add write and pr permissions #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nightly Upstream Snapshot Build | |
| on: | |
| schedule: | |
| - cron: "21 3 * * *" | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - zhaez/nightly-build | |
| env: | |
| AWS_DEFAULT_REGION: us-east-1 | |
| BRANCH_NAME: nightly-dependency-updates | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update-and-create-pr: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| has_changes: ${{ steps.check_changes.outputs.has_changes }} | |
| otel_python_version: ${{ steps.get_versions.outputs.otel_python_version }} | |
| otel_contrib_version: ${{ steps.get_versions.outputs.otel_contrib_version }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Python | |
| uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 | |
| with: | |
| python-version: '3.11' | |
| - name: Install build tools | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install toml requests packaging | |
| - name: Get latest upstream versions | |
| id: get_versions | |
| run: python scripts/get_upstream_versions.py | |
| - name: Check for breaking changes | |
| id: breaking_changes | |
| env: | |
| OTEL_PYTHON_VERSION: ${{ steps.get_versions.outputs.otel_python_version }} | |
| OTEL_CONTRIB_VERSION: ${{ steps.get_versions.outputs.otel_contrib_version }} | |
| run: python scripts/find_breaking_changes.py | |
| - name: Configure git and create branch | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "GitHub Action" | |
| - name: Check out dependency update branch | |
| run: | | |
| if git ls-remote --exit-code --heads origin "$BRANCH_NAME"; then | |
| echo "Branch $BRANCH_NAME already exists, checking out..." | |
| git checkout "$BRANCH_NAME" | |
| else | |
| echo "Branch $BRANCH_NAME does not exist, creating new branch..." | |
| git checkout -b "$BRANCH_NAME" | |
| fi | |
| - name: Update dependencies | |
| env: | |
| OTEL_PYTHON_VERSION: ${{ steps.get_versions.outputs.otel_python_version }} | |
| OTEL_CONTRIB_VERSION: ${{ steps.get_versions.outputs.otel_contrib_version }} | |
| run: python scripts/update_dependencies.py | |
| - name: Check for changes and commit | |
| id: check_changes | |
| run: | | |
| if git diff --quiet; then | |
| echo "No dependency updates needed" | |
| echo "has_changes=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Dependencies were updated" | |
| echo "has_changes=true" >> $GITHUB_OUTPUT | |
| git add aws-opentelemetry-distro/pyproject.toml | |
| git commit -m "chore: update OpenTelemetry dependencies to ${{ steps.get_versions.outputs.otel_python_version }}/${{ steps.get_versions.outputs.otel_contrib_version }}" | |
| git push origin "$BRANCH_NAME" | |
| fi | |
| - name: Create or update PR | |
| run: | | |
| PR_BODY="Automated update of OpenTelemetry dependencies. | |
| **Updated versions:** | |
| - OpenTelemetry Python: ${{ steps.get_versions.outputs.otel_python_version }} | |
| - OpenTelemetry Contrib: ${{ steps.get_versions.outputs.otel_contrib_version }} | |
| **Upstream releases with breaking changes:** | |
| ${{ steps.breaking_changes.outputs.breaking_changes_info }}" | |
| if gh pr view "$BRANCH_NAME" --json state --jq '.state' 2>/dev/null | grep -q "OPEN"; then | |
| echo "Open PR already exists, updating description..." | |
| gh pr edit "$BRANCH_NAME" --body "$PR_BODY" | |
| else | |
| echo "Creating new PR..." | |
| gh pr create \ | |
| --title "Nightly dependency update: OpenTelemetry ${{ steps.get_versions.outputs.otel_python_version }}/${{ steps.get_versions.outputs.otel_contrib_version }}" \ | |
| --body "$PR_BODY" \ | |
| --base main \ | |
| --head "$BRANCH_NAME" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build-and-test: | |
| needs: update-and-create-pr | |
| if: needs.update-and-create-pr.outputs.has_changes == 'true' | |
| uses: ./.github/workflows/main-build.yml | |
| secrets: inherit | |
| permissions: | |
| id-token: write | |
| contents: read | |
| with: | |
| ref: nightly-dependency-updates | |
| publish-nightly-build-status: | |
| name: "Publish Nightly Build Status" | |
| needs: [ update-and-create-pr, build-and-test ] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Configure AWS Credentials for emitting metrics | |
| uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.MONITORING_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - name: Publish nightly build status | |
| run: | | |
| if [[ "${{ needs.build-and-test.result }}" == "skipped" ]]; then | |
| echo "Build was skipped (no changes), not publishing metric" | |
| else | |
| value="${{ needs.build-and-test.result == 'success' && '0.0' || '1.0'}}" | |
| aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \ | |
| --metric-name Failure \ | |
| --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=nightly_build \ | |
| --value $value | |
| fi |