Skip to content

Update Dependencies From Metadata (Retrieve, Metadata, Compile, Test, Create PR) #232

Update Dependencies From Metadata (Retrieve, Metadata, Compile, Test, Create PR)

Update Dependencies From Metadata (Retrieve, Metadata, Compile, Test, Create PR) #232

name: Update Dependencies From Metadata (Retrieve, Metadata, Compile, Test, Create PR)
on:
workflow_dispatch:
schedule:
- cron: '57 13 * * *' # daily at 13:57 UTC
env:
AWS_REGION : "us-east-1"
permissions:
id-token: write # This is required for requesting the JWT
contents: write # This is required for actions/checkout
jobs:
retrieve:
name: Retrieve New Versions and Generate Metadata
runs-on: ubuntu-latest
outputs:
metadata-filepath: ${{ steps.retrieve.outputs.metadata-filepath }}
metadata-json: ${{ steps.retrieve.outputs.metadata-json }}
# compilation-json is a subset of metadata-json entries which are missing
# a `checksum` and `uri`
compilation-json: ${{ steps.retrieve.outputs.compilation-json }}
id: ${{ steps.retrieve.outputs.id }}
length: ${{ steps.retrieve.outputs.length }}
compilation-length: ${{ steps.retrieve.outputs.compilation-length }}
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: 'stable'
- name: Run Retrieve
id: retrieve
working-directory: dependency
run: |
OUTPUT="/tmp/metadata.json"
make retrieve \
buildpackTomlPath="${{ github.workspace }}/buildpack.toml" \
output="${OUTPUT}"
id=$(jq -r .[0].id < "${OUTPUT}")
content=$(jq -r < "${OUTPUT}")
length=$(echo $content | jq -r '. | length')
compilation=$(echo $content | jq -r 'map(select(.checksum == null and .uri == null))'?)
complength=$(echo $compilation | jq -r '. | length')
delimiter="$(uuidgen)"
echo "metadata-filepath=${OUTPUT}" >> "$GITHUB_OUTPUT"
printf "metadata-json<<%s\n%s\n%s\n" "${delimiter}" "${content}" "${delimiter}" >> "$GITHUB_OUTPUT" # see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
echo "id=$id" >> "$GITHUB_OUTPUT"
echo "length=$length" >> "$GITHUB_OUTPUT"
printf "compilation-json<<%s\n%s\n%s\n" "${delimiter}" "${compilation}" "${delimiter}" >> "$GITHUB_OUTPUT" # see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
echo "compilation-length=$complength" >> "$GITHUB_OUTPUT"
- name: Upload `${{ steps.retrieve.outputs.metadata-filepath }}`
uses: actions/upload-artifact@v3
with:
name: metadata.json
path: ${{ steps.retrieve.outputs.metadata-filepath }}
# Check if there is buildpack-provided compilation code and testing code
# Optional compilation code expected at: <buildpack>/dependency/actions/compile/
# Optional testing code expected at: <buildpack>/dependency/test/
get-compile-and-test:
name: Get Compilation and Testing Code
outputs:
should-compile: ${{ steps.compile-check.outputs.should-compile }}
should-test: ${{ steps.test-check.outputs.should-test }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Has Compilation Action?
id: compile-check
run: |
if test -d "dependency/actions/compile"; then
echo "Compilation action provided"
echo "should-compile=true" >> "$GITHUB_OUTPUT"
fi
- name: Has Testing Action?
