diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index a77a247c2..78cb816fd 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -1,49 +1,29 @@ ---- name: Updatecli on: - merge_group: - branch: master + release: workflow_dispatch: - push: - branches: [master] - pull_request: - branches: [master] schedule: - # * is a special character in YAML so you have to quote this string - # Run every hour - - cron: '0 * * * *' -# Commenting until https://github.com/orgs/community/discussions/41518 -# is fixed -#concurrency: -# # Restrict to one workflow per branch -# group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} -# cancel-in-progress: true + # Run at 12:00 every Saterday every 14 days + - cron: "0 12 */14 * 6" + jobs: updatecli: runs-on: ubuntu-latest steps: - name: "Checkout" - uses: "actions/checkout@v4" - - name: "Install Updatecli" - uses: "updatecli/updatecli-action@v2.96.0" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - version: "v0.111.0" - - name: "Run updatecli in dryrun" - run: "updatecli compose diff" - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: "Login Udash" - if: github.ref == 'refs/heads/master' - run: "updatecli udash login --experimental --api-url $UPDATECLI_UDASH_API_URL --oauth-access-token $UPDATECLI_UDASH_ACCESS_TOKEN $UPDATECLI_UDASH_URL" - env: - UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} - UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} - UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} + version: "v0.113.0" + - name: "Run updatecli" - if: github.ref == 'refs/heads/master' - run: "updatecli compose apply --clean-git-branches=true --experimental" + run: updatecli compose apply --clean-git-branches=true --experimental env: UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli.weekly.yaml b/.github/workflows/updatecli_release.yaml similarity index 55% rename from .github/workflows/updatecli.weekly.yaml rename to .github/workflows/updatecli_release.yaml index cca4301b5..fe9aaf00e 100644 --- a/.github/workflows/updatecli.weekly.yaml +++ b/.github/workflows/updatecli_release.yaml @@ -1,39 +1,38 @@ --- -name: Updatecli Weekly +name: Updatecli Release on: workflow_dispatch: schedule: # * is a special character in YAML so you have to quote this string # Run at 12:00 every Thursday - - cron: '0 12 * * 4' + - cron: "0 12 * * 4" repository_dispatch: types: - "updatecli-release" jobs: updatecli: - if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: - name: "Checkout" uses: "actions/checkout@v4" + - name: "Install Updatecli" uses: "updatecli/updatecli-action@v2.96.0" with: - version: "v0.111.0" + version: "v0.113.0" + # releasepost is required by the Updatecli # * policy ghcr.io/updatecli/policies/releasepost/releasepost - name: "Install Releasepost" uses: "updatecli/releasepost-action@v0.5.0" - - uses: tibdex/github-app-token@v2.1 - id: generate_token - if: github.ref == 'refs/heads/master' - with: - app_id: ${{ secrets.UPDATECLIBOT_APP_ID }} - private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + - name: "Run updatecli" - if: github.ref == 'refs/heads/master' - run: "updatecli compose apply --file updatecli-compose.weekly.yaml" + run: "updatecli compose apply --file updatecli-compose-weekly.yaml" env: - GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }} - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml new file mode 100644 index 000000000..7f1aed9df --- /dev/null +++ b/.github/workflows/updatecli_test.yaml @@ -0,0 +1,26 @@ +name: Updatecli Test + +on: + pull_request: + +permissions: + contents: read + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0" + + - name: "Test updatecli in dry-run mode" + run: "updatecli compose diff" + env: + # This step is executed in untrusted context. We use a GitHub token with minimal permissions. + UPDATECLI_GITHUB_USERNAME: ${{ github.actor }} + UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml new file mode 100644 index 000000000..cbb89264e --- /dev/null +++ b/.github/workflows/updatecli_update.yaml @@ -0,0 +1,28 @@ +name: Updatecli - Update +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0" + + - name: "Run updatecli only on existing pipelines" + run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/updatecli-compose.weekly.yaml b/updatecli-compose-release.yaml similarity index 70% rename from updatecli-compose.weekly.yaml rename to updatecli-compose-release.yaml index 5cc4ea05e..faa28e050 100644 --- a/updatecli-compose.weekly.yaml +++ b/updatecli-compose-release.yaml @@ -1,4 +1,10 @@ policies: + - name: Local policies + config: + - updatecli/updatecli.d/ + values: + - updatecli/values.d/scm.yaml + - name: Trigger releasepost policy: ghcr.io/updatecli/policies/releasepost/releasepost:0.10.0@sha256:b4b857efbed3a966cbdbc224b5ba0b9322c96322effa0cedff93a2b39d8e086d values: diff --git a/updatecli/updatecli.d/docs.yaml b/updatecli/updatecli.d/docs.yaml index c8fb00690..0f5c1c349 100644 --- a/updatecli/updatecli.d/docs.yaml +++ b/updatecli/updatecli.d/docs.yaml @@ -18,13 +18,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" force: true - commitusingapi: true + commitusingapi: {{ scm.commitusingapi }} disabled: false targets: diff --git a/updatecli/updatecli.d/installation.yaml b/updatecli/updatecli.d/installation.yaml index e09fae46e..bd2f676a0 100644 --- a/updatecli/updatecli.d/installation.yaml +++ b/updatecli/updatecli.d/installation.yaml @@ -17,12 +17,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli - commitusingapi: true + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" + force: true + commitusingapi: {{ scm.commitusingapi }} disabled: false sources: diff --git a/updatecli/updatecli.d/jsonschema.yaml b/updatecli/updatecli.d/jsonschema.yaml index 7f2e0666c..0cb36ba33 100644 --- a/updatecli/updatecli.d/jsonschema.yaml +++ b/updatecli/updatecli.d/jsonschema.yaml @@ -18,12 +18,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli - commitusingapi: true + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" + force: true + commitusingapi: {{ scm.commitusingapi }} disabled: false targets: diff --git a/updatecli/values.d/scm.yaml b/updatecli/values.d/scm.yaml index 903543b38..176784968 100644 --- a/updatecli/values.d/scm.yaml +++ b/updatecli/values.d/scm.yaml @@ -1,6 +1,6 @@ scm: enabled: true - user: updatecli-bot + user: updateclibot email: updatecli-bot@updatecli.io owner: updatecli repository: website