Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add dependabot-sync action #191

Merged
merged 4 commits into from
Feb 12, 2025
Merged

chore: add dependabot-sync action #191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
58235a4
chore: add script to download current dependabot.yml files from repos
andreynering Feb 12, 2025
0f0c579
chore: add `dependabot-sync` action
andreynering Feb 12, 2025
ee289fb
chore(dependabot): keep only specific config on repository files
andreynering Feb 12, 2025
43b6a6c
chore(dependabot): ask repo name as input, copy workflow as well
andreynering Feb 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/workflows/dependabot-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: dependabot-sync
on:
workflow_call:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could use inputs here so the caller sets the filename, then we don't need that shell script

example:

meta/.github/workflows/soft-serve.yml

Line 7 in 30584a8

type: string

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be cool to be able to call this workflow from the GitHub webUI, specify a repo, and run the workflow for it to do the work, copy the config and open a PR in the given repo. Same goes for lint-sync

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. That got me the idea that this workflow could also copy the actual workflow file to the repo, so I don't have to open manual PRs for each repo. 🙂

inputs:
repo_name:
description: The repository name, without the "charmbracelet/" prefix.
required: true
type: string

permissions:
contents: write
pull-requests: write

jobs:
sync:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: ${{ github.repository_owner }}/${{ inputs.repo_name }}

- uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/meta
path: ${{ github.repository_owner }}/meta

- run: |
cp "${{ github.repository_owner }}/meta/dependabot/workflows/dependabot-sync.yml" "${{ github.repository_owner }}/${{ inputs.repo_name }}/.github/workflows/dependabot-sync.yml"
cp "${{ github.repository_owner }}/meta/dependabot/dependabot.yml" "${{ github.repository_owner }}/${{ inputs.repo_name }}/dependabot.yml"
DEPENDABOT_FILE="${{ github.repository_owner }}/meta/dependabot/dependabot-${{ inputs.repo_name }}.yml"
if [ -f "$DEPENDABOT_FILE" ]; then
cat "$DEPENDABOT_FILE" >> "${{ github.repository_owner }}/${{ inputs.repo_name }}/dependabot.yml"
fi

- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7
with:
commit-message: "ci: sync dependabot config"
title: "ci: sync dependabot config"
body: |
This is an automated pull request to sync the Dependabot config with the meta repository.
branch: "ci/sync-dependabot-config"
delete-branch: true
path: "${{ github.repository_owner }}/${{ inputs.repo_name }}"

- name: Check outputs
if: ${{ steps.cpr.outputs.pull-request-number }}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
.DS_Store
dependabot/current
26 changes: 26 additions & 0 deletions dependabot/dependabot-bubbletea.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

- package-ecosystem: "gomod"
directory: "/examples"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"

- package-ecosystem: "gomod"
directory: "/tutorials"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
26 changes: 26 additions & 0 deletions dependabot/dependabot-colorprofile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

- package-ecosystem: "gomod"
directory: "/examples"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"

- package-ecosystem: "gomod"
directory: "/tutorials"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
26 changes: 26 additions & 0 deletions dependabot/dependabot-huh.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

- package-ecosystem: "gomod"
directory: "/examples"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"

- package-ecosystem: "gomod"
directory: "/spinner"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
13 changes: 13 additions & 0 deletions dependabot/dependabot-lipgloss.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

- package-ecosystem: "gomod"
directory: "/example"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
8 changes: 8 additions & 0 deletions dependabot/dependabot-soft-serve-action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@

- package-ecosystem: npm
directory: /
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
8 changes: 8 additions & 0 deletions dependabot/dependabot-vhs-action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@

- package-ecosystem: npm
directory: /
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
13 changes: 13 additions & 0 deletions dependabot/dependabot-wish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

- package-ecosystem: "gomod"
directory: "/examples"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"
41 changes: 41 additions & 0 deletions dependabot/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
version: 2

updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "chore"
include: "scope"

- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "05:00"
timezone: "America/New_York"
labels:
- "dependencies"
commit-message:
prefix: "feat"
include: "scope"
Comment on lines +30 to +41
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed some repositories that do not have a Dockerfile included a config to keep Docker up-to-date (the file was probably just copy-and-pasted at the time). This means that this is a no-op action if a Dockerfile is not available.

I decided to use it in our favor and have it by default, even if many repos do not have Dockerfiles. This allows us to have less specific config files as the base work for more repos.

13 changes: 13 additions & 0 deletions dependabot/download-current.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# NOTE(@andreynering): This is just a script to download dependabot.yml from
# many of our repos. I used it to compare the contents to see which of them
# were different from the base template.

REPOS=$(gh repo list charmbracelet --visibility public --no-archived --limit 1000 --json "name,defaultBranchRef" -t '{{range .}}{{printf "%s %s\n" .name .defaultBranchRef.name}}{{end}}')

rm -rf dependabot/current
mkdir -p dependabot/current

while read -r repo branch; do
echo "Downloading $repo | $branch"
curl -s https://raw.githubusercontent.com/charmbracelet/${repo}/refs/heads/${branch}/.github/dependabot.yml > dependabot/current/${repo}.yml
done <<< "$REPOS"
15 changes: 15 additions & 0 deletions dependabot/workflows/dependabot-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: dependabot-sync
on:
schedule:
- cron: "0 0 * * 0" # every Sunday at midnight
workflow_dispatch: # allows manual triggering

permissions:
contents: write
pull-requests: write

jobs:
dependabot-sync:
uses: charmbracelet/meta/.github/workflows/dependabot-sync.yml@main
with:
repo_name: ${{ github.event.repository.name }}