diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index bee9d6ef..a3f56e38 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -1,50 +1,29 @@ ---- -name: updatecli +name: Updatecli on: - merge_group: - branches: - - v2 - push: - branches: - - v2 - schedule: - # Run once a day - - cron: '*/10 * * * *' + release: workflow_dispatch: - repository_dispatch: - types: - - "updatecli-release" -permissions: - actions: write - contents: write - pull-requests: write + schedule: + # Run at 12:00 every Saterday every 14 days + - cron: "0 12 */14 * 6" + jobs: updatecli: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set Node.js 20.x - uses: actions/setup-node@v4.4.0 - with: - node-version: 20 - cache: npm + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + - name: "Setup updatecli" - uses: "updatecli/updatecli-action@v2.98.0" - - name: "Run updatecli in dryrun" - run: "updatecli compose diff" - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: tibdex/github-app-token@v2.1 - id: generate_token - if: github.ref == 'refs/heads/v2' + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - app_id: ${{ secrets.UPDATECLIBOT_APP_ID }} - private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + version: "v0.113.0-rc.1" + - name: "Run updatecli" - if: github.ref == 'refs/heads/v2' - run: "updatecli compose apply" + run: updatecli compose apply --clean-git-branches=true --experimental env: - GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }} - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml new file mode 100644 index 00000000..4f6806a8 --- /dev/null +++ b/.github/workflows/updatecli_test.yaml @@ -0,0 +1,26 @@ +name: Updatecli Test + +on: + pull_request: + +permissions: + contents: read + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0-rc.1" + + - name: "Test updatecli in dry-run mode" + run: "updatecli compose diff" + env: + # This step is executed in untrusted context. We use a GitHub token with minimal permissions. + GITHUB_ACTOR: ${{ github.actor }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml new file mode 100644 index 00000000..0f5bbff0 --- /dev/null +++ b/.github/workflows/updatecli_update.yaml @@ -0,0 +1,28 @@ +name: Updatecli - Update +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0-rc.1" + + - name: "Run updatecli only on existing pipelines" + run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/update-compose.yaml b/update-compose.yaml deleted file mode 100644 index 106110f7..00000000 --- a/update-compose.yaml +++ /dev/null @@ -1,25 +0,0 @@ -policies: - - name: Local Updatecli Website Policies - config: - - updatecli/updatecli.d/ - values: - - updatecli/values.d/scm.yaml - - - name: Handle Nodejs version in githubaction - policy: ghcr.io/updatecli/policies/nodejs/githubaction:0.10.0@sha256:66b180d6fc9bd157472b9adb564c4bfc5a9ce19d72faaa9ddd3e90b70f328d0e - values: - - updatecli/values.d/scm.yaml - - updatecli/values.d/nodejs.yaml - - name: Update Updatecli policies - policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.7.0@sha256:6890c4b4093a80063f518101881098fab8211c986481641faaf797a9ad5a31c3 - values: - - updatecli/values.d/scm.yaml - - name: NPM autodiscovery - policy: ghcr.io/updatecli/policies/npm/autodiscovery:0.11.0@sha256:884177c126cce170988e3afd1194b1aa1bad0d8fe9aaeea9eaf8038015e50252 - values: - - updatecli/values.d/scm.yaml - - updatecli/values.d/npm.yaml - - name: Handle Updatecli version in GitHub action - policy: ghcr.io/updatecli/policies/updatecli/githubaction:0.7.0@sha256:a97518f118b03d2f63f45378e1961028b07c23d53db91db892893ff240fa5f4e - values: - - updatecli/values.d/scm.yaml diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml new file mode 100644 index 00000000..5be946cd --- /dev/null +++ b/updatecli-compose.yaml @@ -0,0 +1,34 @@ +policies: + - name: Local Updatecli Website Policies + config: + - updatecli/updatecli.d/ + values: + - updatecli/values.d/scm.yaml + + - name: Handle Nodejs version in githubaction + policy: ghcr.io/updatecli/policies/nodejs/githubaction:0.8.0@sha256:e0784741fa1628f498336c5154ad406df587fe7fa4c163f23deeed3ffc8809d2 + values: + - updatecli/values.d/scm.yaml + - updatecli/values.d/nodejs.yaml + + - name: Update Updatecli policies + policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.5.0@sha256:947817644fb89e27f7b7121b822328c2d47364c7a3a08241e4d2ac1a5897020c + values: + - updatecli/values.d/scm.yaml + + - name: NPM autodiscovery + policy: ghcr.io/updatecli/policies/npm/autodiscovery:0.9.0@sha256:bfb7aaa719c26db1e13095fec27c143cf2c99b64b577d200a0bb658b724d37ae + values: + - updatecli/values.d/scm.yaml + - updatecli/values.d/npm.yaml + + - name: Handle Updatecli version in GitHub action + policy: ghcr.io/updatecli/policies/updatecli/githubaction:0.4.0@sha256:2879297d2f973081e67b560066f1640304a173167d5b1e8e1452c02920cdbf4d + values: + - updatecli/values.d/scm.yaml + + - name: Handle GitHub action version update + policy: ghcr.io/updatecli/policies/autodiscovery/githubaction:0.2.1@sha256:cfddec11464cc09615135f0f1e069f00ad24d28edc7cc6a4e8224e04c3699008 + values: + - updatecli/values.d/scm.yaml + - updatecli/values.d/githubaction.yaml diff --git a/updatecli/values.d/githubaction.yaml b/updatecli/values.d/githubaction.yaml new file mode 100644 index 00000000..b43ed148 --- /dev/null +++ b/updatecli/values.d/githubaction.yaml @@ -0,0 +1,2 @@ +specs: + digest: true diff --git a/updatecli/values.d/npm.yaml b/updatecli/values.d/npm.yaml index 08a6fad1..73a4e6a1 100644 --- a/updatecli/values.d/npm.yaml +++ b/updatecli/values.d/npm.yaml @@ -1,2 +1,5 @@ automerge: true groupby: individual + +spec: + ignoreversionconstraints: true