-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport PR #2707 to release/v1.7 for Add auto deps version update workflow #2717
Backport PR #2707 to release/v1.7 for Add auto deps version update workflow #2717
Conversation
* 💚 Add auto deps version update workflow Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Update make commands Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add make permission Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add labels Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> --------- Signed-off-by: vankichi <kyukawa315@gmail.com>
Deploying vald with Cloudflare Pages
|
📝 WalkthroughWalkthroughThe changes in this pull request primarily involve modifications to a GitHub Actions workflow and updates to the Makefile and its dependencies. The workflow's name and pull request details have been updated to reflect a focus on dependency management rather than Actions. The Makefile has been enhanced to include new targets for managing Go project dependencies and formatting tools, while the dependencies.mk file has introduced targets for updating specific tools. These changes collectively improve the project's dependency management and build processes. Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (3)
- .github/workflows/update-deps.yaml (4 hunks)
- Makefile (1 hunks)
- Makefile.d/dependencies.mk (4 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/update-deps.yaml
67-67: shellcheck reported issue in this script: SC2086:info:3:39: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:5:18: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:6:76: Double quote to prevent globbing and word splitting
(shellcheck)
🔇 Additional comments (6)
.github/workflows/update-deps.yaml (2)
85-87
: Verify PR title format consistencyLet's ensure the PR title format matches other dependency update PRs in the project.
#!/bin/bash # Check format of other dependency update PR titles gh pr list --repo vdaas/vald --search "Update libs dependency in:title" --json title --limit 5
Line range hint
16-21
: Verify cron schedule for backported branchSince this is a backport to the release/v1.7 branch, please verify if running daily dependency updates (
"0 0 * * *"
) is appropriate for a release branch. Release branches typically have more controlled update cycles.✅ Verification successful
Let me try another search strategy to gather more information about dependency update workflows across branches.
This will help us understand:
- All workflow files related to dependency/version updates
- Their respective scheduling patterns across different workflow files
Let me generate the final response based on the gathered information.
Daily dependency updates are consistent with project practices
The daily cron schedule (
"0 0 * * *"
) for dependency updates is appropriate even for the release branch because:
- The repository shows a consistent pattern of daily or hourly scheduled maintenance tasks:
- Security scans run daily (
"0 1 * * *"
for CodeQL and Docker image scans)- Build-related tasks run hourly for critical infrastructure (buildkit, buildbase, etc.)
- Having automated dependency updates on release branches helps identify potential security fixes and critical updates promptly, which can then be reviewed before merging.
The workflow allows manual triggering (
workflow_dispatch
), so the team can still control when to actually merge the updates, making it safe for release branches.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check if other release branches have different update schedules rg -U "cron:.*0 0 \* \* \*" .github/workflows/ -A 5 -B 5Length of output: 99
Script:
#!/bin/bash # Search for any workflow files with dependency or version updates fd -e yaml -e yml . .github/workflows/ --exec grep -l -i "update.*dep\|update.*version" {} \; # For each found file, show their cron schedules echo "=== Cron schedules in found files ===" fd -e yaml -e yml . .github/workflows/ --exec sh -c 'echo "File: {}"; grep -A 2 "schedule:" {} || true; echo' \;Length of output: 3958
Makefile.d/dependencies.mk (1)
20-20
: LGTM: New dependencies properly added to update/libs targetThe new dependencies
update/buf
andupdate/usearch
are correctly added to the list while maintaining alphabetical order.Also applies to: 42-42
Makefile (3)
499-499
: LGTM: Addition of go/example/deps to update targetThe addition of
go/example/deps
to the update target ensures that example code dependencies are also updated during the update process.
Line range hint
500-503
: LGTM: New format target with empty file removalThe format target now includes
remove/empty/file
, which helps maintain a cleaner codebase by removing empty files. The implementation correctly preserves.gitkeep
files and checks for truly empty files (only whitespace/newlines).
Line range hint
505-507
: LGTM: Well-implemented empty file removalThe
remove/empty/file
target implementation:
- Correctly uses
find
with proper filters- Preserves
.gitkeep
files- Uses parallel processing with xargs
- Properly checks for truly empty files using grep
[CHATOPS:HELP] ChatOps commands.
|
Description
SSIA
Related Issue
Versions
Checklist
Special notes for your reviewer
Summary by CodeRabbit
New Features
buf
andusearch
tools.Chores