Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Automate SDK version updates #608

Merged
merged 2 commits into from
Jan 9, 2023
Merged

CI: Automate SDK version updates #608

merged 2 commits into from
Jan 9, 2023

Conversation

timfish
Copy link
Collaborator

@timfish timfish commented Dec 18, 2022

Adds a workflow run every day which submits PRs if the JavaScript SDKs have had new releases.

@timfish timfish mentioned this pull request Dec 18, 2022
Closed
@timfish timfish force-pushed the ci/automate-sdk-update-prs branch from 4ef4861 to 3ffb831 Compare December 18, 2022 21:56
@timfish timfish self-assigned this Dec 30, 2022
lforst
lforst approved these changes Jan 6, 2023
View reviewed changes
Copy link
Member

@lforst lforst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

neat! :D

scripts/update-sdk-versions.mjs
import { join } from 'path';
import { fileURLToPath } from 'url';

const __dirname = fileURLToPath(new URL('.', import.meta.url));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

l: Should we rename this to just dirname so that __dirname isn't overloaded?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah can do.

I used __dirname here because this code is shimming it as it just doesn't exist in JavaScript modules.

.github/workflows/new-sdk-versions-pr.yml
- name: Update Versions
run: yarn update-sdk-versions
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I always wonder if it makes sense to just pin the exact version of actions just to lower the chance of supply chain attacks. Is there anything at risk in this repo?

Copy link
Collaborator Author

@timfish timfish Jan 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the only risk is it adding code that is missed in code review and makes it into a release.

We just need to treat PRs created by this like any other from an unknown contributor!

@timfish timfish merged commit a2b6cd7 into getsentry:master Jan 9, 2023
@timfish timfish deleted the ci/automate-sdk-update-prs branch January 9, 2023 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lforst lforst lforst approved these changes

Assignees

@timfish timfish

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timfish @lforst