diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7662d99a..5c0c87c0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ updates: directory: "/" schedule: interval: "weekly" + - package-ecosystem: docker + directory: /cicd + schedule: + interval: daily # version updates: disabled # security updates: enabled diff --git a/.github/workflows/deps-release-detect.yaml b/.github/workflows/deps-release-detect.yaml new file mode 100644 index 00000000..97a0e28f --- /dev/null +++ b/.github/workflows/deps-release-detect.yaml @@ -0,0 +1,85 @@ +name: Deps Release + +on: 'pull_request' + +permissions: + contents: write + +jobs: + detect: + name: Detect + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git checkout -b "$GITHUB_HEAD_REF" + + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v2 + + - name: Install node + uses: actions/setup-node@v4 + with: + node-version: 18 + + - name: Install semver + run: |- + npm install -g semver + + - name: Bump + run: |- + set -e + push=0 + config='[ + { + "directory": "cicd", + "dependencyName": "alpine" + } + ]' + + deps='${{ steps.dependabot-metadata.outputs.updated-dependencies-json }}' + + for i in $(seq 0 "$(("$(echo "$config" | jq length) - 1"))"); do + directory="$(echo "$config" | jq -r ".[$i].directory")" + dependencyName="$(echo "$config" | jq -r ".[$i].dependencyName")" + match="$(echo "$deps" | jq ".[] | select(.directory == \"/$directory\" and .dependencyName == \"$dependencyName\")")" + if [ -z "$match" ]; then + continue + fi + + updateType="$(echo "$match" | jq -r ".updateType")" + prevVersion="$(echo "$match" | jq -r ".prevVersion")" + newVersion="$(echo "$match" | jq -r ".newVersion")" + + echo "directory : $directory" + echo "dependencyName : $dependencyName" + echo "updateType : $updateType" + echo "prevVersion : $prevVersion" + echo "newVersion : $newVersion" + + tag_deps_version="$(git ls-remote 2>/dev/null \ + | grep -oE 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+' \ + | cut -d'/' -f3 \ + | xargs semver \ + | tail -n 1 \ + | xargs semver -i patch)" + + echo "$tag_deps_version" > ./cicd/tag-base-version.txt + git add ./cicd/tag-base-version.txt + if git commit -m "bump dependency release to $tag_deps_version"; then + push=1 + fi + done + + if [ "$push" = "1" ]; then + git push -u origin "$GITHUB_HEAD_REF" + fi diff --git a/.github/workflows/deps-release-tag.yaml b/.github/workflows/deps-release-tag.yaml new file mode 100644 index 00000000..40735bdf --- /dev/null +++ b/.github/workflows/deps-release-tag.yaml @@ -0,0 +1,37 @@ +name: Deps Release + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + tag: + name: Tag + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - id: tag + name: Determine tag + run: | + version="$(head -n 1 ./cicd/tag_deps_version.txt)" + ref_name="v$version" + create=true + if [ "$(git ls-remote origin "refs/tags/$ref_name" | wc -l)" = "1" ]; then + create=false + fi + + echo "version=$version" | tee -a "$GITHUB_OUTPUT" + echo "ref-name=$ref_name" | tee -a "$GITHUB_OUTPUT" + echo "create=$create" | tee -a "$GITHUB_OUTPUT" + + - if: ${{ fromJSON(steps.tag.outputs.create) }} + name: Tag + run: | + git tag "${{ steps.tag.outputs.ref-name }}" + git push origin "${{ steps.tag.outputs.ref-name }}" diff --git a/cicd/Dockerfile b/cicd/Dockerfile index 3d4ff5b1..4ca13131 100644 --- a/cicd/Dockerfile +++ b/cicd/Dockerfile @@ -1,7 +1,7 @@ #syntax=docker/dockerfile-upstream:1.5 ARG GO_APP -FROM alpine:3.19 as deps +FROM alpine:3.19.0 as deps ARG GO_APP ARG GORELEASER_DIST_DIR=/go/src/dist @@ -28,7 +28,7 @@ RUN <