-
Notifications
You must be signed in to change notification settings - Fork 375
129 lines (120 loc) · 4.04 KB
/
lock-dependency.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Lock Dependency
# TODO: Make this job mandatory
# TODO: Make this on workflow_dispatch
on:
# Limitation about `paths` types:
# > https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#git-diff-comparisons
push:
branches-ignore:
- master
- release
- '*-stable'
pull_request:
# Run this job when a PR is opened, covering the scenario where branch is ready and pushed before PR is opened.
types:
- opened
# TODO: Improve concurrency between push event and pull_request event
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pr:
name: Pull Request attached
runs-on: ubuntu-latest
outputs:
pr_found: ${{ steps.pr.outputs.pr_found }}
pr_base_ref: ${{ steps.pr.outputs.pr.base.ref }}
steps:
# Limitation with pull_request trigger: https://github.com/8BitJonny/gh-get-current-pr/tree/3.0.0/?tab=readme-ov-file#limitations
- uses: 8BitJonny/gh-get-current-pr@3.0.0
id: pr
with:
filterOutClosed: true # Don't trigger on commits with closed PRs, including merges into `master`.
dependency:
name: Depenedency changes
needs: pr
if: ${{ needs.pr.outputs.pr_found == 'true' }}
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.changes.outputs.dependencies }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
# This is the best effort to get the diff comparison.
# The result remains time-sensitive since the `base` is constantly changing and
# the PR cannot be guaranteed to be up-to-date.
#
# Unless enable `Require branches to be up to date before merging` in the repository rule settings
base: ${{ needs.pr.outputs.pr_base_ref }}
filters: .github/dependency_filters.yml
lock:
runs-on: ubuntu-latest
needs: dependency
if: ${{ needs.dependency.outputs.changes == 'true' }}
strategy:
fail-fast: false
matrix:
engine:
# ADD NEW RUBIES HERE
- name: ruby
version: '3.4'
- name: ruby
version: '3.3'
- name: ruby
version: '3.2'
- name: ruby
version: '3.1'
- name: ruby
version: '3.0'
- name: ruby
version: '2.7'
- name: ruby
version: '2.6'
- name: ruby
version: '2.5'
- name: jruby
version: '9.4'
- name: jruby
version: '9.3'
- name: jruby
version: '9.2'
container:
image: ghcr.io/datadog/images-rb/engines/${{ matrix.engine.name }}:${{ matrix.engine.version }}
env:
BUNDLE_WITHOUT: check
steps:
- uses: actions/checkout@v4
- run: |
ruby -v
gem -v
bundler -v
- run: bundle install
# TODO: Migrate away from `appraisal`
- run: bundle exec appraisal generate
- run: bundle exec rake dependency:lock
- uses: actions/upload-artifact@v4
with:
name: lock-dependency-${{ github.run_id }}-${{ matrix.engine.name }}-${{ matrix.engine.version }}
path: gemfiles/${{ matrix.engine.name }}_${{ matrix.engine.version }}*
retention-days: 1
# TODO: Change token to trigger workflow automation
# > New commit by GITHUB_TOKEN does not trigger workflow automation to prevent infinite loop
commit:
name: Commit changes
needs: lock
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GHA_PAT }}
- uses: actions/download-artifact@v4
with:
path: gemfiles
pattern: lock-dependency-${{ github.run_id }}-*
merge-multiple: true
- uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: 'gemfiles/*'
commit_message: "[🤖] Lock Dependency: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"