Skip to content

Merge pull request #11000 from dependabot/dev/brettfo/nuget-peer-depe… #1999

Merge pull request #11000 from dependabot/dev/brettfo/nuget-peer-depe…

Merge pull request #11000 from dependabot/dev/brettfo/nuget-peer-depe… #1999

Workflow file for this run

name: Latest images
env:
UPDATER_IMAGE: "ghcr.io/dependabot/dependabot-updater-"
on: # yamllint disable-line rule:truthy
push:
branches:
- main
paths-ignore:
- "common/lib/dependabot.rb"
jobs:
date-version:
runs-on: ubuntu-latest
outputs:
date: ${{ steps.date.outputs.DATE_BASED_VERSION }}
steps:
- id: date
name: Set date based version
# The v2 tag is the Updater image tag, not related to the core version.
# This env var has to be set here so all versions are the same.
run: |
export DATE_BASED_VERSION=v2.0.$(date +%Y%m%d%H%M%S)
echo "DATE_BASED_VERSION=$DATE_BASED_VERSION" >> $GITHUB_OUTPUT
push-updater-image:
name: Deploy
runs-on: ubuntu-latest
needs: date-version
permissions:
contents: read
id-token: write
packages: write
strategy:
fail-fast: false
matrix:
suite:
- { name: bundler, ecosystem: bundler }
- { name: cargo, ecosystem: cargo }
- { name: composer, ecosystem: composer }
- { name: docker, ecosystem: docker }
- { name: dotnet_sdk, ecosystem: dotnet-sdk }
- { name: elm, ecosystem: elm }
- { name: git_submodules, ecosystem: gitsubmodule }
- { name: github_actions, ecosystem: github-actions }
- { name: go_modules, ecosystem: gomod }
- { name: gradle, ecosystem: gradle }
- { name: hex, ecosystem: mix }
- { name: maven, ecosystem: maven }
- { name: npm_and_yarn, ecosystem: npm }
- { name: nuget, ecosystem: nuget }
- { name: pub, ecosystem: pub }
- { name: python, ecosystem: pip }
- { name: swift, ecosystem: swift }
- { name: devcontainers, ecosystem: devcontainers }
- { name: terraform, ecosystem: terraform }
env:
COMMIT_SHA: ${{ github.sha }}
NAME: ${{ matrix.suite.name }}
ECOSYSTEM: ${{ matrix.suite.ecosystem }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: recursive
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Build the dependabot-updater-<ecosystem> image
# despite the script input being $NAME, the resulting image is dependabot-updater-${ECOSYSTEM}
run: script/build ${NAME}
- name: Tag the images with the SHA, `latest`, and the date version
run: |
docker tag "${UPDATER_IMAGE}${ECOSYSTEM}" "${UPDATER_IMAGE}${ECOSYSTEM}:$COMMIT_SHA"
docker tag "${UPDATER_IMAGE}${ECOSYSTEM}" "${UPDATER_IMAGE}${ECOSYSTEM}:latest"
docker tag "${UPDATER_IMAGE}${ECOSYSTEM}" "${UPDATER_IMAGE}${ECOSYSTEM}:${{ needs.date-version.outputs.date }}"
- name: Log in to GHCR
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push the images to GHCR
run: |
docker push --all-tags "${UPDATER_IMAGE}${ECOSYSTEM}"
# All tags should resolve to the same digest so we only need to look up one of them
cosign sign --yes $(cosign triangulate --type=digest "${UPDATER_IMAGE}${ECOSYSTEM}:latest")
- name: Set summary
run: |
echo "updater uploaded with tag \`$COMMIT_SHA\`" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "${UPDATER_IMAGE}${ECOSYSTEM}:$COMMIT_SHA" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY