From c5f8622e1a7b3831b36b27671b56a349a5eb06a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=B4mulo=20Farias?= Date: Wed, 13 Nov 2024 10:03:08 +0100 Subject: [PATCH] Improve 8.x Dependency Updates (#2691) * Add dependabot update for branch 8.x * Add updatecli update for branch 8.x * Add 8.x branch for package-ecosystem * Remove backport labels * Improve naming to identify branches (cherry picked from commit 7ffa27b7de9da91c2635f173385a14f74c93ca26) # Conflicts: # .ci/updatecli/updatecli.d/update-golang.yml # .github/dependabot.yml --- .ci/updatecli/updatecli.d/update-beats.yml | 2 +- .ci/updatecli/updatecli.d/update-golang.yml | 6 +- .ci/updatecli/updatecli.d/update-hermit.yml | 2 +- .ci/updatecli/updatecli.d/update-mods.yml | 2 +- .github/dependabot.yml | 63 ++++++++++++++++++++- .github/workflows/updatecli.yml | 5 +- 6 files changed, 73 insertions(+), 7 deletions(-) diff --git a/.ci/updatecli/updatecli.d/update-beats.yml b/.ci/updatecli/updatecli.d/update-beats.yml index 2fb8936601..5fea9a3b27 100644 --- a/.ci/updatecli/updatecli.d/update-beats.yml +++ b/.ci/updatecli/updatecli.d/update-beats.yml @@ -16,7 +16,7 @@ scms: actions: default: - title: '[updatecli] Update to elastic/beats@{{ source "beats" }}' + title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update to elastic/beats@{{ source "beats" }}' kind: github/pullrequest scmid: default spec: diff --git a/.ci/updatecli/updatecli.d/update-golang.yml b/.ci/updatecli/updatecli.d/update-golang.yml index 80ee608c85..93cba7309c 100644 --- a/.ci/updatecli/updatecli.d/update-golang.yml +++ b/.ci/updatecli/updatecli.d/update-golang.yml @@ -16,7 +16,7 @@ scms: actions: cloudbeat: - title: '[updatecli] Update Golang version to {{ source "latestGoVersion" }}' + title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update Golang version to {{ source "latestGoVersion" }}' kind: github/pullrequest scmid: default sourceid: latestGoVersion @@ -24,8 +24,12 @@ actions: automerge: false labels: - automation + - backport-skip - dependency +<<<<<<< HEAD - backport-skip +======= +>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691)) - go description: |- ### What diff --git a/.ci/updatecli/updatecli.d/update-hermit.yml b/.ci/updatecli/updatecli.d/update-hermit.yml index 547f7156de..690357d4cb 100644 --- a/.ci/updatecli/updatecli.d/update-hermit.yml +++ b/.ci/updatecli/updatecli.d/update-hermit.yml @@ -16,7 +16,7 @@ scms: actions: default: - title: '[updatecli] Update hermit and pre-commit dependencies' + title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update hermit and pre-commit dependencies' kind: github/pullrequest scmid: default spec: diff --git a/.ci/updatecli/updatecli.d/update-mods.yml b/.ci/updatecli/updatecli.d/update-mods.yml index 46e3a409bf..a710551417 100644 --- a/.ci/updatecli/updatecli.d/update-mods.yml +++ b/.ci/updatecli/updatecli.d/update-mods.yml @@ -16,7 +16,7 @@ scms: actions: default: - title: '[updatecli] Update golang mod dependencies' + title: '[updatecli] {{ requiredEnv "GIT_BRANCH" }} - Update golang mod dependencies' kind: github/pullrequest scmid: default spec: diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bdf57124c8..404ec64fb0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -26,10 +26,47 @@ updates: patterns: - "github.com/aquasecurity/*" labels: +<<<<<<< HEAD - "backport-skip" +======= +>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691)) - "dependency" - "go" - open-pull-requests-limit: 10 + open-pull-requests-limit: 2 + # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with + # go get -u github.com/elastic/beats/v7@ + ignore: + - dependency-name: "github.com/elastic/beats/v7" + schedule: + interval: "monthly" + + - package-ecosystem: "gomod" + target-branch: "8.x" + directory: "/" + groups: + azure: + patterns: + - "github.com/Azure/*" + aws: + patterns: + - "github.com/aws/*" + google: + patterns: + - "cloud.google.com/*" + - "google.golang.org/api" + elastic: + patterns: + - "github.com/elastic/*" + k8s: + patterns: + - "k8s.io/*" + trivy: + patterns: + - "github.com/aquasecurity/*" + labels: + - "dependency" + - "go" + open-pull-requests-limit: 2 # elastic/beats is using v7 in their go.mod, leading to automatic updates not working. Manual update is needed with # go get -u github.com/elastic/beats/v7@ ignore: @@ -43,7 +80,31 @@ updates: schedule: interval: "monthly" labels: +<<<<<<< HEAD - "backport-skip" +======= + - "dependency" + - "github_actions" + groups: + artifact: + patterns: + - "actions/download-artifact" + - "actions/upload-artifact" + ignore: + # Skip versions 4.x upload-artifact and download-artifact due to this issue: https://github.com/actions/upload-artifact/issues/478 + - dependency-name: "actions/download-artifact" + versions: [">=4.0.0"] + - dependency-name: "actions/upload-artifact" + versions: [">=4.0.0"] + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: ".github/workflows" + target-branch: "8.x" + schedule: + interval: "monthly" + labels: +>>>>>>> 7ffa27b7 (Improve 8.x Dependency Updates (#2691)) - "dependency" - "github_actions" groups: diff --git a/.github/workflows/updatecli.yml b/.github/workflows/updatecli.yml index 3c35b9931b..00c396b69d 100644 --- a/.github/workflows/updatecli.yml +++ b/.github/workflows/updatecli.yml @@ -43,12 +43,13 @@ env: jobs: updatecli: - name: Update ${{ matrix.pipeline-name }} dependencies + name: "[${{ matrix.git-branch }}] Update ${{ matrix.pipeline-name }} dependencies" runs-on: ubuntu-latest strategy: fail-fast: false matrix: pipeline-name: [ beats, golang, hermit, mods ] + git-branch: [ main, 8.x ] steps: - uses: actions/checkout@v4 - name: Init Hermit @@ -58,7 +59,7 @@ jobs: - name: Run Updatecli in Apply mode run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml env: - GIT_BRANCH: main + GIT_BRANCH: ${{ matrix.git-branch }} GIT_USER: "Cloud Security Machine" GITHUB_TOKEN: ${{ secrets.CLOUDSEC_MACHINE_TOKEN }}