Skip to content

Update WordPress JS dependencies #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
luislard wants to merge 24 commits into
base: main
Choose a base branch
from
Open

Update WordPress JS dependencies #174

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
9001131
feat: adding automatic WP JS dependencies
luislard Nov 11, 2024
17bc80a
chore: improvements
luislard Nov 11, 2024
142dd5d
fix: fixes var names
luislard Nov 11, 2024
a92df6b
Merge branch 'main' into update_wordpress_js_dependencies
luislard Jan 15, 2025
87feea5
Adds an orchestrator to trigger js dependencies updates
luislard Jan 15, 2025
043a6d5
Fixes issue in the loop
luislard Jan 15, 2025
4e6da50
Fix wrong variable
luislard Jan 15, 2025
8f613c9
docs: add documentation for WP JS Dependencies update workflows
luislard Jan 22, 2025
4f044e2
chore: fixing linting issues
luislard Jan 22, 2025
e0a0233
docs: improve documentation
tyrann0us Jan 24, 2025
fd9e688
fix: silence QA error
tyrann0us Jan 24, 2025
82950bf
Update .github/workflows/update-wordpress-js-dependencies-orchestrato…
luislard Feb 5, 2025
df61100
chore: test GITHUB_TOKEN
luislard Feb 5, 2025
00709cc
chore: revert variable
luislard Feb 5, 2025
b24d7d4
chore: align with PR change requests
luislard Feb 5, 2025
8a34ccb
Merge branch 'update_wordpress_js_dependencies_align' into update_wor…
luislard Feb 5, 2025
3a6d55d
chore: align with PR comments
luislard Feb 6, 2025
4f16a51
chore: add changes to orchestrator
luislard Feb 6, 2025
0de8c4e
chore: switch approach to use workflow run
luislard Feb 10, 2025
29d3117
chore(docs): fix several minor issues and align documentation
luislard Apr 1, 2025
1e900d3
chore: formatting
tyrann0us Apr 1, 2025
22c3441
chore: refactor env vars from global scope to step scope and minor do…
luislard Apr 1, 2025
4f3339a
chore: fix lint issues
luislard Apr 1, 2025
eeb7125
Merge branch 'main' into update_wordpress_js_dependencies
luislard Apr 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions .github/workflows/update-wordpress-js-dependencies-orchestrator.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Update WordPress JS Dependencies Orchestrator
on:
workflow_call:
inputs:
WP_DIST_TAG:
description: The dist tag to update the dependencies to, e.g., `wp-6.7`
required: true
type: string
PACKAGES:
description: Comma-separated list of additional `owner/repo`s to be updated.
required: false
type: string
secrets:
GH_TOKEN:
description: A personal access token (classic) with `repo` and `workflow` permissions, used to authenticate when calling GitHub APIs in target repositories.
required: true

jobs:
update-dependencies-orchestrator:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
WP_DIST_TAG: ${{ inputs.WP_DIST_TAG }}
PACKAGES: ${{ inputs.PACKAGES }}

steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Gather packages and call the individual workflows.
run: |
# Initialize an array for packages
packages=()

# Add packages from composer.json if it exists
if [ -f composer.json ]; then
composer_packages=$(cat composer.json | jq -r '.require | keys[]')
for pkg in $composer_packages; do
packages+=("$pkg")
done
fi

# Add packages from the PACKAGES environment variable
IFS=',' read -r -a env_packages <<< "$PACKAGES"
for pkg in "${env_packages[@]}"; do
packages+=("$pkg")
done

# Process all unique packages
unique_packages=$(echo "${packages[@]}" | tr ' ' '\n' | sort -u)

for package in ${unique_packages[@]}; do
echo "Processing package: $package"
gh workflow run update-wordpress-js-dependencies.yml \
--repo $package \
--field WP_DIST_TAG=${{ env.WP_DIST_TAG }}
done
135 changes: 135 additions & 0 deletions .github/workflows/update-wordpress-js-dependencies.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
name: Update WordPress JS Dependencies
on:
workflow_call:
inputs:
WP_DIST_TAG:
description: The dist-tag to update the dependencies to, e.g., `wp-6.7`
required: true
type: string
NPM_REGISTRY_DOMAIN:
description: Domain of the private npm registry.
default: https://npm.pkg.github.com/
required: false
type: string
secrets:
GITHUB_USER_EMAIL:
description: Email address for the GitHub user configuration.
required: false
GITHUB_USER_NAME:
description: Username for the GitHub user configuration.
required: false
GITHUB_USER_SSH_KEY:
description: Private SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
required: false
GITHUB_USER_SSH_PUBLIC_KEY:
description: Public SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
required: false
NPM_REGISTRY_TOKEN:
description: Authentication for the private npm registry.
required: false

jobs:
update-dependencies:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
PACKAGE_MANAGER: npm
GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}
WP_DIST_TAG: ${{ inputs.WP_DIST_TAG }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
NPM_REGISTRY_DOMAIN: ${{ inputs.NPM_REGISTRY_DOMAIN }}
Copy link
Member

@tyrann0us tyrann0us Apr 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the meantime, #180 has been merged. Please validate which global env variables are still needed here and which can be moved to step level.

