-
Notifications
You must be signed in to change notification settings - Fork 1
Chore: [AEA-0000] - correct secret name in update dev container workflow #105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
b03acf2
correct secret name
anthony-nhs 2a3aca7
correct run
anthony-nhs c90104d
Merge branch 'main' into fix_update_dev_container
anthony-nhs 1b344de
Merge branch 'main' into fix_update_dev_container
anthony-nhs 114b11d
update readme
anthony-nhs File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,150 +1,150 @@ | ||
| name: Update Dev Container Image version | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| base_branch: | ||
| required: false | ||
| type: string | ||
| default: main | ||
| secrets: | ||
| AUTOMERGE_APP_ID: | ||
| required: true | ||
| AUTOMERGE_PEM: | ||
| required: true | ||
| workflow_call: | ||
| inputs: | ||
| base_branch: | ||
| required: false | ||
| type: string | ||
| default: main | ||
| secrets: | ||
| CREATE_PULL_REQUEST_APP_ID: | ||
| required: true | ||
| CREATE_PULL_REQUEST_PEM: | ||
| required: true | ||
| jobs: | ||
| update_devcontainer_version: | ||
| runs-on: ubuntu-22.04 | ||
| permissions: | ||
| contents: read | ||
| packages: read | ||
| pull-requests: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Load config value | ||
| id: load-config | ||
| run: > | ||
| DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' | ||
| .devcontainer/devcontainer.json) | ||
| update_devcontainer_version: | ||
| runs-on: ubuntu-22.04 | ||
| permissions: | ||
| contents: read | ||
| packages: read | ||
| pull-requests: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Load config value | ||
| id: load-config | ||
| run: > | ||
| DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' | ||
| .devcontainer/devcontainer.json) | ||
|
|
||
| DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' | ||
| .devcontainer/devcontainer.json) | ||
| DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' | ||
| .devcontainer/devcontainer.json) | ||
|
|
||
| { | ||
| echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE" | ||
| echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION" | ||
| } >> "$GITHUB_ENV" | ||
| - name: Resolve latest devcontainer image version from GHCR | ||
| id: resolve-version | ||
| env: | ||
| GH_TOKEN: "${{ github.token }}" | ||
| run: > | ||
| set -euo pipefail | ||
| { | ||
| echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE" | ||
| echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION" | ||
| } >> "$GITHUB_ENV" | ||
| - name: Resolve latest devcontainer image version from GHCR | ||
| id: resolve-version | ||
| env: | ||
| GH_TOKEN: "${{ github.token }}" | ||
| run: > | ||
| set -euo pipefail | ||
|
|
||
|
|
||
|
MatthewPopat-NHS marked this conversation as resolved.
Outdated
|
||
| PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}" | ||
| PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}" | ||
|
|
||
| ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse; | ||
| print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME") | ||
| ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse; | ||
| print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME") | ||
|
|
||
|
|
||
| VERSIONS_JSON=$(gh api \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| "/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100") | ||
| VERSIONS_JSON=$(gh api \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| "/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100") | ||
|
|
||
| LATEST_VIA_LATEST_TAG=$(jq -r ' | ||
| [ .[] | ||
| | select((.metadata.container.tags // []) | index("latest")) | ||
| ] | ||
| | sort_by(.created_at) | ||
| | reverse | ||
| | .[0].metadata.container.tags // [] | ||
| | map(select(test("^v"))) | ||
| | .[0] // empty | ||
| ' <<< "$VERSIONS_JSON") | ||
| LATEST_VIA_LATEST_TAG=$(jq -r ' | ||
| [ .[] | ||
| | select((.metadata.container.tags // []) | index("latest")) | ||
| ] | ||
| | sort_by(.created_at) | ||
| | reverse | ||
| | .[0].metadata.container.tags // [] | ||
| | map(select(test("^v"))) | ||
| | .[0] // empty | ||
| ' <<< "$VERSIONS_JSON") | ||
|
|
||
|
|
||
| LATEST_V_TAG=$(jq -r ' | ||
| [ .[] | ||
| | {created_at, tags: (.metadata.container.tags // [])} | ||
| ] | ||
| | sort_by(.created_at) | ||
| | reverse | ||
| | map(.tags[]? | select(test("^v"))) | ||
| | .[0] // empty | ||
| ' <<< "$VERSIONS_JSON") | ||
| LATEST_V_TAG=$(jq -r ' | ||
| [ .[] | ||
| | {created_at, tags: (.metadata.container.tags // [])} | ||
| ] | ||
| | sort_by(.created_at) | ||
| | reverse | ||
