-
Notifications
You must be signed in to change notification settings - Fork 728
229 lines (218 loc) · 10.8 KB
/
dependency-updater.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# This workflow will update dependencies for product-is.
name: Dependency Updater
on:
workflow_dispatch:
schedule:
# Everyday at 15:00 UTC (8.30 PM SL time)
- cron: '0 15 * * *'
env:
MAVEN_OPTS: -Xmx4g -Xms1g
REPOSITORY: product-is
GIT_USERNAME: jenkins-is-staging
GIT_EMAIL: [email protected]
PRODUCT_REPOSITORY_FORKED: $GIT_USERNAME'/'${REPOSITORY}
REMOTE_PRODUCT_REPOSITORY_PUBLIC: wso2/$REPOSITORY
PRODUCT_REPOSITORY_PUBLIC: wso2/$REPOSITORY
BUILD_NUMBER: ${{github.run_id}}
DEPENDENCY_UPGRADE_BRANCH_NAME: IS_dependency_updater_github_action/$BUILD_NUMBER
PR: "https://github.com/wso2/product-is/pulls"
jobs:
build:
runs-on: ubuntu-latest
env:
JAVA_TOOL_OPTIONS: "-Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true"
steps:
- uses: actions/checkout@v2
- name: Set up Adopt JDK 11
uses: actions/setup-java@v2
with:
java-version: "11"
distribution: "adopt"
- name: Check $JAVA_HOME
run: |
echo $JAVA_HOME
- name: Cache local Maven repository
id: cache-maven-m2
uses: actions/cache@v2
env:
cache-name: cache-m2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ env.cache-name }}-
${{ runner.os }}-maven-
${{ runner.os }}-
- name: Update Dependencies
id: builder_step
run: |
echo "::set-output name=REPO_NAME::${{ env.REPOSITORY }}"
echo ""
echo "Starting dependency upgrade"
echo "=========================================================="
echo ""
echo "Clean up any existing files"
echo "=========================================================="
rm -rf ${{ env.REPOSITORY }}
echo ""
echo "Cloning: https://github.com/'${{ env.PRODUCT_REPOSITORY_FORKED }}"
echo "=========================================================="
git clone 'https://github.com/'${{ env.PRODUCT_REPOSITORY_FORKED }}'.git'
cd ${{ env.REPOSITORY }}
echo ""
echo 'Add remote: '${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }} 'as https://github.com/'${{ env.PRODUCT_REPOSITORY_PUBLIC }}
echo "=========================================================="
git remote add ${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }} 'https://@github.com/'${{ env.PRODUCT_REPOSITORY_PUBLIC }}
echo ""
echo 'Fetching:' ${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }}
echo "=========================================================="
git fetch ${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }}
echo ""
echo 'Checking out:' ${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }} 'master branch'
echo "=========================================================="
git checkout -b ${{ env.DEPENDENCY_UPGRADE_BRANCH_NAME }} ${{ env.REMOTE_PRODUCT_REPOSITORY_PUBLIC }}'/master'
echo ""
echo 'Updating dependencies'
echo "=========================================================="
mvn versions:update-properties -U -DgenerateBackupPoms=false -DallowMajorUpdates=false -Dincludes=org.wso2.carbon.identity.*,org.wso2.carbon.extension.identity.*,org.wso2.identity.*,org.wso2.carbon.consent.*,org.wso2.carbon.healthcheck.*,org.wso2.carbon.utils,org.wso2.charon,org.apache.rampart.wso2,org.apache.ws.security.wso2,org.wso2.carbon.identity.framework:* -Dexcludes=org.wso2.carbon.extension.identity.authenticator.utils
echo ""
echo 'Available updates'
echo "=========================================================="
git diff --color > dependency_updates.diff
cat dependency_updates.diff
echo ""
echo 'Build'
echo "=========================================================="
mvn clean install -Dmaven.test.failure.ignore=false | tee mvn-build.log
PR_BUILD_STATUS=$(cat mvn-build.log | grep "\[INFO\] BUILD" | grep -oE '[^ ]+$')
PR_TEST_RESULT=$(sed -n -e '/\[INFO\] Results:/,/\[INFO\] Tests run:/ p' mvn-build.log)
PR_BUILD_FINAL_RESULT=$(
echo "==========================================================="
echo "product-is BUILD $PR_BUILD_STATUS"
echo "=========================================================="
echo ""
echo "$PR_TEST_RESULT"
)
PR_BUILD_RESULT_LOG_TEMP=$(echo "$PR_BUILD_FINAL_RESULT" | sed 's/$/%0A/')
PR_BUILD_RESULT_LOG=$(echo $PR_BUILD_RESULT_LOG_TEMP)
echo "::warning::$PR_BUILD_RESULT_LOG"
PR_BUILD_SUCCESS_COUNT=$(grep -o -i "\[INFO\] BUILD SUCCESS" mvn-build.log | wc -l)
if [ "$PR_BUILD_SUCCESS_COUNT" != "1" ]; then
echo "PR BUILD not successfull. Aborting."
