meta/.github/workflows/yarn-update.yml at 2368c2ee1c0a999b5686fcebfcf34edfec01d33d · WeblateOrg/meta · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Copyright © Michal Čihař <michal@weblate.org>
#
# SPDX-License-Identifier: CC0-1.0

# This file is maintained in https://github.com/WeblateOrg/meta/
name: yarn update

on:
  push:
    branches:
    - renovate/**
    - main
    paths:
    - .github/workflows/yarn-update.yml
    - scripts/yarn-update
    - scripts/yarn/*
    - client/*
  schedule:
  - cron: 30 5 * * 0
  workflow_dispatch:
  pull_request:
    paths:
    - .github/workflows/yarn-update.yml
    - scripts/yarn-update
    - scripts/yarn/*
    - client/*

permissions:
  contents: read

jobs:
  yarn-update:
    permissions:
      contents: write
    if: startsWith(github.repository, 'WeblateOrg/')
    runs-on: ubuntu-24.04

    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      if: github.event_name != 'pull_request'
      with:
        token: ${{ secrets.WEBLATE_CI_TOKEN }}
        persist-credentials: true
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      if: github.event_name == 'pull_request'
      with:
        persist-credentials: false
    - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
      with:
        path: ~/.cache/pre-commit
        key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
    - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      with:
        enable-cache: false

        version: 0.9.20
    - name: Set up Python
      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: '3.14'
    - name: Lockfile maintenance
      if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
      run: |
        for dir in scripts/yarn client ; do
          if [ ! -d $dir ] ; then
            echo "Skipping $dir"
            continue
          fi
          pushd "$dir"
          yarn upgrade
          popd
        done

    - run: ./scripts/yarn-update
      if: hashFiles('scripts/yarn-update') != ''

    - run: |
        if [ -d client ] ; then
          cd client
          yarn install --check-files
          yarn build
          cd ..
        fi

    - name: Update SBOM
      if: hashFiles('docs/specs/sbom/partial/javascript.json') != ''
      working-directory: ./client
      run: |
        npm sbom --omit dev --sbom-format cyclonedx --sbom-type application > ../docs/specs/sbom/partial/javascript.json
        ../scripts/reproducible-sbom.py ../docs/specs/sbom/partial/javascript.json

    - name: Merge SBOM
      if: hashFiles('docs/specs/sbom/partial/python.json') != ''
      env:
        # renovate: datasource=github-releases depName=CycloneDX/cyclonedx-cli versioning=loose
        CYCLONEDX_CLI_VERSION: v0.29.2
      run: |
        curl -L "https://github.com/CycloneDX/cyclonedx-cli/releases/download/$CYCLONEDX_CLI_VERSION/cyclonedx-linux-x64" > /tmp/cyclonedx-linux-x64
        chmod +x /tmp/cyclonedx-linux-x64
        /tmp/cyclonedx-linux-x64 merge --input-files docs/specs/sbom/partial/* --output-file docs/specs/sbom/sbom.json
        ./scripts/reproducible-sbom.py docs/specs/sbom/sbom.json

    - run: uv run --only-group pre-commit pre-commit run --all
      continue-on-error: true

    - run: git diff

    - uses: pre-commit-ci/lite-action@5d6cc0eb514c891a40562a58a8e71576c5c7fb43 # v1.1.0
      if: github.event_name == 'pull_request' && github.actor != 'renovate[bot]'
      with:
        msg: 'chore(js): update vendored libraries'

    - name: Update current branch
      if: github.event_name == 'push' && github.ref_name != 'main'
      uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
      with:
        commit_message: 'chore(js): update vendored libraries'

    - name: Create Pull Request
      id: cpr
      if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || github.ref_name == 'main'
      uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
      with:
        branch: create-pull-request/yarn-update
        title: 'chore(js): update vendored libraries'
        commit-message: 'chore(js): update vendored libraries'

        token: ${{ secrets.WEBLATE_CI_TOKEN }}
        labels: |
          dependencies

    - name: Enable Pull Request Automerge
      if: steps.cpr.outputs.pull-request-operation && steps.cpr.outputs.pull-request-operation != 'none'
      run: gh pr merge --rebase --auto "$PR_NUMBER"
      env:
        GH_TOKEN: ${{ secrets.WEBLATE_CI_TOKEN }}
        PR_NUMBER: ${{ steps.cpr.outputs.pull-request-number }}