Update Dependencies #85
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Runs `cargo update` and Python dependency updates periodically. | |
| name: Update Dependencies | |
| on: | |
| schedule: | |
| # Run weekly | |
| - cron: 0 0 * * MON | |
| workflow_dispatch: | |
| # Needed so we can run it manually | |
| permissions: | |
| checks: write | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update-rust-deps: | |
| name: Update Rust Dependencies | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH: cargo-update | |
| TITLE: "chore(deps): weekly `cargo update`" | |
| BODY: | | |
| Automation to keep dependencies in `Cargo.lock` current. | |
| <details><summary><strong>cargo update log</strong></summary> | |
| <p> | |
| ```log | |
| $cargo_update_log | |
| ``` | |
| </p> | |
| </details> | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure Git for kkrt-bot | |
| run: | | |
| git config --global user.name "kkrt-bot" | |
| git config --global user.email "kkrt-bot@users.noreply.github.com" | |
| # Create and secure .gnupg directory | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| # Configure GPG for non-interactive use | |
| echo "no-tty" > ~/.gnupg/gpg.conf | |
| echo "batch" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| # Import the GPG key | |
| echo "${{ secrets.KAKAROT_BOT_GPG_KEY }}" | gpg --import --batch --yes | |
| # Extract the signing key ID | |
| SIGNING_KEY=$(gpg --list-secret-keys --keyid-format LONG | awk '/^sec/{print $2}' | cut -d'/' -f2 | head -1) | |
| git config --global user.signingkey "$SIGNING_KEY" | |
| git config --global commit.gpgsign true | |
| echo "Git configured with signing key: $SIGNING_KEY" | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - name: Cargo update | |
| run: | | |
| cargo update --color never 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log | |
| - name: Craft commit message and PR body | |
| id: msg | |
| run: | | |
| export cargo_update_log="$(cat cargo_update.log)" | |
| echo "commit_message<<EOF" >> $GITHUB_OUTPUT | |
| printf "$TITLE\n\n$cargo_update_log\n" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| echo "body<<EOF" >> $GITHUB_OUTPUT | |
| echo "$BODY" | envsubst >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - uses: actions/create-github-app-token@v1 | |
| id: github_token | |
| with: | |
| app-id: ${{ secrets.KAKAROT_BOT_APP_ID }} | |
| private-key: ${{ secrets.KAKAROT_BOT_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ steps.github_token.outputs.token }} | |
| add-paths: ./Cargo.lock | |
| commit-message: ${{ steps.msg.outputs.commit_message }} | |
| title: ${{ env.TITLE }} | |
| body: ${{ steps.msg.outputs.body }} | |
| branch: ${{ env.BRANCH }} | |
| delete-branch: true | |
| author: kkrt-bot <kkrt-bot@users.noreply.github.com> | |
| update-python-deps: | |
| name: Update Python Dependencies | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH: uv-update | |
| TITLE: "chore(deps): update ethereum execution-specs" | |
| BODY: | | |
| Automation to keep ethereum execution-specs dependency up to date. | |
| <details><summary><strong>uv update log</strong></summary> | |
| <p> | |
| ```log | |
| $uv_update_log | |
| ``` | |
| </p> | |
| </details> | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure Git for kkrt-bot | |
| run: | | |
| git config --global user.name "kkrt-bot" | |
| git config --global user.email "kkrt-bot@users.noreply.github.com" | |
| # Create and secure .gnupg directory | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| # Configure GPG for non-interactive use | |
| echo "no-tty" > ~/.gnupg/gpg.conf | |
| echo "batch" >> ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| # Import the GPG key | |
| echo "${{ secrets.KAKAROT_BOT_GPG_KEY }}" | gpg --import --batch --yes | |
| # Extract the signing key ID | |
| SIGNING_KEY=$(gpg --list-secret-keys --keyid-format LONG | awk '/^sec/{print $2}' | cut -d'/' -f2 | head -1) | |
| git config --global user.signingkey "$SIGNING_KEY" | |
| git config --global commit.gpgsign true | |
| echo "Git configured with signing key: $SIGNING_KEY" | |
| - uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: uv.lock | |
| - name: Update ethereum execution-specs | |
| id: update | |
| run: | | |
| LATEST_COMMIT=$(curl -s "https://api.github.com/repos/ethereum/execution-specs/commits/master" | jq -r .sha) | |
| uv add ethereum@git+https://github.com/ethereum/execution-specs.git --rev $LATEST_COMMIT > uv_update.log 2>&1 | |
| cat uv_update.log | |
| - name: Craft commit message and PR body | |
| id: msg | |
| run: | | |
| export uv_update_log="$(cat uv_update.log)" | |
| echo "commit_message<<EOF" >> $GITHUB_OUTPUT | |
| printf "chore(deps): update ethereum execution-specs\n\n$uv_update_log\n" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| echo "body<<EOF" >> $GITHUB_OUTPUT | |
| echo "Automation to keep ethereum execution-specs dependency current. | |
| <details><summary><strong>uv update log</strong></summary> | |
| <p> | |
| \`\`\`log | |
| $uv_update_log | |
| \`\`\` | |
| </p> | |
| </details>" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - uses: actions/create-github-app-token@v1 | |
| id: github_token | |
| with: | |
| app-id: ${{ secrets.KAKAROT_BOT_APP_ID }} | |
| private-key: ${{ secrets.KAKAROT_BOT_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ steps.github_token.outputs.token }} | |
| add-paths: ./uv.lock | |
| commit-message: ${{ steps.msg.outputs.commit_message }} | |
| title: ${{ env.TITLE }} | |
| body: ${{ steps.msg.outputs.body }} | |
| branch: "${{ env.BRANCH }}" | |
| labels: dependencies | |
| delete-branch: true | |
| author: kkrt-bot <kkrt-bot@users.noreply.github.com> |