From dab83ec0913c3d29efca4bc92c43a41333536add Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Fri, 5 Jan 2024 09:24:22 -0800 Subject: [PATCH 1/4] chore: bump all deps for docker build and push --- .../actions/dependabot-automerge/action.yml | 51 +++++++++++++++++++ .github/actions/docker-build-push/action.yml | 13 +++-- 2 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 .github/actions/dependabot-automerge/action.yml diff --git a/.github/actions/dependabot-automerge/action.yml b/.github/actions/dependabot-automerge/action.yml new file mode 100644 index 00000000..03f14a88 --- /dev/null +++ b/.github/actions/dependabot-automerge/action.yml @@ -0,0 +1,51 @@ +name: Dependabot auto-approve +on: pull_request + +permissions: + pull-requests: write +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +runs: + using: "composite" + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Generate token + id: generate_token + uses: chanzuckerberg/github-app-token@v1.1.4 + with: + app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }} + private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }} + - name: Install gh CLI + shell: bash + env: + VERSION: 2.30.0 + run: | + set -ue + set -o pipefail + AMD_URL="https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz" + ARM_URL="https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_arm64.tar.gz" + PLATFORM=$(uname -m) + if [[ $PLATFORM == "arm64" ]]; then + URL=$ARM_URL + elif [[ $PLATFORM == "aarch64" ]]; then + URL=$ARM_URL + else + URL=$AMD_URL + fi + curl $URL -L -v -o ghcli.tar.gz + mkdir ghcli + tar -xf ghcli.tar.gz -C ghcli --strip-components 1 + echo "${PWD}/ghcli/bin" >> "${GITHUB_PATH}" + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: "${{ steps.generate_token.outputs.token }}" + - name: Approve a PR + run: | + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} \ No newline at end of file diff --git a/.github/actions/docker-build-push/action.yml b/.github/actions/docker-build-push/action.yml index 80af09e9..118b2d63 100644 --- a/.github/actions/docker-build-push/action.yml +++ b/.github/actions/docker-build-push/action.yml @@ -33,14 +33,13 @@ outputs: runs: using: "composite" steps: - - uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v5 with: images: ${{ inputs.registry }}/${{ inputs.name }} tags: | @@ -52,7 +51,7 @@ runs: type=sha,format=long,prefix=sha- ${{ inputs.custom_tag }} - name: Login to ECR - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ${{ inputs.registry }} - name: Calculate Branch and Base Names @@ -60,7 +59,7 @@ runs: uses: chanzuckerberg/github-actions/.github/actions/get-github-ref-names@get-github-ref-names-v1.4.0 - name: Calculate Cache-From id: cache-from - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | let cacheFrom = [ @@ -72,7 +71,7 @@ runs: core.setOutput("cacheFrom", cacheFrom); - name: Build and push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: file: ${{ inputs.dockerfile }} context: ${{ inputs.context }} From 9054e53377a28e5fcc8354ede566c8b614af932b Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Fri, 5 Jan 2024 09:28:33 -0800 Subject: [PATCH 2/4] more cleanup --- .github/actions/docker-build-push/action.yml | 1 - .github/actions/get-github-ref-names/action.yml | 5 ++--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/actions/docker-build-push/action.yml b/.github/actions/docker-build-push/action.yml index 118b2d63..6e9ccc30 100644 --- a/.github/actions/docker-build-push/action.yml +++ b/.github/actions/docker-build-push/action.yml @@ -69,7 +69,6 @@ runs: .map(ref => `type=registry,ref=${{ inputs.registry }}/${{ inputs.name }}:branch-${ref}`).join('\r\n'); console.log(`Will use cached images from ${JSON.stringify(cacheFrom, null, 2)}`); core.setOutput("cacheFrom", cacheFrom); - - name: Build and push uses: docker/build-push-action@v5 with: diff --git a/.github/actions/get-github-ref-names/action.yml b/.github/actions/get-github-ref-names/action.yml index 137232f0..91787ba1 100644 --- a/.github/actions/get-github-ref-names/action.yml +++ b/.github/actions/get-github-ref-names/action.yml @@ -19,7 +19,7 @@ runs: steps: - name: Calculate Refs id: refs - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | let eventName = context.eventName; @@ -48,5 +48,4 @@ runs: core.setOutput("headRef", head); core.setOutput("baseRef", base); - console.log(`Calculated the following ${JSON.stringify({eventName,base,head}, null, 2)}`); -# bump3 + console.log(`Calculated the following ${JSON.stringify({eventName,base,head}, null, 2)}`); \ No newline at end of file From 624b1c6abfbaa600ac12594e9aa30613be3e5a8f Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Fri, 5 Jan 2024 16:53:39 -0800 Subject: [PATCH 3/4] go --- .github/actions/docker-build-push/action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/actions/docker-build-push/action.yml b/.github/actions/docker-build-push/action.yml index 6e9ccc30..1892c10c 100644 --- a/.github/actions/docker-build-push/action.yml +++ b/.github/actions/docker-build-push/action.yml @@ -30,6 +30,9 @@ outputs: tags: description: "The tags we built and pushed" value: ${{ steps.meta.outputs.tags }} + json: + description: "The tags JSON we built and pushed" + value: ${{ steps.meta.outputs.json }} runs: using: "composite" steps: From 97a692a2e41833f3ac9f79c4d41a9b8726693260 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 10 Jan 2024 09:25:28 -0800 Subject: [PATCH 4/4] old stale code --- .../actions/dependabot-automerge/action.yml | 51 ------------------- 1 file changed, 51 deletions(-) delete mode 100644 .github/actions/dependabot-automerge/action.yml diff --git a/.github/actions/dependabot-automerge/action.yml b/.github/actions/dependabot-automerge/action.yml deleted file mode 100644 index 03f14a88..00000000 --- a/.github/actions/dependabot-automerge/action.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Dependabot auto-approve -on: pull_request - -permissions: - pull-requests: write -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -runs: - using: "composite" - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Generate token - id: generate_token - uses: chanzuckerberg/github-app-token@v1.1.4 - with: - app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }} - private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }} - - name: Install gh CLI - shell: bash - env: - VERSION: 2.30.0 - run: | - set -ue - set -o pipefail - AMD_URL="https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz" - ARM_URL="https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_arm64.tar.gz" - PLATFORM=$(uname -m) - if [[ $PLATFORM == "arm64" ]]; then - URL=$ARM_URL - elif [[ $PLATFORM == "aarch64" ]]; then - URL=$ARM_URL - else - URL=$AMD_URL - fi - curl $URL -L -v -o ghcli.tar.gz - mkdir ghcli - tar -xf ghcli.tar.gz -C ghcli --strip-components 1 - echo "${PWD}/ghcli/bin" >> "${GITHUB_PATH}" - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v1 - with: - github-token: "${{ steps.generate_token.outputs.token }}" - - name: Approve a PR - run: | - gh pr review --approve "$PR_URL" - gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} \ No newline at end of file