Skip to content

Chore: [AEA-0000] - correct secret name in update dev container workflow #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anthony-nhs merged 5 commits into from
Mar 27, 2026
+118 −118
Merged

Chore: [AEA-0000] - correct secret name in update dev container workflow #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b03acf2
correct secret name
anthony-nhs Mar 25, 2026
2a3aca7
correct run
anthony-nhs Mar 26, 2026
c90104d
Merge branch 'main' into fix_update_dev_container
anthony-nhs Mar 26, 2026
1b344de
Merge branch 'main' into fix_update_dev_container
anthony-nhs Mar 27, 2026
114b11d
update readme
anthony-nhs Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
226 changes: 113 additions & 113 deletions .github/workflows/update-dev-container-version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,150 +1,150 @@
name: Update Dev Container Image version
on:
workflow_call:
inputs:
base_branch:
required: false
type: string
default: main
secrets:
AUTOMERGE_APP_ID:
required: true
AUTOMERGE_PEM:
required: true
workflow_call:
inputs:
base_branch:
required: false
type: string
default: main
secrets:
CREATE_PULL_REQUEST_APP_ID:
required: true
CREATE_PULL_REQUEST_PEM:
required: true
jobs:
update_devcontainer_version:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: read
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
fetch-depth: 0
- name: Load config value
id: load-config
run: >
DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME'
.devcontainer/devcontainer.json)
update_devcontainer_version:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: read
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
fetch-depth: 0
- name: Load config value
id: load-config
run: |
set -euo pipefail
DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME'
.devcontainer/devcontainer.json)

DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION'
.devcontainer/devcontainer.json)
DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION'
.devcontainer/devcontainer.json)

{
echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE"
echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION"
} >> "$GITHUB_ENV"
- name: Resolve latest devcontainer image version from GHCR
id: resolve-version
env:
GH_TOKEN: "${{ github.token }}"
run: >
set -euo pipefail
{
echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE"
echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION"
} >> "$GITHUB_ENV"
- name: Resolve latest devcontainer image version from GHCR
id: resolve-version
env:
GH_TOKEN: "${{ github.token }}"
run: |
set -euo pipefail


PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}"
PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}"

ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse;
print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME")
ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse;
print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME")


VERSIONS_JSON=$(gh api \
-H "Accept: application/vnd.github+json" \
"/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100")
VERSIONS_JSON=$(gh api \
-H "Accept: application/vnd.github+json" \
"/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100")

LATEST_VIA_LATEST_TAG=$(jq -r '
[ .[]
| select((.metadata.container.tags // []) | index("latest"))
]
| sort_by(.created_at)
| reverse
| .[0].metadata.container.tags // []
| map(select(test("^v")))
| .[0] // empty
' <<< "$VERSIONS_JSON")
LATEST_VIA_LATEST_TAG=$(jq -r '
[ .[]
| select((.metadata.container.tags // []) | index("latest"))
]
| sort_by(.created_at)
| reverse
| .[0].metadata.container.tags // []
| map(select(test("^v")))
| .[0] // empty
' <<< "$VERSIONS_JSON")


LATEST_V_TAG=$(jq -r '
[ .[]
| {created_at, tags: (.metadata.container.tags // [])}
]
| sort_by(.created_at)
| reverse
| map(.tags[]? | select(test("^v")))
| .[0] // empty
' <<< "$VERSIONS_JSON")
LATEST_V_TAG=$(jq -r '
[ .[]
| {created_at, tags: (.metadata.container.tags // [])}
]
| sort_by(.created_at)
| reverse
| map(.tags[]? | select(test("^v")))
| .[0] // empty
' <<< "$VERSIONS_JSON")


RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG"
RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG"

if [[ -z "$RESOLVED_VERSION" ]]; then
RESOLVED_VERSION="$LATEST_V_TAG"
fi
if [[ -z "$RESOLVED_VERSION" ]]; then
RESOLVED_VERSION="$LATEST_V_TAG"
fi


if [[ -z "$RESOLVED_VERSION" ]]; then
echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2
exit 1
fi
if [[ -z "$RESOLVED_VERSION" ]]; then
echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2
exit 1
fi


echo "Resolved latest version: ${RESOLVED_VERSION}"
echo "Resolved latest version: ${RESOLVED_VERSION}"

echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >>
"$GITHUB_ENV"
echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >> "$GITHUB_ENV"

echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT"
- name: Update devcontainer version in config
run: >
set -euo pipefail
echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT"
- name: Update devcontainer version in config
run: |
set -euo pipefail


TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}'
TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}'

if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then
echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})"
exit 0
fi
if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then
echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})"
exit 0
fi


python3 - <<'PY'
python3 - <<'PY'

import json
import json

from pathlib import Path
from pathlib import Path


config_file = Path('.devcontainer/devcontainer.json')
config_file = Path('.devcontainer/devcontainer.json')

config = json.loads(config_file.read_text())
config = json.loads(config_file.read_text())

config['build']['args']['IMAGE_VERSION'] = '${{
steps.resolve-version.outputs.latest_version }}'
config['build']['args']['IMAGE_VERSION'] = '${{
steps.resolve-version.outputs.latest_version }}'

config_file.write_text(json.dumps(config, indent=2) + '\n')
config_file.write_text(json.dumps(config, indent=2) + '\n')

PY
PY


echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to
${LATEST_DEVCONTAINER_VERSION}"
- name: Create GitHub App Token
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
id: generate-token
with:
app-id: "${{ secrets.AUTOMERGE_APP_ID }}"
private-key: "${{ secrets.AUTOMERGE_PEM }}"
- name: Create Pull Request
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
with:
token: "${{ steps.generate-token.outputs.token }}"
commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}
title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}"
body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}."
add-paths: .devcontainer/devcontainer.json
sign-commits: true
base: "${{ inputs.base_branch }}"
delete-branch: true
branch: update-devcontainer-version
echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to
${LATEST_DEVCONTAINER_VERSION}"
- name: Create GitHub App Token
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
id: generate-token
with:
app-id: "${{ secrets.CREATE_PULL_REQUEST_APP_ID }}"
private-key: "${{ secrets.CREATE_PULL_REQUEST_PEM }}"
- name: Create Pull Request
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
with:
token: "${{ steps.generate-token.outputs.token }}"
commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}
title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}"
body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}."
add-paths: .devcontainer/devcontainer.json
sign-commits: true
base: "${{ inputs.base_branch }}"
delete-branch: true
branch: update-devcontainer-version
10 changes: 5 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,16 +257,16 @@ This workflow updates `.devcontainer/devcontainer.json` with the latest publishe
#### Requirements

- `.devcontainer/devcontainer.json` must include `build.args.IMAGE_NAME` and `build.args.IMAGE_VERSION`.
- `AUTOMERGE_APP_ID` and `AUTOMERGE_PEM` secrets must be configured so the workflow can create a GitHub App token for PR creation.
- `CREATE_PULL_REQUEST_APP_ID` and `CREATE_PULL_REQUEST_PEM` secrets must be configured so the workflow can create a GitHub App token for PR creation.

#### Inputs

- `base_branch`: Target branch for the pull request. Default: `main`.

#### Secret Inputs

- `AUTOMERGE_APP_ID`: GitHub App ID used to generate an installation token.
- `AUTOMERGE_PEM`: GitHub App private key used to generate an installation token.
- `CREATE_PULL_REQUEST_APP_ID`: GitHub App ID used to generate an installation token.
- `CREATE_PULL_REQUEST_PEM`: GitHub App private key used to generate an installation token.

#### Outputs

Expand All @@ -288,8 +288,8 @@ jobs:
with:
base_branch: main
secrets:
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
```

## Tag Release
Expand Down
Loading