id: test-check
run: |
if test -d "dependency/test"; then
echo "Testing file provided"
echo "should-test=true" >> "$GITHUB_OUTPUT"
fi
test:
name: Test Non-Compiled Dependency
needs:
- retrieve
- get-compile-and-test
strategy:
matrix:
includes: ${{ fromJSON(needs.retrieve.outputs.metadata-json) }}
# Run job step if BOTH:
# (1) needs.get-compile-and-test.outputs.should-test = TRUE -> if there is a dependency/test directory in the buildpack
# (2) needs.get-compile-and-test.outputs.should-compile = FALSE -> if there is NOT a dependency/actions/compile directory in the buildpack
# AND:
# (3) there is at least one new version to test
if: ${{ needs.retrieve.outputs.length > 0 && needs.get-compile-and-test.outputs.should-test == 'true' && needs.get-compile-and-test.outputs.should-compile == 'false' }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Make Temporary Artifact Directory
id: make-outputdir
run: |
echo "outputdir=$(mktemp -d)" >> "$GITHUB_OUTPUT"
# Download the tarball for testing if:
# (1) dependency testing code is present in the buildpack directory
# (2) URI in metadata.json is available
- name: Download upstream tarball (if not compiled)
if: ${{ matrix.includes.uri != '' && needs.get-compile-and-test.outputs.should-test == 'true' }}
run: |
curl ${{ matrix.includes.uri }} \
--fail-with-body \
--show-error \
--silent \
--location \
--output ${{ steps.make-outputdir.outputs.outputdir }}/dependency.tgz
# Test the dependency tarball if:
# (1) dependency testing code is present in the buildpack directory
- name: Test Upstream Dependency
working-directory: dependency
if: ${{ needs.get-compile-and-test.outputs.should-test == 'true' }}
run: |
make test \
version="${{ matrix.includes.version }}" \
tarballPath="${{ steps.make-outputdir.outputs.outputdir }}/*.tgz"
compile:
name: Compile and Test Dependency
needs:
- retrieve
- get-compile-and-test
strategy:
matrix:
includes: ${{ fromJSON(needs.retrieve.outputs.compilation-json) }}
# Run job step if:
# (1) needs.get-compile-and-test.outputs.should-compile -> if there is a dependency/actions/compile directory in the buildpack
# (2) OR needs.get-compile-and-test.outputs.should-test -> if there is a dependency/test directory in the buildpack
# AND:
# (3) there is at least one version to compile/test
if: ${{ needs.retrieve.outputs.compilation-length > 0 && (needs.get-compile-and-test.outputs.should-compile == 'true' || needs.get-compile-and-test.outputs.should-test == 'true') }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Make Temporary Artifact Directory
id: make-outputdir
run: |
echo "outputdir=$(mktemp -d)" >> "$GITHUB_OUTPUT"
# Compile if all of the following conditions are met:
# (1) compilation Github Action presetn in the buildpack directory
# (2) checksum in metadata.json is empty
# (3) URI in metadata.json is empty
- name: Compile version ${{ matrix.includes.version }} on ${{ matrix.includes.target }} Dockerfile
id: compile
if: ${{ needs.get-compile-and-test.outputs.should-compile && matrix.includes.checksum == '' && matrix.includes.uri == '' }}
uses: ./dependency/actions/compile
with:
version: "${{ matrix.includes.version }}"
outputdir: "${{ steps.make-outputdir.outputs.outputdir }}"
target: "${{ matrix.includes.target }}"
# If compiled, upload the tarball and checksum file for usage in the Update metadata job
- name: Upload workflow asset
uses: actions/upload-artifact@v3
if: ${{ needs.get-compile-and-test.outputs.should-compile && matrix.includes.checksum == '' && matrix.includes.uri == '' }}
with:
name: '${{ needs.retrieve.outputs.id }}-${{ matrix.includes.version }}-${{ matrix.includes.target }}'
path: '${{ steps.make-outputdir.outputs.outputdir }}/*'
# Test the dependency tarball if:
# (1) dependency testing code is present in the buildpack directory
- name: Test Dependency
working-directory: dependency
if: ${{ needs.get-compile-and-test.outputs.should-test == 'true' }}
run: |
make test \
version="${{ matrix.includes.version }}" \
tarballPath="${{ steps.make-outputdir.outputs.outputdir }}/*.tgz"
# Add in the checksum and URI fields to the metadata if the dependency was compiled
update-metadata:
name: Update Metadata (if compiled)
needs:
- retrieve
- get-compile-and-test
- compile
strategy:
matrix:
includes: ${{ fromJSON(needs.retrieve.outputs.compilation-json) }}
# Run metadata update step sequentially so that metadata.json can be
# modified for each version
max-parallel: 1
if: ${{ needs.retrieve.outputs.compilation-length > 0 && needs.get-compile-and-test.outputs.should-compile == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Download artifact files
uses: actions/download-artifact@v3
with:
