chore: pin GH actions to commit sha #112
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Dependency Version Update PR in Longhorn Repo | ||
| on: | ||
| pull_request_target: | ||
| types: [closed] | ||
| branches: | ||
| - master | ||
| - "v*" | ||
| jobs: | ||
| create-pull-request: | ||
| if: github.event.pull_request.merged == true | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Install Dependencies | ||
| run: | | ||
| sudo apt update -y | ||
| sudo apt install -y jq wget | ||
| wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 | ||
| sudo mv yq_linux_amd64 /usr/local/bin/yq | ||
| sudo chmod +x /usr/local/bin/yq | ||
| - name: Prepare Packages | ||
| run: | | ||
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | ||
| chmod 700 get_helm.sh | ||
| ./get_helm.sh | ||
| - name: Log triggering PR information | ||
| shell: bash | ||
| run: | | ||
| echo "Triggered by PR: #${{ github.event.pull_request.number }}" | ||
| echo "PR Title: ${{ github.event.pull_request.title }}" | ||
| echo "PR URL: ${{ github.event.pull_request.html_url }}" | ||
| echo "PR was merged into branch: ${{ github.event.pull_request.base.ref }}" | ||
| - id: app-token | ||
| it uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 | ||
| with: | ||
| app-id: ${{ secrets.LONGHORN_GITHUB_BOT_APP_ID }} | ||
| private-key: ${{ secrets.LONGHORN_GITHUB_BOT_PRIVATE_KEY }} | ||
| owner: ${{ github.repository_owner }} | ||
| permission-contents: write | ||
| permission-pull-requests: write | ||
| - name: Set ref | ||
| run: | | ||
| if [ "${{ github.event.pull_request.base.ref }}" = "main" ]; then | ||
| echo "LONGHORN_BRANCH=master" >> $GITHUB_ENV | ||
| else | ||
| echo "LONGHORN_BRANCH=${{ github.event.pull_request.base.ref }}" >> $GITHUB_ENV | ||
| fi | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| with: | ||
| repository: longhorn/longhorn | ||
| token: ${{ steps.app-token.outputs.token }} | ||
| ref: ${{ env.LONGHORN_BRANCH }} | ||
| - name: Create longhorn/longhorn PR | ||
| shell: bash | ||
| run: | | ||
| COMPONENTS=(backing-image-manager longhorn-engine longhorn-instance-manager longhorn-manager longhorn-share-manager longhorn-ui longhorn-cli) | ||
| EXTERNALS=("csi-attacher" "csi-provisioner" "csi-resizer" "csi-snapshotter" "csi-node-driver-registrar" "livenessprobe" "support-bundle-kit") | ||
| IMAGE_FILE="deploy/longhorn-images.txt" | ||
| component_images=() | ||
| curl -L https://raw.githubusercontent.com/longhorn/dep-versions/refs/heads/${{ github.event.pull_request.base.ref }}/versions.json -o /tmp/versions.json | ||
| cat /tmp/versions.json | ||
| TAG=${{ env.LONGHORN_BRANCH }}-head | ||
| # Extract component images from the $IMAGE_FILE | ||
| while IFS= read -r line; do | ||
| for component in "${COMPONENTS[@]}"; do | ||
| if [[ "$line" == *"$component"* ]]; then | ||
| component_images+=("$line") | ||
| break | ||
| fi | ||
| done | ||
| done < "$IMAGE_FILE" | ||
| echo "Component images: ${component_images[@]}" | ||
| rm -rf $IMAGE_FILE | ||
| # Copy the component images to the $IMAGE_FILE | ||
| for image in "${component_images[@]}"; do | ||
| echo $image >> $IMAGE_FILE | ||
| done | ||
| # Add the external images to the $IMAGE_FILE | ||
| for dep in "${EXTERNALS[@]}" | ||
| do | ||
| tag=$(jq -r --arg dep "$dep" '.[$dep].tag' /tmp/versions.json) | ||
| echo "longhornio/$dep:$tag" >> $IMAGE_FILE | ||
| done | ||
| cat $IMAGE_FILE | ||
| bash scripts/update-chart-readme.sh || { echo "Failed: update-chart-readme.sh"; exit 1; } | ||
| bash scripts/update-chart-questions.sh || { echo "Failed: update-chart-questions.sh"; exit 1; } | ||
| bash scripts/update-chart-values.sh || { echo "Failed: update-chart-values.sh"; exit 1; } | ||
| bash scripts/generate-longhorn-yaml.sh || { echo "Failed: generate-longhorn-yaml.sh"; exit 1; } | ||
| - name: Get Head Commit Name | ||
| id: get_head_commit_name | ||
| run: echo "::set-output name=commit_name::$(git log -1 --pretty=format:'%an')" | ||
| - name: Get Head Commit Email | ||
| id: get_head_commit_email | ||
| run: echo "::set-output name=commit_email::$(git log -1 --pretty=format:'%ae')" | ||
| - name: Create Pull Request | ||
| id: cpr | ||
| uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 | ||
| with: | ||
| token: ${{ steps.app-token.outputs.token }} | ||
| branch: "update-deps-version-${{ github.event.pull_request.number }}" | ||
| delete-branch: true | ||
| sign-commits: true | ||
| signoff: true | ||
| author: Longhorn GitHub Bot <67932897+longhorn-io-github-bot@users.noreply.github.com> | ||
| committer: Longhorn GitHub Bot <67932897+longhorn-io-github-bot@users.noreply.github.com> | ||
| commit-message: "chore(chart): update dependency versions (PR longhorn/dep-versions#${{ github.event.pull_request.number}})" | ||
| title: "chore(chart): update dependency versions (PR longhorn/dep-versions#${{ github.event.pull_request.number}})" | ||
| body: | | ||
| This PR updates dependency versions. | ||
| It was triggered by longhorn/dep-versions#${{ github.event.pull_request.number}}. | ||
