diff --git a/.github/workflows/update-dev-container-version.yml b/.github/workflows/update-dev-container-version.yml index 33dee365..9205772d 100644 --- a/.github/workflows/update-dev-container-version.yml +++ b/.github/workflows/update-dev-container-version.yml @@ -1,150 +1,150 @@ name: Update Dev Container Image version on: - workflow_call: - inputs: - base_branch: - required: false - type: string - default: main - secrets: - AUTOMERGE_APP_ID: - required: true - AUTOMERGE_PEM: - required: true + workflow_call: + inputs: + base_branch: + required: false + type: string + default: main + secrets: + CREATE_PULL_REQUEST_APP_ID: + required: true + CREATE_PULL_REQUEST_PEM: + required: true jobs: - update_devcontainer_version: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: read - pull-requests: write - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - with: - fetch-depth: 0 - - name: Load config value - id: load-config - run: > - DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' - .devcontainer/devcontainer.json) + update_devcontainer_version: + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: read + pull-requests: write + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 + - name: Load config value + id: load-config + run: | + set -euo pipefail + DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' + .devcontainer/devcontainer.json) - DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' - .devcontainer/devcontainer.json) + DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' + .devcontainer/devcontainer.json) - { - echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE" - echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION" - } >> "$GITHUB_ENV" - - name: Resolve latest devcontainer image version from GHCR - id: resolve-version - env: - GH_TOKEN: "${{ github.token }}" - run: > - set -euo pipefail + { + echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE" + echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION" + } >> "$GITHUB_ENV" + - name: Resolve latest devcontainer image version from GHCR + id: resolve-version + env: + GH_TOKEN: "${{ github.token }}" + run: | + set -euo pipefail - PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}" + PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}" - ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse; - print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME") + ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse; + print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME") - VERSIONS_JSON=$(gh api \ - -H "Accept: application/vnd.github+json" \ - "/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100") + VERSIONS_JSON=$(gh api \ + -H "Accept: application/vnd.github+json" \ + "/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100") - LATEST_VIA_LATEST_TAG=$(jq -r ' - [ .[] - | select((.metadata.container.tags // []) | index("latest")) - ] - | sort_by(.created_at) - | reverse - | .[0].metadata.container.tags // [] - | map(select(test("^v"))) - | .[0] // empty - ' <<< "$VERSIONS_JSON") + LATEST_VIA_LATEST_TAG=$(jq -r ' + [ .[] + | select((.metadata.container.tags // []) | index("latest")) + ] + | sort_by(.created_at) + | reverse + | .[0].metadata.container.tags // [] + | map(select(test("^v"))) + | .[0] // empty + ' <<< "$VERSIONS_JSON") - LATEST_V_TAG=$(jq -r ' - [ .[] - | {created_at, tags: (.metadata.container.tags // [])} - ] - | sort_by(.created_at) - | reverse - | map(.tags[]? | select(test("^v"))) - | .[0] // empty - ' <<< "$VERSIONS_JSON") + LATEST_V_TAG=$(jq -r ' + [ .[] + | {created_at, tags: (.metadata.container.tags // [])} + ] + | sort_by(.created_at) + | reverse + | map(.tags[]? | select(test("^v"))) + | .[0] // empty + ' <<< "$VERSIONS_JSON") - RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG" + RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG" - if [[ -z "$RESOLVED_VERSION" ]]; then - RESOLVED_VERSION="$LATEST_V_TAG" - fi + if [[ -z "$RESOLVED_VERSION" ]]; then + RESOLVED_VERSION="$LATEST_V_TAG" + fi - if [[ -z "$RESOLVED_VERSION" ]]; then - echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2 - exit 1 - fi + if [[ -z "$RESOLVED_VERSION" ]]; then + echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2 + exit 1 + fi - echo "Resolved latest version: ${RESOLVED_VERSION}" + echo "Resolved latest version: ${RESOLVED_VERSION}" - echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >> - "$GITHUB_ENV" + echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >> "$GITHUB_ENV" - echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT" - - name: Update devcontainer version in config - run: > - set -euo pipefail + echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT" + - name: Update devcontainer version in config + run: | + set -euo pipefail - TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}' + TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}' - if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then - echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})" - exit 0 - fi + if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then + echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})" + exit 0 + fi - python3 - <<'PY' + python3 - <<'PY' - import json + import json - from pathlib import Path + from pathlib import Path - config_file = Path('.devcontainer/devcontainer.json') + config_file = Path('.devcontainer/devcontainer.json') - config = json.loads(config_file.read_text()) + config = json.loads(config_file.read_text()) - config['build']['args']['IMAGE_VERSION'] = '${{ - steps.resolve-version.outputs.latest_version }}' + config['build']['args']['IMAGE_VERSION'] = '${{ + steps.resolve-version.outputs.latest_version }}' - config_file.write_text(json.dumps(config, indent=2) + '\n') + config_file.write_text(json.dumps(config, indent=2) + '\n') - PY + PY - echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to - ${LATEST_DEVCONTAINER_VERSION}" - - name: Create GitHub App Token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 - id: generate-token - with: - app-id: "${{ secrets.AUTOMERGE_APP_ID }}" - private-key: "${{ secrets.AUTOMERGE_PEM }}" - - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 - with: - token: "${{ steps.generate-token.outputs.token }}" - commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }} - title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}" - body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}." - add-paths: .devcontainer/devcontainer.json - sign-commits: true - base: "${{ inputs.base_branch }}" - delete-branch: true - branch: update-devcontainer-version + echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to + ${LATEST_DEVCONTAINER_VERSION}" + - name: Create GitHub App Token + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 + id: generate-token + with: + app-id: "${{ secrets.CREATE_PULL_REQUEST_APP_ID }}" + private-key: "${{ secrets.CREATE_PULL_REQUEST_PEM }}" + - name: Create Pull Request + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 + with: + token: "${{ steps.generate-token.outputs.token }}" + commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }} + title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}" + body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}." + add-paths: .devcontainer/devcontainer.json + sign-commits: true + base: "${{ inputs.base_branch }}" + delete-branch: true + branch: update-devcontainer-version diff --git a/README.md b/README.md index 6ef77496..37a6363c 100644 --- a/README.md +++ b/README.md @@ -257,7 +257,7 @@ This workflow updates `.devcontainer/devcontainer.json` with the latest publishe #### Requirements - `.devcontainer/devcontainer.json` must include `build.args.IMAGE_NAME` and `build.args.IMAGE_VERSION`. -- `AUTOMERGE_APP_ID` and `AUTOMERGE_PEM` secrets must be configured so the workflow can create a GitHub App token for PR creation. +- `CREATE_PULL_REQUEST_APP_ID` and `CREATE_PULL_REQUEST_PEM` secrets must be configured so the workflow can create a GitHub App token for PR creation. #### Inputs @@ -265,8 +265,8 @@ This workflow updates `.devcontainer/devcontainer.json` with the latest publishe #### Secret Inputs -- `AUTOMERGE_APP_ID`: GitHub App ID used to generate an installation token. -- `AUTOMERGE_PEM`: GitHub App private key used to generate an installation token. +- `CREATE_PULL_REQUEST_APP_ID`: GitHub App ID used to generate an installation token. +- `CREATE_PULL_REQUEST_PEM`: GitHub App private key used to generate an installation token. #### Outputs @@ -288,8 +288,8 @@ jobs: with: base_branch: main secrets: - AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} - AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} + CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }} + CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }} ``` ## Tag Release