Skip to content

Commit 5da705b

Browse files
afsmeiraafsmeira
committed
ci: Open tool version bump PR in codacy-tools for new tool version
1 parent 198a667 commit 5da705b

File tree

1 file changed

+104
-0
lines changed

1 file changed

+104
-0
lines changed

.github/workflows/codacy-tools-auto-bump.yaml

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
# Automatically create a PR to update the codacy-trivy tool in codacy-tools when there is a new version available.
2+
#
3+
# PRs are opened by user codacybeta (https://github.com/orgs/codacy/people/codacybeta), using its AUTO_MERGE_TOKEN.
4+
name: Bump codacy-trivy version in codacy-tools
5+
6+
on:
7+
push:
8+
tags:
9+
- '[0-9]+\.[0-9]+\.[0-9]+' # matches strict semver: 1.2.3
10+
11+
# ──────────────────────────────────────────────
12+
# CONFIGURATION
13+
# ──────────────────────────────────────────────
14+
env:
15+
DEPENDENCY_NAME: "codacy/codacy-trivy"
16+
TARGET_REPO: "codacy/codacy-tools"
17+
TARGET_REPO_BASE_BRANCH: "master"
18+
TARGET_REPO_DEPENDENCIES_FILE_PATH: "docker-list.txt"
19+
20+
permissions:
21+
contents: read
22+
23+
jobs:
24+
bump-dependency:
25+
runs-on: ubuntu-latest
26+
27+
steps:
28+
# ── 1. Clone the target repo ──────────────────
29+
- name: Checkout target repo
30+
uses: actions/checkout@v4
31+
with:
32+
repository: ${{ env.TARGET_REPO }}
33+
token: ${{ secrets.AUTO_MERGE_TOKEN }}
34+
ref: ${{ env.TARGET_REPO_BASE_BRANCH }}
35+
36+
# ── 2. Create a version bump branch ────────────────
37+
- name: Create version bump branch
38+
id: branch
39+
run: |
40+
BRANCH="auto-bump/${{ env.DEPENDENCY_NAME }}-${{ github.ref_name }}"
41+
git checkout -b "$BRANCH"
42+
echo "name=$BRANCH" >> "$GITHUB_OUTPUT"
43+
44+
# ── 3. Update the dependency version ──────────
45+
#
46+
# Assumes lines in docker-list.txt look like:
47+
# codacy/codacy-tool:1.2.3
48+
#
49+
- name: Bump ${{ env.DEPENDENCY_NAME }} version in ${{ env.TARGET_REPO_DEPENDENCIES_FILE_PATH }}
50+
env:
51+
NEW_VERSION: ${{ github.ref_name }}
52+
DEP_FILE: ${{ env.TARGET_REPO_DEPENDENCIES_FILE_PATH }}
53+
DEP: ${{ env.DEPENDENCY_NAME }}
54+
run: |
55+
echo "📦 Bumping $DEP to $NEW_VERSION in $DEP_FILE"
56+
57+
# Escape slashes in the dependency name for sed
58+
DEP_ESCAPED=$(echo "$DEP" | sed 's|/|\\/|g')
59+
60+
# Replace the version after the colon for the matching image
61+
sed -i -E "s|^(${DEP_ESCAPED}:)[0-9]+\.[0-9]+\.[0-9]+|\1${NEW_VERSION}|" "$DEP_FILE"
62+
63+
# Verify the change was made
64+
if git diff --quiet "$DEP_FILE"; then
65+
echo "❌ No changes made — is '$DEP' present in $DEP_FILE?"
66+
exit 1
67+
fi
68+
69+
echo ""
70+
echo "── diff ──"
71+
git diff "$DEP_FILE"
72+
73+
# ── 4. Commit & push ──────────────────────────
74+
- name: Commit and push
75+
run: |
76+
git config user.name "codacybeta"
77+
git config user.email "codacybeta@users.noreply.github.com"
78+
git add "${{ env.TARGET_REPO_DEPENDENCIES_FILE_PATH }}"
79+
git commit -m "bump: ${{ env.DEPENDENCY_NAME }} to ${{ github.ref_name }}"
80+
git push origin "${{ steps.branch.outputs.name }}"
81+
82+
# ── 5. Open the PR ──────────────────
83+
- name: Open PR
84+
env:
85+
GH_TOKEN: ${{ secrets.AUTO_MERGE_TOKEN }}
86+
run: |
87+
gh pr create \
88+
--repo "${{ env.TARGET_REPO }}" \
89+
--base "${{ env.TARGET_REPO_BASE_BRANCH }}" \
90+
--head "${{ steps.branch.outputs.name }}" \
91+
--title "bump: ${{ env.DEPENDENCY_NAME }} to ${{ github.ref_name }}" \
92+
--body "$(cat <<'EOF'
93+
## Dependency version bump
94+
95+
| Field | Value |
96+
|-------|-------|
97+
| **Tool** | ${{ env.DEPENDENCY_NAME }} |
98+
| **New version** | [${{ github.ref_name }}](${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}) |
99+
| **Triggered by** | ${{ github.actor }} |
100+
101+
---
102+
*Opened automatically by the [codacy-tools-auto-bump](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow.*
103+
EOF
104+
)"

0 commit comments

Comments
 (0)