Skip to content

Commit

Permalink
ci: cleanup dagger-update/justfile + add aqua checksum
Browse files Browse the repository at this point in the history
  • Loading branch information
@scottames
scottames committed Aug 2, 2024
1 parent fcc1ca7 commit 1219a62
Show file tree
Hide file tree
Showing 4 changed files with 120 additions and 33 deletions.
8 changes: 0 additions & 8 deletions .github/renovate.json5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,4 @@
gomod: {
enabled: false, // dagger should handle changes to go.mod/sum
},
packageRules: [
{
description: "skip pinning silverblue in justfile as it is used to track Fedora major version",
matchFileNames: ['justfile'],
matchDatasources: ['docker'],
pinDigests: false,
},
]
}
50 changes: 35 additions & 15 deletions .github/workflows/dagger-update.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,29 @@
---
name: dagger-update
on:
# using `on: pull_request` causes a loop
# using on: pull_request causes a loop
# run on pushes to renovate branches
# with path filter
push:
paths:
- "**/dagger.json"
branches:
- renovate/*
# yamllint disable-line rule:empty-values
workflow_dispatch:
inputs:
#checkov:skip=CKV_GHA_7:desired to affect output to affect the build in this case
go-updates:
type: boolean
default: false
description: enable golang updates
permissions:
contents: read # required for actions/checkout
jobs:
dagger-update:
name: Update Dagger Modules
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
fail-fast: false
contents: write # allow workflow to write to PR
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
Expand All @@ -31,8 +38,8 @@ jobs:
# yamllint disable-line rule:line-length
uses: suzuki-shunsuke/github-token-action@350d7506222e3a0016491abe85b5c4dd475b67d1 # v0.2.1
with:
github_app_id: ${{secrets.GH_APP_ID}}
github_app_private_key: ${{secrets.GH_APP_PRIVATE_KEY}}
github_app_id: ${{ secrets.GH_APP_ID }}
github_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
github_app_permissions: >-
{ "contents": "write" }
github_app_repositories: >-
Expand All @@ -44,41 +51,54 @@ jobs:
steps.generate_app_token.outputs.token_type == 'empty'
&& ! github.event.pull_request.head.repo.fork
with:
policy_allow: "true"
aqua_version: v2.30.0 # renovate: depName=aquaproj/aqua
env:
AQUA_GITHUB_TOKEN: ${{ github.token }}
# yamllint disable-line rule:line-length
# yamllint disable-line rule:line-length
- name: install aquas (using generated app token)
# yamllint disable-line rule:line-length
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
if: |
steps.generate_app_token.outputs.token_type != 'empty'
&& ! github.event.pull_request.head.repo.fork
# Install ghcp
with:
policy_allow: "true"
aqua_version: v2.30.0 # renovate: depName=aquaproj/aqua
env:
AQUA_GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }}
# yamllint disable-line rule:line-length
# yamllint disable-line rule:line-length
- uses: kevincobain2000/action-gobrew@e6b1116c09b28a0e20a753384c90bb7fa95ec198 # v2
with:
version: 1.22.4 # renovate: datasource=golang-version depName=go
- name: dagger develop
run: |
just develop
- name: ghcp push changes
just goUpdates="${{ inputs.go-updates }}" develop
- name: push changes with ghcp
if: "! github.event.pull_request.head.repo.fork"
env:
GITHUB_REPOSITORY: ${{github.event.repository.name}}
GITHUB_TOKEN: ${{steps.generate_app_token.outputs.token}}
GITHUB_REPOSITORY: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }}
run: |
set -eu
if ! ghcp -v; then
echo "::error ::int128/ghcp not found - needed to push."
exit 1
fi
branch=${GITHUB_HEAD_REF:-} # https://github.com/int128/ghcp
if [ -z "${branch}" ]; then
branch="${GITHUB_REF_NAME}"
fi
GO_UPDATES_STR=""
if [ "${{ inputs.go-updates }}" = "true" ]; then
GO_UPDATES_STR=" + related golang updates"
fi
# shellcheck disable=SC2046
# ^- we want it to split!
ghcp commit -r "$GITHUB_REPOSITORY" -b "${branch}" \
-m "chore(dagger): develop" \
-m "chore(dagger): develop${GO_UPDATES_STR}" \
$(git --no-pager diff --name-only)
echo "::notice ::changes pushed to branch, 'exit 1' to force checks"
exit 1
20 changes: 20 additions & 0 deletions .github/workflows/pull_request_aqua_update_checksum.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
name: aqua-update-checksums
on:
pull_request:
paths:
- aqua/aqua.yaml
- aqua/aqua-checksums.json
permissions:
contents: read # required for actions/checkout
jobs:
aqua-update-checksums:
uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@75c72cdc372a43dd1b1ad0458748f5d6bfeac7b9 # v1.0.1 # renovate: depName=aquaproj/update-checksum-workflow
permissions:
contents: read
with:
aqua_version: v2.29.0 # renovate: depName=aquaproj/aqua
prune: true
secrets:
gh_app_id: ${{ secrets.GH_APP_ID }}
gh_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
75 changes: 65 additions & 10 deletions justfile
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,98 @@
gitRoot := `git rev-parse --show-toplevel`
goUpdates :="false"

