base.Dockerfile" >&2
exit 1
fi
echo "version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
echo "Current Istio version: ${CURRENT_VERSION}"
- name: Get latest Istio version
id: latest-istio
run: |
set -e
LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/istio/istio/releases/latest | jq -er '.tag_name') || {
echo "Error: Failed to fetch latest Istio release information from GitHub API." >&2
exit 1
}
if [ -z "${LATEST_VERSION}" ] || [ "${LATEST_VERSION}" = "null" ]; then
echo "Error: Received empty or invalid latest Istio version from GitHub API." >&2
exit 1
fi
echo "version=${LATEST_VERSION}" >> $GITHUB_OUTPUT
echo "Latest Istio version: ${LATEST_VERSION}"
- name: Compare Istio versions
id: compare-istio
run: |
CURRENT="${{ steps.current-istio.outputs.version }}"
LATEST="${{ steps.latest-istio.outputs.version }}"
if [ "${CURRENT}" != "${LATEST}" ]; then
echo "needs_update=true" >> $GITHUB_OUTPUT
echo "Istio update needed: ${CURRENT} -> ${LATEST}"
else
echo "needs_update=false" >> $GITHUB_OUTPUT
echo "Istio already on latest version: ${CURRENT}"
fi
- name: Update Istio in Dockerfile
if: steps.compare-istio.outputs.needs_update == 'true'
run: |
LATEST="${{ steps.latest-istio.outputs.version }}"
# Ensure the expected ENV ISTIO_VERSION line exists before attempting to update
if ! grep -q '^ENV ISTIO_VERSION=' linux/base.Dockerfile; then
echo "Error: Could not find 'ENV ISTIO_VERSION=' line in linux/base.Dockerfile"
exit 1
fi
sed -i "s/^ENV ISTIO_VERSION=.*/ENV ISTIO_VERSION=${LATEST}/" linux/base.Dockerfile
# Verify that the update was applied successfully
if ! grep -q "^ENV ISTIO_VERSION=${LATEST}$" linux/base.Dockerfile; then
echo "Error: Failed to update ISTIO_VERSION to ${LATEST} in linux/base.Dockerfile"
exit 1
fi
echo "Updated ISTIO_VERSION to ${LATEST}"
- name: Create and push branch with updates
if: steps.compare-istio.outputs.needs_update == 'true'
run: |
BRANCH_NAME="update-pinned-libs-$(date +%Y%m%d)"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b "$BRANCH_NAME"
git add linux/base.Dockerfile
git commit -m "Upkeep: Update pinned library versions"
git push origin "$BRANCH_NAME"
echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
id: push-branch
- name: Create Pull Request
if: steps.compare-istio.outputs.needs_update == 'true'
env:
GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
run: |
CURRENT_VERSION="${{ steps.current-istio.outputs.version }}"
LATEST_VERSION="${{ steps.latest-istio.outputs.version }}"
BRANCH_NAME="${{ steps.push-branch.outputs.branch }}"
gh pr create \
--title "chore: update pinned library versions" \
--body "## Automated Library Version Updates
This PR updates the following pinned library versions:
- **Istio**: ${CURRENT_VERSION} to ${LATEST_VERSION}
### Changes
- Updated version variables in linux/base.Dockerfile
### Release Notes
- Istio ${LATEST_VERSION}: https://github.com/istio/istio/releases/tag/${LATEST_VERSION}
---
This PR was automatically created by the Update Pinned Library Versions workflow." \
--base master \
--head "${BRANCH_NAME}" \
--label "version_upgrade,automated_pr"