55 - cron : 30 17 * * *
66 workflow_dispatch :
77
8- permissions :
9- contents : write
10- pull-requests : write
8+ # Disable permissions for all of the available permissions.
9+ permissions : {}
1110
1211jobs :
13- check_for_lab_updates :
14- runs-on : macos -latest
12+ check-latest-version :
13+ runs-on : ubuntu -latest
1514 environment : sync
1615 permissions :
17- id-token : write
18- defaults :
19- run :
20- # needed for conda to work
21- shell : bash -el {0}
22-
16+ contents : read
17+ outputs :
18+ latest : ${{ steps.get-latest-jupyterlab-version.outputs.result }}
19+ update_available : ${{ steps.check-update.outputs.update_available }}
2320 steps :
2421 - uses : actions/create-github-app-token@v2
2522 id : app-token
2623 with :
2724 app-id : ${{ vars.APP_ID }}
2825 private-key : ${{ secrets.APP_PRIVATE_KEY }}
29-
30- - uses : actions/checkout@v4
3126
32- - name : Install hub
33- run : |
34- brew install hub
27+ - uses : actions/checkout@v4
3528
3629 - name : Set up Python
3730 uses : actions/setup-python@v5
3831 with :
3932 python-version : ' 3.9'
4033
41- - name : Install Python dependencies
42- run : |
43- python -m pip install tbump
34+ - name : Install tbump
35+ run : python -m pip install tbump==6.11.0
4436
45- name : ' Get latest JupyterLab version'
46- uses : actions/github-script@v7
37+ - name : Get latest JupyterLab version
4738 id : get-latest-jupyterlab-version
39+ uses : actions/github-script@v7
4840 with :
4941 github-token : ${{ steps.app-token.outputs.token }}
5042 script : |
@@ -57,73 +49,109 @@ jobs:
5749result-encoding : string
5850
5951 - name : Check for new releases
60- shell : bash
52+ id : check-update
6153 run : |
6254 set -eux
6355 export LATEST=${{ steps.get-latest-jupyterlab-version.outputs.result }}
64- echo "latest=${LATEST}" >> $GITHUB_ENV
6556 tbump --only-patch ${LATEST}-1 --non-interactive
6657 if [[ ! -z "$(git status --porcelain package.json)" ]]; then
67- echo "update_available=true" >> $GITHUB_ENV
58+ echo "update_available=true" >> $GITHUB_OUTPUT
59+ else
60+ echo "update_available=false" >> $GITHUB_OUTPUT
6861 fi
6962
63+ update-files :
64+ needs : check-latest-version
65+ if : needs.check-latest-version.outputs.update_available == 'true'
66+ runs-on : macos-latest
67+ defaults :
68+ run :
69+ # needed for conda to work
70+ shell : bash -el {0}
71+ permissions :
72+ contents : read
73+ steps :
74+ - uses : actions/checkout@v4
75+
7076 - name : Install Node
71- if : env.update_available == 'true'
7277 uses : actions/setup-node@v4
7378 with :
7479 node-version : ' 20.x'
75-
80+
7681 - name : Install npm dependencies
77- if : env.update_available == 'true'
7882 run : |
7983 npm install --global yarn
8084 yarn install
8185
8286uses : conda-incubator/setup-miniconda@v3
83- if : env.update_available == 'true'
8487 with :
8588 auto-update-conda : true
8689 auto-activate-base : true
87- activate-environment : " "
8890 channels : conda-forge
8991
9092 - name : Install conda dependencies
91- if : env.update_available == 'true'
9293 run : conda install -c conda-forge conda conda-lock -y
9394
9495 - name : Update conda lock files
95- if : env.update_available == 'true'
9696 run : yarn update_conda_lock
97-
97+
9898 - name : Update binary sign list osx-64
99- if : env.update_available == 'true'
10099 run : |
101100 yarn clean_env_installer && conda-lock install --no-validate-platform --prefix ./env_installer/jlab_server ./env_installer/conda-osx-64.lock
102101 yarn update_binary_sign_list --platform osx-64
103102
104103name : Update binary sign list osx-arm64
105- if : env.update_available == 'true'
106104 run : |
107105 yarn clean_env_installer && conda-lock install --no-validate-platform --prefix ./env_installer/jlab_server ./env_installer/conda-osx-arm64.lock
108106 yarn update_binary_sign_list --platform osx-arm64
109107
110- name : Create a PR for the new version
111- if : env.update_available == 'true'
112- shell : bash
108+ name : Upload updated repo as artifact
109+ uses : actions/upload-artifact@v4
110+ with :
111+ name : updated-repo
112+ path : .
113+
114+ push-and-pr :
115+ needs : [check-latest-version, update-files]
116+ if : needs.check-latest-version.outputs.update_available == 'true'
117+ runs-on : ubuntu-latest
118+ environment : sync
119+ permissions :
120+ contents : write
121+ pull-requests : write
122+ steps :
123+ - uses : actions/create-github-app-token@v2
124+ id : app-token
125+ with :
126+ app-id : ${{ vars.APP_ID }}
127+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
128+
129+ - uses : actions/checkout@v4
130+ with :
131+ token : ${{ steps.app-token.outputs.token }}
132+
133+ - name : Download updated repo
134+ uses : actions/download-artifact@v4
135+ with :
136+ name : updated-repo
137+ path : .
138+
139+ - name : Push changes & open PR
113140 env :
141+ LATEST : ${{ needs.check-latest-version.outputs.latest }}
114142 GITHUB_TOKEN : ${{ steps.app-token.outputs.token }}
115143 run : |
116144 set -eux
117- export LATEST=${{ env.latest }}
118- export BRANCH_NAME=update-to-v${LATEST}
119145 # this will fail if the branch already exists which means we won't have duplicate PRs
146+ BRANCH_NAME="update-to-v${LATEST}"
120147 git checkout -b "${BRANCH_NAME}"
121148 git config user.name "JupyterLab Desktop Bot"
122149 git config user.email '[email protected] ' 123150
124- git commit . -m "Update to JupyterLab v${LATEST}"
125-
126- git push --set-upstream origin "${BRANCH_NAME}"
127- hub pull-request -m "Update to JupyterLab v${LATEST}" \
128- -m "New JupyterLab release [v${LATEST}](https://github.com/jupyterlab/jupyterlab/releases/tag/v${LATEST}) is available. Please review the lock file carefully.".
151+ git add .
152+ git commit -m "Update to JupyterLab v${LATEST}"
153+ git push --set-upstream origin "${BRANCH_NAME}"
129154
155+ gh pr create \
156+ --title "Update to JupyterLab v${LATEST}" \
157+ --body "New JupyterLab release [v${LATEST}](https://github.com/jupyterlab/jupyterlab/releases/tag/v${LATEST}) is available. Please review the lock file carefully."
0 commit comments