From 7b579900c3cab5dd1224dbc4219858665a46611b Mon Sep 17 00:00:00 2001 From: sebthom Date: Fri, 27 Dec 2024 12:54:21 +0100 Subject: [PATCH] ci: update workflow config --- .github/dependabot.yml | 8 +-- .github/workflows/build.yml | 72 ++++++++++++++++++------ .github/workflows/update-python-deps.yml | 12 +++- 3 files changed, 67 insertions(+), 25 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8a35b55..c373387 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,12 +6,12 @@ updates: schedule: interval: weekly day: monday - time: "17:00" + time: "14:00" commit-message: prefix: ci prefix-development: ci include: scope labels: - - pinned - - dependencies - - gha + - dependencies + - gha + - pinned diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f68a009..f3e6570 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,11 +1,13 @@ # SPDX-FileCopyrightText: © Sebastian Thomschke and contributors # SPDX-License-Identifier: AGPL-3.0-or-later -# SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot/ +# SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot # # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions name: Build on: + schedule: + - cron: '0 15 1 * *' push: branches-ignore: # build all branches except: - 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) @@ -94,7 +96,6 @@ jobs: - name: Git Checkout uses: actions/checkout@v4 # https://github.com/actions/checkout - - name: "Install: Chromium Browser" if: env.ACT == 'true' && startsWith(matrix.os, 'ubuntu') run: | @@ -217,7 +218,7 @@ jobs: - name: Upload self-contained executable uses: actions/upload-artifact@v4 - if: ${{ github.ref_name == 'main' && matrix.PUBLISH_RELEASE && !env.ACT }} + if: github.ref_name == 'main' && matrix.PUBLISH_RELEASE && !env.ACT with: name: artifacts-${{ matrix.os }} path: dist/kleinanzeigen-bot* @@ -234,7 +235,7 @@ jobs: - name: Publish Docker image - if: ${{ github.repository_owner == 'Second-Hand-Friends' && github.ref_name == 'main' && matrix.PUBLISH_RELEASE && startsWith(matrix.os, 'ubuntu') && !env.ACT }} + if: github.repository_owner == 'Second-Hand-Friends' && github.ref_name == 'main' && matrix.PUBLISH_RELEASE && startsWith(matrix.os, 'ubuntu') && !env.ACT run: | set -eux @@ -251,8 +252,8 @@ jobs: runs-on: ubuntu-latest needs: - build - if: ${{ github.ref_name == 'main' && !github.event.act }} - concurrency: publish-latest-release # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency + if: (github.ref_name == 'main' || github.ref_name == 'release') && !github.event.act + concurrency: publish-${{ github.ref_name }}-release # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency steps: - name: "Show: GitHub context" @@ -261,7 +262,7 @@ jobs: run: echo $GITHUB_CONTEXT - - name: Show environment variables + - name: "Show: environment variables" run: env | sort @@ -269,9 +270,9 @@ jobs: uses: vegardit/fast-apt-mirror.sh@v1 - - name: Git checkout + - name: Git Checkout # only required by "gh release create" to prevent "fatal: Not a git repository" - uses: actions/checkout@v4 #https://github.com/actions/checkout + uses: actions/checkout@v4 # https://github.com/actions/checkout - name: Delete untagged docker image @@ -309,27 +310,40 @@ jobs: run: clamscan kleinanzeigen-* - - name: "Delete previous 'latest' release" + - name: "Determine release name" + id: release + run: | + case "$GITHUB_REF_NAME" in + main) + echo "name=preview" >>"$GITHUB_OUTPUT" + ;; + release) + echo "name=latest" >>"$GITHUB_OUTPUT" + ;; + esac + + + - name: "Delete previous '${{ steps.release.outputs.name }}' release" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_NAME: latest + RELEASE_NAME: ${{ steps.release.outputs.name }} # https://cli.github.com/manual/gh_release_delete run: | GH_DEBUG=1 gh release delete "$RELEASE_NAME" --yes --cleanup-tag || true - - name: "Create 'latest' release" + - name: "Create '${{ steps.release.outputs.name }}' Release" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - RELEASE_NAME: latest + RELEASE_NAME: ${{ steps.release.outputs.name }} + COMMIT_MSG: ${{ github.event.head_commit.message }} # https://stackoverflow.com/a/78420438/5116073 + # https://cli.github.com/manual/gh_release_create run: | - set -eux - - # https://cli.github.com/manual/gh_release_create GH_DEBUG=1 gh release create "$RELEASE_NAME" \ --title "$RELEASE_NAME" \ - --latest \ - --notes ${{ toJSON(github.event.head_commit.message) }} \ + ${{ steps.release.outputs.name == 'latest' && '--latest' || '' }} \ + ${{ steps.release.outputs.name == 'preview' && '--prerelease' || '' }} \ + --notes "$COMMIT_MSG" \ --target "${{ github.sha }}" \ kleinanzeigen-bot-darwin-amd64 \ kleinanzeigen-bot-darwin-arm64 \ @@ -343,3 +357,25 @@ jobs: with: name: "*" failOnError: false + + + ########################################################### + dependabot-pr-auto-merge: + ########################################################### + needs: build + if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + + concurrency: dependabot-pr-auto-merge + + permissions: + contents: write + pull-requests: write + + steps: + - name: Merge Dependabot PR + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + PR_URL: ${{github.event.pull_request.html_url}} + run: | + gh pr merge --auto --rebase "$PR_URL" diff --git a/.github/workflows/update-python-deps.yml b/.github/workflows/update-python-deps.yml index 5ca6ef1..2ce1e04 100644 --- a/.github/workflows/update-python-deps.yml +++ b/.github/workflows/update-python-deps.yml @@ -79,15 +79,21 @@ jobs: set -euo pipefail exec 5>&1 - updates=$(pdm update --update-all 2>&1 |tee /dev/fd/5) + updates=$(pdm update --update-all 2>&1 | tee /dev/fd/5) if git diff --exit-code pdm.lock; then echo "updates=" >> "$GITHUB_OUTPUT" else + updates="$(echo "$updates" | grep Update | grep -v kleinanzeigen-bot)" + if [[ $(wc -l <<< "$updates") -eq 1 ]]; then + echo "title=$(echo "$updates" | head -n 1)" >> "${GITHUB_OUTPUT}" + else + echo "title=Update Python dependencies" >> "${GITHUB_OUTPUT}" + fi # https://github.com/orgs/community/discussions/26288#discussioncomment-3876281 delimiter="$(openssl rand -hex 8)" echo "updates<<${delimiter}" >> "${GITHUB_OUTPUT}" - echo "$(echo "$updates" | grep Update | grep -v kleinanzeigen-bot)" >> "${GITHUB_OUTPUT}" + echo "$updates" >> "${GITHUB_OUTPUT}" echo "${delimiter}" >> "${GITHUB_OUTPUT}" fi @@ -96,7 +102,7 @@ jobs: uses: peter-evans/create-pull-request@v7 # https://github.com/peter-evans/create-pull-request if: "${{ steps.update_deps.outputs.updates != '' }}" with: - title: "chore: Update Python dependencies" + title: "chore: ${{ steps.update_deps.outputs.title }}" author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>" committer: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>" commit-message: "chore: Update Python dependencies"