Copy link
Contributor Author

@luislard luislard Apr 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left only non secrets


steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ssh-key: ${{ env.GITHUB_USER_SSH_KEY }}

- name: Set global variables
run: |
echo "TEMP_BRANCH_NAME=update/${{ env.WP_DIST_TAG }}" >> $GITHUB_ENV
echo "CURRENT_DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV

- name: Set up SSH
if: ${{ env.GITHUB_USER_SSH_KEY != '' }}
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ env.GITHUB_USER_SSH_KEY }}

- name: Set up Git
run: |
git config --global user.email "${{ env.GITHUB_USER_EMAIL }}"
git config --global user.name "${{ env.GITHUB_USER_NAME }}"
git config --global advice.addIgnoredFile false
git config --global push.autoSetupRemote true

- name: Set up signing commits
if: ${{ env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
run: |
: # Create empty SSH private key file so Git does not complain.
touch "${{ runner.temp }}/signingkey"
echo "${{ env.GITHUB_USER_SSH_PUBLIC_KEY }}" > "${{ runner.temp }}/signingkey.pub"
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global user.signingkey "${{ runner.temp }}/signingkey.pub"

- name: Checkout to temporary branch
run: |
git show-ref -q refs/remotes/origin/${{ env.TEMP_BRANCH_NAME }} && git checkout ${{ env.TEMP_BRANCH_NAME }} || git checkout -b ${{ env.TEMP_BRANCH_NAME }}

- name: Set up node cache mode
run: |
if [ "${{ env.PACKAGE_MANAGER }}" == 'npm' ] && { [ -f "${GITHUB_WORKSPACE}/package-lock.json" ] || [ -f "${GITHUB_WORKSPACE}/npm-shrinkwrap.json" ]; }; then
echo "NODE_CACHE_MODE=npm" >> $GITHUB_ENV
else
echo "No lock files found or unknown package manager"
fi

- name: Set up node
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: ${{ env.NPM_REGISTRY_DOMAIN }}
cache: ${{ env.NODE_CACHE_MODE }}


- name: Install dependencies
env:
ARGS: ${{ env.NODE_CACHE_MODE == 'npm' && 'ci' || 'install' }}
run: ${{ format('{0} {1} --ignore-scripts', env.PACKAGE_MANAGER, env.ARGS) }}

- name: Running the update
env:
SCRIPT_START: ${{ env.PACKAGE_MANAGER == 'npm' && 'npm run' }}
run: |
./node_modules/.bin/wp-scripts packages-update --dist-tag=${{ env.WP_DIST_TAG }}

- name: Git add, commit
run: |
git add -A
git commit -m "[BOT] Add dependencies changes for #${{ github.ref }}" --no-verify || ((echo "NO_CHANGES=yes" >> $GITHUB_ENV) && (echo "No changes to commit"))

- name: Git push
if: ${{ env.NO_CHANGES != 'yes' }}
run: git push

- name: Create pull request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr create \
--base ${{ github.event.repository.default_branch }} \
--head ${{ env.TEMP_BRANCH_NAME }} \
--title "Align WP Dependencies to meet dist tag ${{ env.WP_DIST_TAG }} - ${{ env.CURRENT_DATE }}" \
--body "This PR updates the WordPress dependencies to meet the version ${{ env.WP_DIST_TAG }}." \
--label "dependencies"

- name: Delete signing key files
if: ${{ always() && env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
run: |
rm -f "${{ runner.temp }}/signingkey"
rm -f "${{ runner.temp }}/signingkey.pub"
118 changes: 118 additions & 0 deletions docs/update-wp-dependencies.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
<!-- markdownlint-disable MD024 -->

# Update WordPress JS Dependencies

This documentation describes two closely related reusable workflows for updating JavaScript
dependencies that use [WordPress packages](https://www.npmjs.com/search?q=%40wordpress%2F). These
workflows handle automatic updates of the `@wordpress/*` packages to a specified WordPress version (
dist tag) and can optionally create a pull request with all necessary changes.

