Auto Update #3578
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto Update | |
| on: | |
| # Manual trigger | |
| workflow_dispatch: | |
| # Check regularly the upstream every four hours | |
| schedule: | |
| - cron: "0 0,4,8,12,16,20 * * *" | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| check-upstream: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release: ${{steps.check.outputs.release}} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Install yq | |
| run: sudo snap install yq --channel=v4/stable | |
| - id: latest-upstream | |
| name: Check for latest release tag | |
| run: | | |
| git clone https://github.com/hashicorp/vault | |
| cd vault | |
| RELEASE_TAG="$(git tag -l --sort=version:refname "v1.17.*" | tail -1)" | |
| echo "::set-output name=release::${RELEASE_TAG}" | |
| - id: check | |
| name: Check for new releases | |
| run: | | |
| LATEST="${{ steps.latest-upstream.outputs.release }}" | |
| # Get the current version from the repo | |
| CURRENT="$(cat snap/snapcraft.yaml| yq e '.version' -)" | |
| if [[ "$CURRENT" != "$LATEST" ]]; then | |
| echo "::set-output name=release::${LATEST}" | |
| echo "New upstream release '$LATEST' found" | |
| else | |
| echo "No new upstream release found" | |
| fi | |
| create-pr: | |
| runs-on: ubuntu-latest | |
| needs: check-upstream | |
| if: ${{ needs.check-upstream.outputs.release != '' }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Set up SSH Key for Signing Commits | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.BOT_PRIVATE_SIGNING_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| echo "${{ secrets.BOT_PUBLIC_SIGNING_KEY }}" > ~/.ssh/id_rsa.pub | |
| chmod 644 ~/.ssh/id_rsa.pub | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "telcobot" | |
| git config --global user.signingkey ~/.ssh/id_rsa.pub | |
| git config --global commit.gpgsign true | |
| git config --global gpg.format ssh | |
| - name: Install yq | |
| run: sudo snap install yq --channel=v4/stable | |
| - name: Update snapcraft.yaml | |
| shell: bash | |
| run: | | |
| # Grab the output from the last job | |
| LATEST="${{ needs.check-upstream.outputs.release }}" | |
| # Get the current version from the repo | |
| CURRENT="$(cat snap/snapcraft.yaml| yq e '.version' -)" | |
| # Update the snapcraft.yaml (strip the leading 'v' from the LATEST version) | |
| sed -i "s/^version: $CURRENT/version: ${LATEST/v/}/g" snap/snapcraft.yaml | |
| - name: Create a PR for local changes | |
| uses: peter-evans/[email protected] | |
| id: cpr | |
| with: | |
| token: ${{ secrets.TELCO_GITHUB_BOT_TOKEN }} | |
| commit-message: "chore: Bump snap version to ${{ needs.check-upstream.outputs.release }}" | |
| committer: "Telcobot <[email protected]>" | |
| author: "Telcobot <[email protected]>" | |
| title: "chore: Update to Vault ${{ needs.check-upstream.outputs.release }}" | |
| body: Automated update to follow upstream [release](https://github.com/hashicorp/vault/releases/tag/${{ needs.check-upstream.outputs.release }}) of Vault ${{ needs.check-upstream.outputs.release }}. | |
| branch: "chore/bump-version-to-${{ needs.check-upstream.outputs.release }}" | |
| delete-branch: true |