Update dependency in DEPS #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: Run this by visiting https://github.com/brave/brave-core/actions/workflows/update-dep.yml | |
| # and clicking the `Run workflow` button on the top-right. | |
| # You can also run it from cli by: `gh workflow run update-dep.yml [-f dep=vendor/web-discovery-project] [-f ref=commit-hash]` | |
| # If `ref` is not given, we will try to use the latest commmit (tip) of a branch called `master` or `main` | |
| name: Update dependency in DEPS | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| dep: | |
| description: "Dependency" | |
| required: true | |
| type: string | |
| default: "vendor/web-discovery-project" | |
| ref: | |
| description: "New ref for dependency" | |
| required: false | |
| type: string | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| dep-update: | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Update dependency | |
| run: | | |
| shopt -s inherit_errexit | |
| set -eEo pipefail | |
| SED=sed | |
| # Inputs | |
| DEP="${{ inputs.dep }}" | |
| DEPREF="${{ inputs.ref }}" | |
| [[ "${DEP:?}" =~ ^[a-zA-Z/-]+$ ]] || { echo "Input dependency validation failed"; exit 1; } | |
| if [[ -z "${DEPREF}" ]]; then | |
| echo "Attempting to guess ref hash" | |
| DEP_REPO=$(\ | |
| sed -n '/deps = {/, /^}/p' DEPS|\ | |
| sed 's/deps = //'|\ | |
| python3 -c "import sys,ast; d=ast.literal_eval(sys.stdin.read()); dep=d[\""$DEP"\"]; print(dep) if isinstance(dep, str) else print(dep.get(\"url\"))"|\ | |
| grep -Po '(?<=github.com\/).*?(?=\.git)?(?=@)'|\ | |
| sed 's/\.git//') | |
| gh api /repos/"${DEP_REPO}"/commits/master -q .sha > /tmp/DEPREF || gh api /repos/"${DEP_REPO}"/commits/main -q .sha > /tmp/DEPREF | |
| DEPREF=$(</tmp/DEPREF) | |
| fi | |
| [[ "${DEPREF:?}" =~ ^[a-z0-9]+$ ]] || { echo "Dependency reference validation failed"; exit 1; } | |
| ! $(grep -q "$DEPREF" DEPS) || { echo "Dependency reference already exists in DEPS. Cannot continue"; exit 1; } | |
| # readarray -t milestones < <(gh api /repos/${GITHUB_REPOSITORY:?}/milestones -q ".[] | .title" | grep -Fv Closed) | |
| # branches=( "${milestones[@]/*Nightly/master}" ) | |
| # branches=( "${branches[@]/ -*/}" ) | |
| # echo "Branches to operate on: ${branches[*]}" | |
| # For now, forcing branches to only master | |
| branches=(master) | |
| for branch in "${branches[@]}" | |
| do | |
| git switch "$branch" | |
| pr_branch="update-dep-${branch}-${DEP}-${DEPREF}" | |
| if git rev-parse --verify "$pr_branch"; then continue; fi # Skip duplicate | |
| git switch -c "$pr_branch" | |
| "$SED" -i -e "s,^\(\s*\"$DEP\"\s*:\s*\"https.*\)@[^\"]*\",\1@$DEPREF\"," \ | |
| -e "/^\s*\"${DEP//\//\\/}\"\s*:\s*{/,/@/ s/@[^\"]*/@$DEPREF/" DEPS | |
| git push -u origin "$pr_branch" | |
| gh api \ | |
| --method PUT "/repos/${GITHUB_REPOSITORY}/contents/DEPS" \ | |
| --field message="Update dependency ${DEP}@${DEPREF}" \ | |
| --field content=@<(base64 -i DEPS) \ | |
| --field encoding=base64 \ | |
| --field branch="$pr_branch" \ | |
| --field sha="$(git rev-parse "$pr_branch:DEPS")" | |
| git restore DEPS | |
| git pull | |
| gh pr create --base "${branch}" -f -t "Update dependency ${DEP}@${DEPREF}" -l "CI/run-audit-deps" | |
| done |