forked from tinglesoftware/dependabot-azure-devops
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
116 additions
and
115 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,21 +4,21 @@ on: | |
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
| - main | ||
| tags: | ||
| - '*' | ||
| - '*' | ||
| # No path filters ensures we always have a docker image matching the latest commit on main | ||
| pull_request: | ||
| branches: | ||
| # Only trigger for PRs against `main` branch. | ||
| - main | ||
| # Only trigger for PRs against `main` branch. | ||
| - main | ||
| paths: | ||
| - 'updater/**' | ||
| - '.rubocop*.yml' | ||
| - '.ruby-version' | ||
| - 'Rakefile' | ||
| - '.github/workflows/updater.yml' | ||
| - '!docs/**' | ||
| - "updater/**" | ||
| - '.rubocop*.yml' | ||
| - '.ruby-version' | ||
| - 'Rakefile' | ||
| - ".github/workflows/updater.yml" | ||
| - "!docs/**" | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
|
|
@@ -31,24 +31,24 @@ jobs: | |
| fail-fast: true | ||
| matrix: | ||
| suite: | ||
| - { ecosystem: bundler } | ||
| - { ecosystem: cargo } | ||
| - { ecosystem: composer } | ||
| - { ecosystem: docker } | ||
| - { ecosystem: elm } | ||
| - { ecosystem: gitsubmodule } | ||
| - { ecosystem: github-actions } | ||
| - { ecosystem: gomod } | ||
| - { ecosystem: gradle } | ||
| - { ecosystem: mix } | ||
| - { ecosystem: maven } | ||
| - { ecosystem: npm } | ||
| - { ecosystem: nuget } | ||
| - { ecosystem: pub } | ||
| - { ecosystem: pip } | ||
| - { ecosystem: swift } | ||
| - { ecosystem: devcontainers } | ||
| - { ecosystem: terraform } | ||
| - { ecosystem: bundler } | ||
| - { ecosystem: cargo } | ||
| - { ecosystem: composer } | ||
| - { ecosystem: docker } | ||
| - { ecosystem: elm } | ||
| - { ecosystem: gitsubmodule } | ||
| - { ecosystem: github-actions } | ||
| - { ecosystem: gomod } | ||
| - { ecosystem: gradle } | ||
| - { ecosystem: mix } | ||
| - { ecosystem: maven } | ||
| - { ecosystem: npm } | ||
| - { ecosystem: nuget } | ||
| - { ecosystem: pub } | ||
| - { ecosystem: pip } | ||
| - { ecosystem: swift } | ||
| - { ecosystem: devcontainers } | ||
| - { ecosystem: terraform } | ||
|
|
||
| env: | ||
| IMAGE_NAME: 'dependabot-updater-${{ matrix.suite.ecosystem }}' | ||
|
|
@@ -57,90 +57,91 @@ jobs: | |
| BUNDLE_GEMFILE: ${{ github.workspace }}/updater/Gemfile | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Required for GitVersion | ||
|
|
||
| - name: Install GitVersion | ||
| uses: gittools/actions/gitversion/[email protected] | ||
| with: | ||
| versionSpec: '6.x' | ||
|
|
||
| - name: Determine Version | ||
| uses: gittools/actions/gitversion/[email protected] | ||
| id: gitversion | ||
| with: | ||
| useConfigFile: true | ||
|
|
||
| - name: Setup Ruby | ||
| uses: ruby/setup-ruby@v1 | ||
| with: | ||
| bundler-cache: true | ||
|
|
||
| - name: bundle exec rubocop | ||
| run: bundle exec rubocop | ||
| working-directory: updater | ||
|
|
||
| - name: bundle exec rspec spec | ||
| run: bundle exec rspec spec | ||
| working-directory: updater | ||
|
|
||
| - name: Pull Docker base image & warm Docker cache | ||
| run: docker pull "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | ||
| # remove this after at least one release tagged 'latest' | ||
| continue-on-error: true | ||
|
|
||
| - name: Get dependabot-updater image tag version | ||
| id: docker-base-version | ||
| run: | | ||
| tag_name=$(grep -oP "(?<=gem \"dependabot-omnibus\", \"~>).*(?=\")" updater/Gemfile) | ||
| tag_sha=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' --url "https://api.github.com/repos/dependabot/dependabot-core/tags" | jq -r "[.[]|select(.name==\"v$tag_name\")][0].commit.sha") | ||
| echo "Using dependabot-updater image tag '$tag_sha' (v$tag_name)" | ||
| echo "version=$tag_sha" >> $GITHUB_OUTPUT | ||
| - name: Remove + from fullSemVer | ||
| id: remove_plus | ||
| run: | | ||
| cleanedFullSemVer=$(echo "${{ steps.gitversion.outputs.fullSemVer }}" | tr -d '+') | ||
| echo "::set-output name=cleanedFullSemVer::$cleanedFullSemVer" | ||
| - name: Build image | ||
| run: | | ||
| docker build \ | ||
| -f updater/Dockerfile \ | ||
| --build-arg BUILDKIT_INLINE_CACHE=1 \ | ||
| --build-arg ECOSYSTEM=${{ matrix.suite.ecosystem }} \ | ||
| --build-arg BASE_VERSION=${{ steps.docker-base-version.outputs.version }} \ | ||
| --build-arg DEPENDABOT_UPDATER_VERSION=${{ steps.gitversion.outputs.fullSemVer }} \ | ||
| --label com.github.image.run.id=${{ github.run_id }} \ | ||
| --label com.github.image.run.number=${{ github.run_number }} \ | ||
| --label com.github.image.job.id=${{ github.job }} \ | ||
