-
Notifications
You must be signed in to change notification settings - Fork 388
134 lines (119 loc) · 5.55 KB
/
watch-dependencies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# This is a GitHub workflow defining a set of jobs with a set of steps.
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
#
# - Watch multiple images tags referenced in values.yaml to match the latest
# stable image tag (ignoring pre-releases).
# - Refreeze helm-chart/images/binderhub/requirements.txt based on
# helm-chart/images/binderhub/requirements.in
#
name: Watch dependencies
on:
pull_request:
paths:
- ".github/workflows/watch-dependencies.yaml"
push:
paths:
- "helm-chart/images/*/requirements.in"
- ".github/workflows/watch-dependencies.yaml"
branches: ["main"]
schedule:
# Run at 05:00 on day-of-month 1, ref: https://crontab.guru/#0_5_1_*_*
- cron: "0 5 1 * *"
workflow_dispatch:
jobs:
update-image-dependencies:
# Don't run this job on forks
if: github.repository == 'jupyterhub/binderhub'
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
include:
- name: docker
registry: docker.io
repository: library/docker
values_path: dind.daemonset.image.tag
tag_prefix: ""
tag_suffix: -dind
- name: podman
registry: quay.io
repository: podman/stable
values_path: pink.daemonset.image.tag
tag_prefix: v
tag_suffix: ""
# FIXME: After docker-image-cleaner 1.0.0 is released, we can enable
# this. So far, there isn't any available stable release, and
# due to that our regexp fails to match anything at all.
#
# - name: docker-image-cleaner
# registry: quay.io
# repository: jupyterhub/docker-image-cleaner
# values_path: imageCleaner.image.tag
steps:
- uses: actions/checkout@v4
- name: Get values.yaml pinned tag of ${{ matrix.registry }}/${{ matrix.repository }}
id: local
run: |
local_tag=$(cat helm-chart/binderhub/values.yaml | yq e '.${{ matrix.values_path }}' -)
echo "tag=$local_tag" >> $GITHUB_OUTPUT
- name: Get latest tag of ${{ matrix.registry }}/${{ matrix.repository }}
id: latest
# The skopeo image helps us list tags consistently from different docker
# registries. We identify the latest docker image tag based on the
# version numbers of format x.y.z included in a pattern with an optional
# prefix and suffix, like the tags "v4.5.0" (v prefix) and "23.0.4-dind"
# (-dind suffix).
run: |
latest_tag=$(
docker run --rm quay.io/skopeo/stable list-tags docker://${{ matrix.registry }}/${{ matrix.repository }} \
| jq -r '[.Tags[] | select(. | match("^${{ matrix.tag_prefix }}\\d+\\.\\d+\\.\\d+${{ matrix.tag_suffix }}$") | .string)] | sort_by(split(".") | map(ltrimstr("${{ matrix.tag_prefix }}") | rtrimstr("${{ matrix.tag_suffix }}") | tonumber)) | last'
)
echo "tag=$latest_tag" >> $GITHUB_OUTPUT
- name: Update values.yaml pinned tag
run: |
sed --in-place 's/tag: "${{ steps.local.outputs.tag }}"/tag: "${{ steps.latest.outputs.tag }}"/g' helm-chart/binderhub/values.yaml
- name: git diff
run: git --no-pager diff --color=always
# ref: https://github.com/peter-evans/create-pull-request
- name: Create a PR
if: github.event_name != 'pull_request'
uses: peter-evans/create-pull-request@v5
with:
token: "${{ secrets.jupyterhub_bot_pat }}"
author: JupterHub Bot Account <[email protected]>
committer: JupterHub Bot Account <[email protected]>
branch: update-image-${{ matrix.name }}
labels: maintenance,dependencies
commit-message: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }}
title: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }}
body: >-
A new ${{ matrix.repository }} image version has been detected, version
`${{ steps.latest.outputs.tag }}`.
refreeze-dockerfile-requirements-txt:
# Don't run this job on forks, but also not on the daily schedule to reduce
# noise. If we could run this weekly that would be reasonable, but updating
# these dependencies every day is too much noise.
#
if: github.repository == 'jupyterhub/binderhub' && github.event_name != 'schedule'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Refreeze helm-chart/images/binderhub/requirements.txt based on requirements.in
run: ci/refreeze
- name: git diff
run: git --no-pager diff --color=always
# ref: https://github.com/peter-evans/create-pull-request
- name: Create a PR
if: github.event_name != 'pull_request'
uses: peter-evans/create-pull-request@v5
with:
token: "${{ secrets.jupyterhub_bot_pat }}"
author: JupyterHub Bot Account <[email protected]>
committer: JupyterHub Bot Account <[email protected]>
branch: update-image-requirements
labels: dependencies
commit-message: "binderhub image: refreeze requirements.txt"
title: "binderhub image: refreeze requirements.txt"
body: >-
The binderhub image's requirements.txt has been refrozen based on
requirements.in.