diff --git a/.github/workflows/LockfilePR.yml b/.github/workflows/LockfilePR.yml index ad6a10d2..32ad7eda 100644 --- a/.github/workflows/LockfilePR.yml +++ b/.github/workflows/LockfilePR.yml @@ -36,3 +36,4 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} include-maven-plugins: true + commit-lockfile: false # verify lockfile is up-to-date (not possible to update lockfile in forks) diff --git a/README.md b/README.md index 24147d8e..84677cbd 100644 --- a/README.md +++ b/README.md @@ -186,6 +186,19 @@ A lockfile is incorrect if any dependency has changed since the lockfile was gen ⚠️**Warning**: Commiting the changed lockfile does not work for pull requests from forks. See https://github.com/EndBug/add-and-commit#working-with-prs. You can add a personal access token to your repository to resolve this issue. It still works for pull requests from the same repository. Renovate also works with this action because these PRs are created from the same repository. + +### Arguments + +- `github-token` (required): The GitHub token used to commit the lockfile to the repository. +- `commit-lockfile` (optional, default=true): Whether to commit an updated lockfile to the repository. The action can be used to update lockfiles automatically in e.g. pull requests (se warning about pull-requests from forks). If this is true and the pom.xml or workflow-file has updated it will create and commit the new lockfile - the action **will not** fail if the lockfile is outdated or invalid and only push the correct version. If this is false or the pom.xml and workflow-file remain unchanged, the action be used to verify the lockfile is correct - the action **will** fail in case of an outdated or invalid lockfile. +- `commit-message` (optional, default='chore: update lockfile'): The commit message for the lockfile if `commit-lockfile` is true. +- `commit-author` (optional, default='github\_actions'): The author for the lockfile commit if `commit-lockfile` is true. GitHub provides three values for this field. + - github\_actor -> `UserName ` + - user\_info -> `Your Display Name ` + - github\_actions -> `github-actions ` +- `include-maven-plugins` (optional, default='false'): Whether to include Maven plugins in the lockfile. +- `workflow-filename` (optional, default='Lockfile.yml'): The name of the workflow file, to automatically trigger lockfile generation when the workflow is updated. + ## Related work Here we list some related work that we found while researching this topic. diff --git a/action.yml b/action.yml index 32b554e1..8e8a3be9 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ inputs: description: 'GitHub token' required: true commit-lockfile: - description: 'Commit the lockfile to the repository' + description: 'Commit the lockfile to the repository in case the pom.xml or workflow file has updated. If this is false or the pom.xml and workflow.yml files are unchanged the action will verify the current lockfile.json.' required: false default: 'true' commit-message: @@ -58,7 +58,6 @@ runs: with: files: | **/pom.xml - **/lockfile.json **/${{ inputs.workflow-filename}} - name: print all changed files run: echo all changed files are ${{ steps.changed-files.outputs.all_changed_files }} @@ -69,6 +68,9 @@ runs: - name: print POM-CHANGED run: echo "pom changed ${{ env.POM_CHANGED }}" shell: bash + - name: Set COMMIT_UPDATED_LOCKFILE environment variable + run: echo "COMMIT_UPDATED_LOCKFILE=${{ inputs.commit-lockfile }}" >> $GITHUB_ENV + shell: bash - id: action run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:5.2.4-SNAPSHOT diff --git a/github_action/src/main/java/io/github/chains_project/maven_lockfile/GithubAction.java b/github_action/src/main/java/io/github/chains_project/maven_lockfile/GithubAction.java index ccd37419..560089ee 100644 --- a/github_action/src/main/java/io/github/chains_project/maven_lockfile/GithubAction.java +++ b/github_action/src/main/java/io/github/chains_project/maven_lockfile/GithubAction.java @@ -25,7 +25,11 @@ public class GithubAction { void run(Inputs inputs, Commands commands, Context context) { boolean includeMavenPlugins = inputs.getBoolean("include-maven-plugins").orElse(false); - if (Boolean.parseBoolean(System.getenv("POM_CHANGED"))) { + + boolean pomChanged = Boolean.parseBoolean(System.getenv("POM_CHANGED")); + boolean commitUpdatedLockfile = Boolean.parseBoolean(System.getenv("COMMIT_UPDATED_LOCKFILE")); + + if (pomChanged && commitUpdatedLockfile) { commands.group("maven-lockfile"); commands.notice("Pom file changed, running lockfile generation"); commands.endGroup(); diff --git a/template/action.yml b/template/action.yml index f0f352cd..70649a0c 100644 --- a/template/action.yml +++ b/template/action.yml @@ -8,7 +8,7 @@ inputs: description: 'GitHub token' required: true commit-lockfile: - description: 'Commit the lockfile to the repository' + description: 'Commit the lockfile to the repository in case the pom.xml or workflow file has updated. If this is false or the pom.xml and workflow.yml files are unchanged the action will verify the current lockfile.json.' required: false default: 'true' commit-message: @@ -58,7 +58,6 @@ runs: with: files: | **/pom.xml - **/lockfile.json **/${{ inputs.workflow-filename}} - name: print all changed files run: echo all changed files are ${{ steps.changed-files.outputs.all_changed_files }} @@ -69,6 +68,9 @@ runs: - name: print POM-CHANGED run: echo "pom changed ${{ env.POM_CHANGED }}" shell: bash + - name: Set COMMIT_UPDATED_LOCKFILE environment variable + run: echo "COMMIT_UPDATED_LOCKFILE=${{ inputs.commit-lockfile }}" >> $GITHUB_ENV + shell: bash - id: action run: ~/.jbang/bin/jbang --repos 'mavencentral' io.github.chains-project:maven-lockfile-github-action:${project.version}