Automatic Updates #1063
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automatic Updates | |
on: | |
schedule: | |
- cron: 0 0 * * * | |
workflow_dispatch: | |
defaults: | |
run: | |
shell: 'bash -Eeuo pipefail -x {0}' | |
jobs: | |
build: | |
name: Run update script | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.REPO_GHA_PAT }} | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Run update script | |
uses: nick-fields/retry@v3 | |
with: | |
timeout_minutes: 15 | |
max_attempts: 3 | |
command: | | |
# pip-tools provides pip-compile used by update.sh | |
pip3 install --upgrade pip-tools pip | |
export PATH=$HOME/.local/bin:$PATH | |
echo "Updating Debian bullseye images" | |
./Debian/update.sh -d bullseye | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Run update script | |
uses: nick-fields/retry@v3 | |
with: | |
timeout_minutes: 15 | |
max_attempts: 3 | |
command: | | |
# pip-tools provides pip-compile used by update.sh | |
pip3 install --upgrade pip-tools pip | |
export PATH=$HOME/.local/bin:$PATH | |
echo "Updating Debian bookworm images" | |
./Debian/update.sh -d bookworm | |
- name: Diff | |
run: | | |
git status | |
git diff | |
- name: Temporarily disable "include administrators" branch protection | |
if: ${{ always() && github.ref == 'refs/heads/main' }} | |
id: disable_include_admins | |
uses: benjefferies/branch-protection-bot@v1.1.2 | |
with: | |
access_token: ${{ secrets.REPO_GHA_PAT }} | |
branch: main | |
enforce_admins: false | |
- uses: EndBug/add-and-commit@v9 | |
with: | |
author_name: CloudNativePG Automated Updates | |
author_email: noreply@cnpg.com | |
message: 'Daily automatic update' | |
- name: Enable "include administrators" branch protection | |
uses: benjefferies/branch-protection-bot@v1.1.2 | |
if: ${{ always() && github.ref == 'refs/heads/main' }} | |
with: | |
access_token: ${{ secrets.REPO_GHA_PAT }} | |
branch: main | |
enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }} |