From cf8669ebf66307fae89064d876996e17c04ec78c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christina=20S=C3=B8rensen?= Date: Thu, 3 Jul 2025 06:14:30 +0200 Subject: [PATCH] ci(deps): automate dependency updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christina Sørensen --- .github/workflows/update-dependencies.sh | 47 ++++++++++++++++++++++ .github/workflows/update-dependencies.yaml | 44 ++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100755 .github/workflows/update-dependencies.sh create mode 100644 .github/workflows/update-dependencies.yaml diff --git a/.github/workflows/update-dependencies.sh b/.github/workflows/update-dependencies.sh new file mode 100755 index 00000000..538f8f9d --- /dev/null +++ b/.github/workflows/update-dependencies.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2025 Christina Sørensen +# +# SPDX-License-Identifier: EUPL-1.2 + +set -euo pipefail + +commit_changes() { + local file_to_check="$1" + local commit_subject="$2" + local commit_body="$3" + + # Check if the file has changes staged or unstaged + if ! git diff --quiet --exit-code "$file_to_check"; then + echo "$file_to_check has been updated. Committing changes." + git add "$file_to_check" + + printf "%s\n\n%s" "$commit_subject" "$commit_body" | git commit -F - + else + echo "No changes to $file_to_check. Skipping commit." + fi +} + +BRANCH_NAME="deps_update_$(date --iso-8601)" +if git rev-parse --verify "$BRANCH_NAME" >/dev/null 2>&1; then + echo "Branch '$BRANCH_NAME' already exists. Checking out." + git switch "$BRANCH_NAME" +else + git switch -c "$BRANCH_NAME" +fi + +# 1. Update Cargo dependencies +echo "Checking for Cargo dependency updates..." +# Redirect stderr to stdout to capture cargo's output. +CARGO_OUTPUT=$(cargo update --recursive 2>&1) +UPDATED_CRATES=$(echo "$CARGO_OUTPUT" | grep 'Updating' || true) +commit_changes "Cargo.lock" "build(deps): cargo bump $(date --iso-8601)" "$UPDATED_CRATES" + +# 2. Update Nix Flake dependencies +echo "Checking for Nix Flake dependency updates..." +# Use grep -A 2 to capture the 2 lines *after* the match. +FLAKE_OUTPUT=$(nix flake update 2>&1) +UPDATED_FLAKES=$(echo "$FLAKE_OUTPUT" | grep -A 2 'Updated input' || true) +commit_changes "flake.lock" "build(deps): flake bump $(date --iso-8601)" "$UPDATED_FLAKES" + +echo "Dependency update process complete." +git status diff --git a/.github/workflows/update-dependencies.yaml b/.github/workflows/update-dependencies.yaml new file mode 100644 index 00000000..84afd2ee --- /dev/null +++ b/.github/workflows/update-dependencies.yaml @@ -0,0 +1,44 @@ +# SPDX-FileCopyrightText: 2025 Christina Sørensen +# +# SPDX-License-Identifier: EUPL-1.2 +name: "Automated Dependency Bump" +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * 4' +jobs: + update-and-create-pr: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + steps: + - name: "Checkout repository" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Install Nix" + uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: "Set up Git credentials" + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + - name: "Run update script" + id: run_script + run: | + chmod +x .github/workflows/update-dependencies.sh + .github/workflows/update-dependencies.sh + + BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) + echo "branch=${BRANCH_NAME}" >> $GITHUB_OUTPUT + - name: "Create Pull Request" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create \ + --title "build(deps): Automatic dependency updates for $(date --iso-8601)" \ + --body "This PR was automatically generated by a GitHub Action to update crate and flake dependencies. Please review the changes and merge." \ + --base main \ + --head ${{ steps.run_script.outputs.branch }}