-
Notifications
You must be signed in to change notification settings - Fork 7
135 lines (120 loc) · 4.99 KB
/
merge-dependabot-reusable.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: merge-dependabot-reusable
on:
workflow_call:
inputs:
java-version:
description: The Java compiler version
default: 17
type: string
maven-args:
description: Additional Maven arguments
type: string
secrets:
GPG_SECRET_KEY:
description: GPG secret key for signing commits
required: true
env:
MAVEN_ARGS: ${{ inputs.maven-args }}
jobs:
merge-dependabot:
runs-on: ubuntu-latest
steps:
- name: Fetch metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # 2.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Find dependency attributes
shell: bash
env:
DEPENDENCY_NAMES: ${{ steps.dependabot-metadata.outputs.dependency-names }}
DEPENDENCY_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }}
run: |
DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAMES" | tr "," '\n' | head -n 1)
cat >> $GITHUB_ENV << EOF
DEPENDENCY_NAME=$DEPENDENCY_NAME
DEPENDENCY_VERSION=$DEPENDENCY_VERSION
EOF
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
with:
ref: ${{ steps.dependabot-metadata.outputs.target-branch }}
- name: Download and apply patch
shell: bash
env:
PATCH_URL: ${{ github.event.pull_request.patch_url }}
run: |
wget -O- "$PATCH_URL" | git apply
- name: Set up Java & GPG
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # 4.6.0
with:
distribution: zulu
java-version: ${{ inputs.java-version }}
cache: maven
server-id: apache.releases.https
server-username: NEXUS_USERNAME
server-password: NEXUS_PASSWORD
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
- name: Find the release version major
shell: bash
run: |
RELEASE_VERSION_MAJOR=$(./mvnw \
--non-recursive --quiet --batch-mode \
-DforceStdout=true \
-Dexpression=parsedVersion.majorVersion \
build-helper:parse-version help:evaluate \
| tail -n 1)
echo "RELEASE_VERSION_MAJOR=$RELEASE_VERSION_MAJOR" >> $GITHUB_ENV
- name: Create changelog entry
shell: bash
env:
PR_URL: ${{ github.event.pull_request.html_url }}
PR_ID: ${{ github.event.pull_request.number }}
run: |
if [ -d "src/changelog" ]; then
RELEASE_CHANGELOG_FILEPATH="src/changelog/.${RELEASE_VERSION_MAJOR}.x.x"
SAFE_DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAME" | tr "[:upper:]" "[:lower:]" | sed -r 's/[^a-z0-9]/_/g' | sed -r 's/_+/_/g')
CHANGELOG_ENTRY_FILEPATH="$RELEASE_CHANGELOG_FILEPATH/update_${SAFE_DEPENDENCY_NAME}.xml"
mkdir -p $(dirname "$CHANGELOG_ENTRY_FILEPATH")
cat > "$CHANGELOG_ENTRY_FILEPATH" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://logging.apache.org/xml/ns"
xsi:schemaLocation="https://logging.apache.org/xml/ns https://logging.apache.org/xml/ns/log4j-changelog-0.xsd"
type="updated">
<issue id="$PR_ID" link="$PR_URL"/>
<description format="asciidoc">Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\`</description>
</entry>
EOF
fi
- name: Add & commit changes
shell: bash
env:
PR_ID: ${{ github.event.pull_request.number }}
PR_BRANCH: ${{ github.head_ref }}
run: |
git add .
git config user.name "ASF Logging Services RM"
git config user.email [email protected]
git commit -S -a -m "Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\` (#$PR_ID)"
# Pushing the same commit to the Dependabot and main branch closes the PR
git push -f origin "HEAD:$PR_BRANCH"
# Allow for GitHub to realize that the PR branch changed
sleep 5
git push origin