_default:
@just --list --list-heading $'' --list-prefix $''

# run go updates for the given project (USE WITH CAUTION)
go-update project version="latest":
#!/usr/bin/env bash
echo "=> go update: {{ project }}"
pushd "{{ project }}" >/dev/null || exit 1
if [[ ! -f "go.mod" ]]; then
echo "‼️ ERROR: no go.mod in {{ project }}"
exit 1
fi
[ -x "$(command -v gobrew)" ] || exit 1
gobrew use "{{ version }}"
# remove the go version, let the mod update it
sed -i '/^go\s.*$/d' go.mod
go get -u
go mod tidy
popd >/dev/null || exit 1
# init go.work | https://go.dev/doc/tutorial/workspaces
go-work target="":
#!/usr/bin/env bash
pushd {{ gitRoot }} >/dev/null

if [[ ! -f "go.work" ]]; then # only create go.work if not exists
echo "=> go work init"
go work init
fi

if [[ -n "{{ target }}" ]]; then # generate just for the given target
echo "=> use: {{ target }}"
go work use {{ target }}

else # generate go.work with all dirs containing go.mod
for _GO_MOD_DIR in $(find . -type f -name go.mod | xargs dirname); do
echo "=> use: ${_GO_MOD_DIR}"
go work use "${_GO_MOD_DIR}"
done
fi

# run `dagger develop` for all Dagger modules, or the given module
develop mod="":
#!/usr/bin/env bash
set -e
_DAGGER_MODS="{{ mod }}"
if [[ -z "${_DAGGER_MODS}" ]]; then
mapfile -t _DAGGER_MODS < <(find . -type f -name dagger.json -print0 | xargs -0 dirname)
fi
for _DAGGER_MOD in "${_DAGGER_MODS[@]}"; do
echo "=> ${_DAGGER_MOD}: dagger develop"

pushd "${_DAGGER_MOD}" >/dev/null || exit
_DAGGER_MOD_SOURCE="$(dagger config --silent --json | jq -r '.source')"

echo "=> ${_DAGGER_MOD}: dagger develop"
# NOTE: use with caution!
# Dagger is opinionated about the go version compatibility. It will barf
# if the go version is greater than supported
if [[ "{{ goUpdates }}" = "true" ]]; then
_DAGGER_GO_MOD="${_DAGGER_MOD}/${_DAGGER_MOD_SOURCE}"
echo "=> ${_DAGGER_GO_MOD}: go update"
just -f "{{ gitRoot }}/justfile" go-update "${_DAGGER_GO_MOD}"
fi

dagger develop

# remove generated bits we don't want
rm -f LICENSE

just -f "{{ gitRoot }}/justfile" go-work "${_DAGGER_MOD}"

popd >/dev/null || exit 1
done
echo "=> dagger-develop: done"

# initialize a new Dagger module
[no-exit-message]
init mod:
init module:
#!/usr/bin/env bash
set -euxo pipefail
test ! -d {{ mod }} \
|| (echo "Module \"{{ mod }}\" already exists" && exit 1)
set -euo pipefail
test ! -d {{module}} \
|| (echo "Module \"{{module}}\" already exists" && exit 1)
mkdir -p {{ mod }}
cd {{ mod }} && dagger init --sdk go --name {{ mod }} --source .
dagger develop -m {{ mod }}
mkdir -p {{module}}
cd {{module}} && dagger init --sdk go --name {{module}} --source .
dagger develop -m {{module}}

[no-exit-message]
install target mod :
install target module:
pushd {{ target }}
dagger install ../{{ mod }}
dagger install {{ module }}
popd

0 comments on commit 1219a62

Please sign in to comment.