1. **Update WordPress JS Dependencies Workflow**:
This workflow lives in an individual repository (the one containing the WordPress JS dependencies
to update). It checks out the repository, updates the `@wordpress/*` dependencies to a specific
tag, and opens a pull request if changes are found.

2. **Update WordPress JS Dependencies Orchestrator Workflow**:
This workflow can be placed in a single "orchestrator" repository (e.g., a website repository).
It triggers the "Update WordPress JS Dependencies Workflow" in multiple other repositories. This
is accomplished by sending
a [repository\_dispatch](https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event)
event to each of the target repositories.

## Update WordPress JS Dependencies Workflow

This workflow updates the `@wordpress/*` dependencies in the current repository to a specified
WordPress version tag (e.g., `wp-6.7`) and creates a pull request containing all modified files.

### Configuration parameters

#### Inputs

| Name | Default | Description |
|-----------------------|---------------------------------|-------------------------------------------------------|
| `WP_DIST_TAG` | `'wp-6.7'` | The tag to update the dependencies to, e.g., `wp-6.7` |
| `NPM_REGISTRY_DOMAIN` | `'https://npm.pkg.github.com/'` | Domain of the private npm registry |

#### Secrets

| Name | Description |
|------------------------------|------------------------------------------------------------------------------|
| `NPM_REGISTRY_TOKEN` | Authentication for the private npm registry |
| `GITHUB_USER_EMAIL` | Email address for the GitHub user configuration |
| `GITHUB_USER_NAME` | Username for the GitHub user configuration |
| `GITHUB_USER_SSH_KEY` | Private SSH key associated with the GitHub user passed as `GITHUB_USER_NAME` |
| `GITHUB_USER_SSH_PUBLIC_KEY` | Public SSH key associated with the GitHub user passed as `GITHUB_USER_NAME` |

### Usage example

```yml
name: Update WordPress JS Dependencies

on:
workflow_dispatch:
inputs:
WP_DIST_TAG:
description: 'The tag to update the dependencies to, e.g., `wp-6.7`.'
default: 'wp-6.7'
required: true
type: string

jobs:
update-dependencies:
uses: inpsyde/reusable-workflows/.github/workflows/update-wordpress-js-dependencies.yml@main
secrets:
GITHUB_USER_EMAIL: ${{ secrets.DEPLOYBOT_EMAIL }}
GITHUB_USER_NAME: ${{ secrets.DEPLOYBOT_USER }}
GITHUB_USER_SSH_KEY: ${{ secrets.DEPLOYBOT_SSH_PRIVATE_KEY }}
GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.DEPLOYBOT_SSH_PUBLIC_KEY }}
NPM_REGISTRY_TOKEN: ${{ secrets.DEPLOYBOT_PACKAGES_READ_ACCESS_TOKEN }}
with:
WP_DIST_TAG: ${{ inputs.WP_DIST_TAG }}
```

## Update WordPress JS Dependencies Orchestrator Workflow

This workflow triggers the “Update WordPress JS Dependencies Workflow” in multiple external
repositories by sending a `repository_dispatch` event to each target repository. This allows you to
maintain a centralized list of repositories needing consistent WordPress JS dependency versions.

### Configuration parameters

#### Inputs

| Name | Default | Description |
|--------------|------------|----------------------------------------------------------------|
| `WP_DIST_TAG` | `'wp-6.7'` | The tag to update the dependencies to, e.g., `wp-6.7` |
| `PACKAGES` | `''` | Comma-separated list of additional `owner/repo`s to be updated |

#### Secrets

| Name | Description |
|----------------|-------------------------------------------------------------------------------------------------------------------------|
| `GH_TOKEN` | A personal access token (classic) with `repo` and `workflow` permissions, used to authenticate when calling GitHub APIs |

### Usage example

```yml
name: Update WordPress JS Dependencies Orchestrator

on:
workflow_dispatch:
inputs:
WP_DIST_TAG:
description: 'The tag to update the dependencies to, e.g., `wp-6.7`'
required: true
PACKAGES:
description: 'Comma-separated list of additional `owner/repo`s to be updated.'
required: false
type: string

jobs:
update-dependency-orchestrator:
uses: inpsyde/reusable-workflows/.github/workflows/update-wordpress-js-dependencies-orchestrator.yml@main
with:
WP_DIST_TAG: ${{ inputs.WP_DIST_TAG }}
PACKAGES: ${{ inputs.PACKAGES }}
secrets:
GH_TOKEN: ${{ secrets.DEPLOYBOT_REPO_READ_WRITE_TOKEN }}
```
Loading