echo "::error::PR BUILD not successfull. Check artifacts for logs."
exit 1
fi
if [ -s dependency_updates.diff ]
then
echo ""
echo 'Commit Changes'
echo "=========================================================="
git config --global user.email ${{ env.GIT_EMAIL }}
git config --global user.name ${{ env.GIT_USERNAME }}
git commit -a -m 'Bump dependencies from '${{ env.DEPENDENCY_UPGRADE_BRANCH_NAME }}
git remote rm origin
git remote add origin 'https://'${{ secrets.PAT }}'@github.com/'${{ env.PRODUCT_REPOSITORY_FORKED }}
echo ""
echo 'Push Changes'
echo "=========================================================="
git push -u origin ${{ env.DEPENDENCY_UPGRADE_BRANCH_NAME }}
echo ""
echo 'Send Pull Request'
echo "=========================================================="
TITLE="Bump Dependencies #"${{ env.BUILD_NUMBER }}
RESPONSE=$(curl -s -w "%{http_code}" -k -X \
POST https://api.github.com/repos/${{ env.PRODUCT_REPOSITORY_PUBLIC }}/pulls \
-H "Authorization: Bearer "${{ secrets.PAT }}"" \
-H "Content-Type: application/json" \
-d '{ "title": "'"${TITLE}"'","body": "Bumps dependencies for product-is. Link : https://github.com/wso2/product-is/actions/runs/${{github.run_id}}","head": "'"${{ env.GIT_USERNAME }}:${{ env.DEPENDENCY_UPGRADE_BRANCH_NAME }}"'","base":"master"}')
RESPONSE_BODY=${RESPONSE::-3}
STATUS=$(printf "%s" "$RESPONSE" | tail -c 3)
if [[ $STATUS == "201" ]]; then
echo "PR=$(echo $RESPONSE_BODY | jq -r '.html_url')" >> $GITHUB_ENV
fi
else
echo ""
echo "There are no dependency updates available"
echo "=========================================================="
exit 0
fi
- name: Archive dependency diff file
if: always()
uses: actions/upload-artifact@v4
with:
name: dependency-updates-diff
path: |
${{steps.builder_step.outputs.REPO_NAME}}/dependency_updates.diff
- name: Archive maven-build-log file
if: always()
uses: actions/upload-artifact@v4
with:
name: mvn-build.log
path: |
${{steps.builder_step.outputs.REPO_NAME}}/mvn-build.log
if-no-files-found: warn
- name: Google Chat Notification
run: |
STATUS_COLOR=$(if [[ ${{ job.status }} == "success" ]];then echo "#009944";
elif [[ ${{ job.status }} = "failure" ]];then echo "#ff0000";
elif [[ ${{ job.status }} = "cancelled" ]];then echo "#ffc300"; fi)
curl --location --request POST '${{ secrets.GOOGLE_CHAT_WEBHOOK }}' \
--header 'Content-Type: application/json' \
--data-raw '{
"cards": [
{
"header": {
"title": "Dependency Updater",
"subtitle": "GitHub Action #${{ env.BUILD_NUMBER }}"
},
"sections": [
{
"widgets": [
{
"textParagraph": {
"text": "Status: <br><b><font color='"${STATUS_COLOR}"'>${{ job.status }}</font></b></br>"
}
},
{
"keyValue": {
"topLabel": "Build Job:",
"content": "GitHub Action",
"contentMultiline": "false",
"bottomLabel": "",
"button": {
"textButton": {
"text": "VIEW",
"onClick": {
"openLink": {
"url": "https://github.com/wso2/product-is/actions/runs/${{github.run_id}}"
}
}
}
}
}
},
{
"keyValue": {
"topLabel": "Pull Request:",
"content": "Check Pull Request",
"contentMultiline": "false",
"bottomLabel": "",
"button": {
"textButton": {
"text": "VIEW",
"onClick": {
"openLink": {
"url": "'${{ env.PR }}'"
}
}
}
}
}
}
]
}
]
}
]
}'
if: always()