From 21b020612bc1493eaa7c19ae2c33faaec114b3a2 Mon Sep 17 00:00:00 2001 From: bloodearnest Date: Wed, 5 Feb 2025 12:39:13 +0000 Subject: [PATCH 1/2] Add tooling to pull in latest pipeline library version --- justfile | 4 +++- scripts/upgrade-pipeline.sh | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100755 scripts/upgrade-pipeline.sh diff --git a/justfile b/justfile index fd2204678..b58a68922 100644 --- a/justfile +++ b/justfile @@ -91,7 +91,6 @@ devenv: prodenv requirements-dev && install-precommit $PIP install --no-deps -r requirements.dev.txt touch $VIRTUAL_ENV/.dev - # ensure precommit is installed install-precommit: #!/usr/bin/env bash @@ -110,6 +109,9 @@ upgrade env package="": virtualenv test -z "{{ package }}" || opts="--upgrade-package {{ package }}" FORCE=true {{ just_executable() }} requirements-{{ env }} $opts +# upgrade our internal pipeline library +upgrade-pipeline: + ./scripts/upgrade-pipeline.sh requirements.prod.in update-interactive-templates tag="": && prodenv #!/usr/bin/env bash diff --git a/scripts/upgrade-pipeline.sh b/scripts/upgrade-pipeline.sh new file mode 100755 index 000000000..6619a58cc --- /dev/null +++ b/scripts/upgrade-pipeline.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -eu + +file=$1 +github_package_url="opensafely-pipeline@https://github.com/opensafely-core/pipeline/archive/refs/tags/" +latest=$(git ls-remote -h --refs --tags --heads https://github.com/opensafely-core/pipeline | grep -o "v20.*$" | sort | tail -1) +echo "Latest version of pipeline is $latest" + +# exit early if we are at the latest version +if grep -q "$latest" "$file"; then + echo "$file already contains latest version" + exit +fi + +sed -i "s#$github_package_url.*\.zip#$github_package_url$latest.zip#" "$file" +echo "Updated $file to pipline $latest" From 0d4902269aa24947886576a3694d92e5670104ff Mon Sep 17 00:00:00 2001 From: bloodearnest Date: Wed, 5 Feb 2025 12:39:51 +0000 Subject: [PATCH 2/2] Use dependabecky workflow to update pipeline library. We cannot use dependabot to update pipeline, as it is not published on pypi. So we use the update-dependencies action, but just have it update pipeline, as dependabot is being used for python packages. --- .github/workflows/update-dependencies.yml | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/update-dependencies.yml diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 000000000..aba5ebca3 --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,29 @@ +name: Update python dependencies + +on: + workflow_dispatch: + schedule: + - cron: "0 23 * * *" + +jobs: + update-dependencies: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: "opensafely-core/setup-action@v1" + with: + python-version: "3.12" + install-just: true + + - uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: 1031449 # opensafely-core Create PR app + private-key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }} + + - uses: bennettoxford/update-dependencies-action@v1 + with: + token: ${{ steps.generate-token.outputs.token }} + # Note: just update pipeline library for now, as job-server uses dependabot for python upgrades + update_command: | + just upgrade-pipeline