| | map(.tags[]? | select(test("^v"))) | ||
| | .[0] // empty | ||
| ' <<< "$VERSIONS_JSON") | ||
|
|
||
|
|
||
| RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG" | ||
| RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG" | ||
|
|
||
| if [[ -z "$RESOLVED_VERSION" ]]; then | ||
| RESOLVED_VERSION="$LATEST_V_TAG" | ||
| fi | ||
| if [[ -z "$RESOLVED_VERSION" ]]; then | ||
| RESOLVED_VERSION="$LATEST_V_TAG" | ||
| fi | ||
|
|
||
|
|
||
| if [[ -z "$RESOLVED_VERSION" ]]; then | ||
| echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2 | ||
| exit 1 | ||
| fi | ||
| if [[ -z "$RESOLVED_VERSION" ]]; then | ||
| echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2 | ||
| exit 1 | ||
| fi | ||
|
|
||
|
|
||
| echo "Resolved latest version: ${RESOLVED_VERSION}" | ||
| echo "Resolved latest version: ${RESOLVED_VERSION}" | ||
|
|
||
| echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >> | ||
| "$GITHUB_ENV" | ||
| echo "LATEST_DEVCONTAINER_VERSION=${RESOLVED_VERSION}" >> | ||
| "$GITHUB_ENV" | ||
|
|
||
| echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT" | ||
| - name: Update devcontainer version in config | ||
| run: > | ||
| set -euo pipefail | ||
| echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT" | ||
| - name: Update devcontainer version in config | ||
| run: > | ||
| set -euo pipefail | ||
|
|
||
|
|
||
| TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}' | ||
| TARGET_VERSION='${{ steps.resolve-version.outputs.latest_version }}' | ||
|
|
||
| if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then | ||
| echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})" | ||
| exit 0 | ||
| fi | ||
| if [[ "$TARGET_VERSION" == "$DEVCONTAINER_VERSION" ]]; then | ||
| echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})" | ||
| exit 0 | ||
| fi | ||
|
|
||
|
|
||
| python3 - <<'PY' | ||
| python3 - <<'PY' | ||
|
MatthewPopat-NHS marked this conversation as resolved.
Outdated
|
||
|
|
||
| import json | ||
| import json | ||
|
|
||
| from pathlib import Path | ||
| from pathlib import Path | ||
|
|
||
|
|
||
| config_file = Path('.devcontainer/devcontainer.json') | ||
| config_file = Path('.devcontainer/devcontainer.json') | ||
|
|
||
| config = json.loads(config_file.read_text()) | ||
| config = json.loads(config_file.read_text()) | ||
|
|
||
| config['build']['args']['IMAGE_VERSION'] = '${{ | ||
| steps.resolve-version.outputs.latest_version }}' | ||
| config['build']['args']['IMAGE_VERSION'] = '${{ | ||
| steps.resolve-version.outputs.latest_version }}' | ||
|
|
||
| config_file.write_text(json.dumps(config, indent=2) + '\n') | ||
| config_file.write_text(json.dumps(config, indent=2) + '\n') | ||
|
|
||
| PY | ||
| PY | ||
|
|
||
|
|
||
| echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to | ||
| ${LATEST_DEVCONTAINER_VERSION}" | ||
| - name: Create GitHub App Token | ||
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 | ||
| id: generate-token | ||
| with: | ||
| app-id: "${{ secrets.AUTOMERGE_APP_ID }}" | ||
| private-key: "${{ secrets.AUTOMERGE_PEM }}" | ||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 | ||
| with: | ||
| token: "${{ steps.generate-token.outputs.token }}" | ||
| commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }} | ||
| title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}" | ||
| body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}." | ||
| add-paths: .devcontainer/devcontainer.json | ||
| sign-commits: true | ||
| base: "${{ inputs.base_branch }}" | ||
| delete-branch: true | ||
| branch: update-devcontainer-version | ||
| echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to | ||
| ${LATEST_DEVCONTAINER_VERSION}" | ||
| - name: Create GitHub App Token | ||
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 | ||
| id: generate-token | ||
| with: | ||
| app-id: "${{ secrets.CREATE_PULL_REQUEST_APP_ID }}" | ||
| private-key: "${{ secrets.CREATE_PULL_REQUEST_PEM }}" | ||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 | ||
| with: | ||
| token: "${{ steps.generate-token.outputs.token }}" | ||
| commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }} | ||
| title: "Upgrade: [dependabot] - Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}" | ||
| body: "This PR updates the devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}." | ||
| add-paths: .devcontainer/devcontainer.json | ||
| sign-commits: true | ||
| base: "${{ inputs.base_branch }}" | ||
| delete-branch: true | ||
| branch: update-devcontainer-version | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.