name: '${{ needs.retrieve.outputs.id }}-${{ matrix.includes.version }}-${{ matrix.includes.target }}'
- name: Get artifact file name
id: get-file-names
run: |
echo "artifact-file=$(basename ./*.tgz)" >> "$GITHUB_OUTPUT"
echo "checksum-file=$(basename ./*.tgz.checksum)" >> "$GITHUB_OUTPUT"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload to S3
id: upload
uses: initializ-buildpacks/github-config/actions/dependency/upload-to-s3@main
with:
bucket-name: "initializ-buildpacks"
dependency-name: ${{ needs.retrieve.outputs.id }}
artifact-path: ${{ steps.get-file-names.outputs.artifact-file }}
- name: Get Checksum
id: get-checksum
run: echo "checksum=$(cat ${{ steps.get-file-names.outputs.checksum-file }})" >> "$GITHUB_OUTPUT"
- name: Download metadata.json
uses: actions/download-artifact@v3
with:
name: metadata.json
- name: Update `checksum` and `uri` in metadata for ${{ matrix.includes.target }} ${{ matrix.includes.version }}
if: ${{ matrix.includes.checksum == '' && matrix.includes.uri == '' }}
uses: initializ-buildpacks/github-config/actions/dependency/update-metadata-json@main
with:
version: ${{ matrix.includes.version }}
target: ${{ matrix.includes.target }}
checksum: ${{ steps.get-checksum.outputs.checksum }}
uri: ${{ steps.upload.outputs.dependency-uri }}
file: "metadata.json"
- name: Upload modified metadata
uses: actions/upload-artifact@v3
with:
name: "metadata.json"
path: "metadata.json"
assemble:
name: Update buildpack.toml
needs:
- retrieve
- test
- compile
- update-metadata
# Update buildpack.toml only if ALL of the following conditions are met:
# (1) Retrieval step has succeeded and has found at least 1 new version
# (2) Testing step has succeeded OR been skipped
# (3) Compilation/Testing step has succeeded OR been skipped
# (4) Update metadata step has succeeded OR been skipped
if: always() && needs.retrieve.result == 'success' && needs.retrieve.outputs.length > 0 && (needs.test.result == 'success' || needs.test.result == 'skipped') && (needs.compile.result == 'success' || needs.compile.result == 'skipped') && (needs.update-metadata.result == 'success' || needs.update-metadata.result == 'skipped')
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Checkout Branch
uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
with:
branch: automations/dependencies/update-from-metadata
- name: Make Temporary Artifact Directory
id: make-outputdir
run: |
echo "outputdir=$(mktemp -d)" >> "$GITHUB_OUTPUT"
- name: Download metadata.json
uses: actions/download-artifact@v3
with:
name: metadata.json
path: "${{ steps.make-outputdir.outputs.outputdir }}"
- name: Update dependencies from metadata.json
id: update
uses: initializ-buildpacks/github-config/actions/dependency/update-from-metadata@main
with:
buildpack_toml_path: "${{ github.workspace }}/buildpack.toml"
metadata_file_path: "${{ steps.make-outputdir.outputs.outputdir }}/metadata.json"
- name: Show git diff
run: |
git diff
- name: Commit
id: commit
uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main
with:
message: "Updating buildpack.toml with new versions ${{ steps.update.outputs.new-versions }}"
pathspec: "."
keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }}
key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }}
- name: Push Branch 'automations/dependencies/update-from-metadata'
if: ${{ steps.commit.outputs.commit_sha != '' }}
uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
with:
token: ${{ secrets.PAT }}
branch: automations/dependencies/update-from-metadata
- name: Open Pull Request
if: ${{ steps.commit.outputs.commit_sha != '' }}
uses: initializ-buildpacks/github-config/actions/pull-request/open@main
with:
token: ${{ secrets.PAT }}
title: "Updates buildpack.toml with ${{ steps.update.outputs.new-versions }}"
branch: automations/buildpack.toml/update-from-metadata
failure:
name: Alert on Failure
runs-on: ubuntu-22.04
needs: [ retrieve, get-compile-and-test, test, compile, update-metadata, assemble ]
if: ${{ always() && needs.retrieve.result == 'failure' || needs.get-compile-and-test.result == 'failure' || needs.test.result == 'failure' || needs.compile.result == 'failure' || needs.update-metadata.result == 'failure' || needs.assemble.result == 'failure' }}
steps:
- name: File Failure Alert Issue
uses: initializ-buildpacks/github-config/actions/issue/file@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
repo: ${{ github.repository }}
label: "failure:update-dependencies"
comment_if_exists: true
issue_title: "Failure: Update Dependencies workflow"
issue_body: |
Update Dependencies From Metadata workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
comment_body: |
Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}