-
Notifications
You must be signed in to change notification settings - Fork 872
87 lines (77 loc) · 3.54 KB
/
update-dep.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Description: Run this by visiting https://github.com/brave/brave-core/actions/workflows/update-dep.yml
# and clicking the `Run workflow` button on the top-right.
# You can also run it from cli by: `gh workflow run update-dep.yml [-f dep=vendor/web-discovery-project] [-f ref=commit-hash]`
# If `ref` is not given, we will try to use the latest commmit (tip) of a branch called `master` or `main`
name: Update dependency in DEPS
on:
workflow_dispatch:
inputs:
dep:
description: "Dependency"
required: true
type: string
default: "vendor/web-discovery-project"
ref:
description: "New ref for dependency"
required: false
type: string
permissions:
contents: write
pull-requests: write
jobs:
dep-update:
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 0
- name: Update dependency
run: |
shopt -s inherit_errexit
set -eEo pipefail
SED=sed
# Inputs
DEP="${{ inputs.dep }}"
DEPREF="${{ inputs.ref }}"
[[ "${DEP:?}" =~ ^[a-zA-Z/-]+$ ]] || { echo "Input dependency validation failed"; exit 1; }
if [[ -z "${DEPREF}" ]]; then
echo "Attempting to guess ref hash"
DEP_REPO=$(\
sed -n '/deps = {/, /^}/p' DEPS|\
sed 's/deps = //'|\
python3 -c "import sys,ast; d=ast.literal_eval(sys.stdin.read()); dep=d[\""$DEP"\"]; print(dep) if isinstance(dep, str) else print(dep.get(\"url\"))"|\
grep -Po '(?<=github.com\/).*?(?=\.git)?(?=@)'|\
sed 's/\.git//')
gh api /repos/"${DEP_REPO}"/commits/master -q .sha > /tmp/DEPREF || gh api /repos/"${DEP_REPO}"/commits/main -q .sha > /tmp/DEPREF
DEPREF=$(</tmp/DEPREF)
fi
[[ "${DEPREF:?}" =~ ^[a-z0-9]+$ ]] || { echo "Dependency reference validation failed"; exit 1; }
! $(grep -q "$DEPREF" DEPS) || { echo "Dependency reference already exists in DEPS. Cannot continue"; exit 1; }
# readarray -t milestones < <(gh api /repos/${GITHUB_REPOSITORY:?}/milestones -q ".[] | .title" | grep -Fv Closed)
# branches=( "${milestones[@]/*Nightly/master}" )
# branches=( "${branches[@]/ -*/}" )
# echo "Branches to operate on: ${branches[*]}"
# For now, forcing branches to only master
branches=(master)
for branch in "${branches[@]}"
do
git switch "$branch"
pr_branch="update-dep-${branch}-${DEP}-${DEPREF}"
if git rev-parse --verify "$pr_branch"; then continue; fi # Skip duplicate
git switch -c "$pr_branch"
"$SED" -i -e "s,^\(\s*\"$DEP\"\s*:\s*\"https.*\)@[^\"]*\",\1@$DEPREF\"," \
-e "/^\s*\"${DEP//\//\\/}\"\s*:\s*{/,/@/ s/@[^\"]*/@$DEPREF/" DEPS
git push -u origin "$pr_branch"
gh api \
--method PUT "/repos/${GITHUB_REPOSITORY}/contents/DEPS" \
--field message="Update dependency ${DEP}@${DEPREF}" \
--field content=@<(base64 -i DEPS) \
--field encoding=base64 \
--field branch="$pr_branch" \
--field sha="$(git rev-parse "$pr_branch:DEPS")"
git restore DEPS
git pull
gh pr create --base "${branch}" -f -t "Update dependency ${DEP}@${DEPREF}" -l "CI/run-audit-deps"
done