actions: Create workflow to update shell tools via auto-PR #6922
Conversation
ColorfulRhino
requested review from
igorpecovnik,
rpardini and
hzyitc
as code owners
github-actions
bot
added
size/medium
rpardini
force-pushed
the
actions-update-tools
branch
from
219a5f6 to
4c08750
Compare
|
Very interesting and useful. We might even take this further in the future and bump things like kernel -rc's, etc... |
Yes, this can be added as well as a comparison if the version from the Like any PR this auto-PR should be reviewed and in case of things like ORAS tested if it does not break anything of course 😄
This should be possible with some workarounds since kernel is hosted also on GitHub (including RC tags), but doesn't have a |
ORAS bump is special in this case. Not only ORAS, but the OCI spec itself has changed. Testing is complex, because there's two moments where ORAS is involved:
I tried to bump to ORAS 1.2.y (since that brings a prebuilt riscv64 bin, and I wanted to enable folks to build on riscv64, not only for riscv64) and faced those challenges, only realizing after a while it was the combo of 1 and 2 above that caused troubles. So a coordinated "change ORAS and force a rebuild/reupload of all artifacts" might be needed. Either way this is unrelated to this PR, which is about sending us automated PR to bump versions. I'd say merge, lets try it out -- it might become a nuisance, eg, "we can't bump ORAS, stop sending us PR's!" but fix-it-when-it-see-it-actually-happening? |
Some of our scripts download tools from a repo. These can't be bumped by dependabot, so this workflow is a self-created dependabot to bump versions of those tools to stay up-to-date. This workflow only creates a PR if the version was actually updated. Tools currently supported: - Shellcheck (in 2 different files) - Shellfmt - oci-oras - Bat
rpardini
force-pushed
the
actions-update-tools
branch
from
4c08750 to
b995e89
Compare
Ah, interesting! I assume this is only the case because the switch would be from 0.x to 1.x? According to semver specs, only major versions can introduce breaking functionalities.
This is probably doable if we don't need to do this every few weeks I guess 😄 |
|
BTW. Doku for actions - in case needed: Incoming updates: |
igorpecovnik
added
Ready to merge
Description
I'm sorry, I have created a monster 🧌
But this happens when you create a monster by embedding dependency versions inside shell script files 😅
This workflow is carefully crafted though and works surprisingly well imo :)
Some of our scripts download tools from a repo. These can't be bumped by dependabot, so this workflow is a self-created dependabot to bump versions of those tools to stay up-to-date. This workflow only creates a PR if the version was actually updated.
Tools currently supported:
This will only run once a month since the tools we use are usually not updated frequently. Maybe every two weeks/twice a month would also be fine? Let me know.
How Has This Been Tested?
lib/functions/general/oci-oras.shColorfulRhino/build#8Checklist: