Watch dependencies #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a GitHub workflow defining a set of jobs with a set of steps. | |
# ref: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# | |
# - Watch multiple images tags referenced in values.yaml to match the latest | |
# stable image tag (ignoring pre-releases). | |
# - Refreeze helm-chart/images/binderhub/requirements.txt based on | |
# helm-chart/images/binderhub/requirements.in | |
# | |
name: Watch dependencies | |
on: | |
pull_request: | |
paths: | |
- ".github/workflows/watch-dependencies.yaml" | |
push: | |
paths: | |
- "helm-chart/images/*/requirements.in" | |
- ".github/workflows/watch-dependencies.yaml" | |
branches: ["main"] | |
schedule: | |
# Run at 05:00 on day-of-month 1, ref: https://crontab.guru/#0_5_1_*_* | |
- cron: "0 5 1 * *" | |
workflow_dispatch: | |
jobs: | |
update-image-dependencies: | |
# Don't run this job on forks | |
if: github.repository == 'jupyterhub/binderhub' | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: docker | |
registry: docker.io | |
repository: library/docker | |
values_path: dind.daemonset.image.tag | |
tag_prefix: "" | |
tag_suffix: -dind | |
- name: podman | |
registry: quay.io | |
repository: podman/stable | |
values_path: pink.daemonset.image.tag | |
tag_prefix: v | |
tag_suffix: "" | |
# FIXME: After docker-image-cleaner 1.0.0 is released, we can enable | |
# this. So far, there isn't any available stable release, and | |
# due to that our regexp fails to match anything at all. | |
# | |
# - name: docker-image-cleaner | |
# registry: quay.io | |
# repository: jupyterhub/docker-image-cleaner | |
# values_path: imageCleaner.image.tag | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get values.yaml pinned tag of ${{ matrix.registry }}/${{ matrix.repository }} | |
id: local | |
run: | | |
local_tag=$(cat helm-chart/binderhub/values.yaml | yq e '.${{ matrix.values_path }}' -) | |
echo "tag=$local_tag" >> $GITHUB_OUTPUT | |
- name: Get latest tag of ${{ matrix.registry }}/${{ matrix.repository }} | |
id: latest | |
# The skopeo image helps us list tags consistently from different docker | |
# registries. We identify the latest docker image tag based on the | |
# version numbers of format x.y.z included in a pattern with an optional | |
# prefix and suffix, like the tags "v4.5.0" (v prefix) and "23.0.4-dind" | |
# (-dind suffix). | |
run: | | |
latest_tag=$( | |
docker run --rm quay.io/skopeo/stable list-tags docker://${{ matrix.registry }}/${{ matrix.repository }} \ | |
| jq -r '[.Tags[] | select(. | match("^${{ matrix.tag_prefix }}\\d+\\.\\d+\\.\\d+${{ matrix.tag_suffix }}$") | .string)] | sort_by(split(".") | map(ltrimstr("${{ matrix.tag_prefix }}") | rtrimstr("${{ matrix.tag_suffix }}") | tonumber)) | last' | |
) | |
echo "tag=$latest_tag" >> $GITHUB_OUTPUT | |
- name: Update values.yaml pinned tag | |
run: | | |
sed --in-place 's/tag: "${{ steps.local.outputs.tag }}"/tag: "${{ steps.latest.outputs.tag }}"/g' helm-chart/binderhub/values.yaml | |
- name: git diff | |
run: git --no-pager diff --color=always | |
# ref: https://github.com/peter-evans/create-pull-request | |
- name: Create a PR | |
if: github.event_name != 'pull_request' | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
token: "${{ secrets.jupyterhub_bot_pat }}" | |
author: JupterHub Bot Account <[email protected]> | |
committer: JupterHub Bot Account <[email protected]> | |
branch: update-image-${{ matrix.name }} | |
labels: maintenance,dependencies | |
commit-message: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} | |
title: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} | |
body: >- | |
A new ${{ matrix.repository }} image version has been detected, version | |
`${{ steps.latest.outputs.tag }}`. | |
refreeze-dockerfile-requirements-txt: | |
# Don't run this job on forks, but also not on the daily schedule to reduce | |
# noise. If we could run this weekly that would be reasonable, but updating | |
# these dependencies every day is too much noise. | |
# | |
if: github.repository == 'jupyterhub/binderhub' && github.event_name != 'schedule' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Refreeze helm-chart/images/binderhub/requirements.txt based on requirements.in | |
run: ci/refreeze | |
- name: git diff | |
run: git --no-pager diff --color=always | |
# ref: https://github.com/peter-evans/create-pull-request | |
- name: Create a PR | |
if: github.event_name != 'pull_request' | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
token: "${{ secrets.jupyterhub_bot_pat }}" | |
author: JupyterHub Bot Account <[email protected]> | |
committer: JupyterHub Bot Account <[email protected]> | |
branch: update-image-requirements | |
labels: dependencies | |
commit-message: "binderhub image: refreeze requirements.txt" | |
title: "binderhub image: refreeze requirements.txt" | |
body: >- | |
The binderhub image's requirements.txt has been refrozen based on | |
requirements.in. |