| --label com.github.image.source.sha=${{ github.sha }} \ | ||
| --label com.github.image.source.branch=${{ github.ref }} \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major}}.${{ steps.gitversion.outputs.minor }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" \ | ||
| --cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \ | ||
| . | ||
| - name: Log into registry | ||
| if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }} | ||
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | ||
|
|
||
| - name: Push image (latest, ShortSha) | ||
| if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }} | ||
| run: | | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" | ||
| - name: Push image (NuGetVersionV2) | ||
| if: ${{ !startsWith(github.ref, 'refs/pull') }} | ||
| run: docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" | ||
|
|
||
| - name: Push image (major, minor) | ||
| if: startsWith(github.ref, 'refs/tags') | ||
| run: | | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}.${{ steps.gitversion.outputs.minor }}" | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Required for GitVersion | ||
|
|
||
| - name: Install GitVersion | ||
| uses: gittools/actions/gitversion/[email protected] | ||
| with: | ||
| versionSpec: '6.x' | ||
|
|
||
| - name: Determine Version | ||
| uses: gittools/actions/gitversion/[email protected] | ||
| id: gitversion | ||
| with: | ||
| useConfigFile: true | ||
|
|
||
| - name: Setup Ruby | ||
| uses: ruby/setup-ruby@v1 | ||
| with: | ||
| bundler-cache: true | ||
|
|
||
| - name: bundle exec rubocop | ||
| run: bundle exec rubocop | ||
| working-directory: updater | ||
|
|
||
| - name: bundle exec rspec spec | ||
| run: bundle exec rspec spec | ||
| working-directory: updater | ||
|
|
||
| - name: Pull Docker base image & warm Docker cache | ||
| run: docker pull "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | ||
| # remove this after at least one release tagged 'latest' | ||
| continue-on-error: true | ||
|
|
||
| - name: Get dependabot-updater image tag version | ||
| id: docker-base-version | ||
| run: | | ||
| tag_name=$(grep -oP "(?<=gem \"dependabot-omnibus\", \"~>).*(?=\")" updater/Gemfile) | ||
| tag_sha=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' --url "https://api.github.com/repos/dependabot/dependabot-core/tags" | jq -r "[.[]|select(.name==\"v$tag_name\")][0].commit.sha") | ||
| echo "Using dependabot-updater image tag '$tag_sha' (v$tag_name)" | ||
| echo "version=$tag_sha" >> $GITHUB_OUTPUT | ||
| - name: Remove + from fullSemVer | ||
| id: remove_plus | ||
| run: | | ||
| cleanedFullSemVer=$(echo "${{ steps.gitversion.outputs.fullSemVer }}" | tr -d '+') | ||
| echo "::set-output name=cleanedFullSemVer::$cleanedFullSemVer" | ||
| - name: Build image | ||
| run: | | ||
| docker build \ | ||
| -f updater/Dockerfile \ | ||
| --build-arg BUILDKIT_INLINE_CACHE=1 \ | ||
| --build-arg ECOSYSTEM=${{ matrix.suite.ecosystem }} \ | ||
| --build-arg BASE_VERSION=${{ steps.docker-base-version.outputs.version }} \ | ||
| --build-arg DEPENDABOT_UPDATER_VERSION=${{ steps.gitversion.outputs.fullSemVer }} \ | ||
| --label com.github.image.run.id=${{ github.run_id }} \ | ||
| --label com.github.image.run.number=${{ github.run_number }} \ | ||
| --label com.github.image.job.id=${{ github.job }} \ | ||
| --label com.github.image.source.sha=${{ github.sha }} \ | ||
| --label com.github.image.source.branch=${{ github.ref }} \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major}}.${{ steps.gitversion.outputs.minor }}" \ | ||
| -t "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" \ | ||
| --cache-from ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \ | ||
| . | ||
| - name: Log into registry | ||
| if: ${{ (github.ref == 'refs/heads/main') || (!startsWith(github.ref, 'refs/pull')) || startsWith(github.ref, 'refs/tags') }} | ||
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | ||
|
|
||
| - name: Push image (latest, ShortSha) | ||
| if: ${{ (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags') }} | ||
| run: | | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.shortSha }}" | ||
| - name: Push image (NuGetVersionV2) | ||
| if: ${{ !startsWith(github.ref, 'refs/pull') }} | ||
| run: docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.remove_plus.outputs.cleanedFullSemVer }}" | ||
|
|
||
| - name: Push image (major, minor) | ||
| if: startsWith(github.ref, 'refs/tags') | ||
| run: | | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}.${{ steps.gitversion.outputs.minor }}" | ||
| docker push "ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.gitversion.outputs.major }}" | ||