|
| 1 | +name: Update RPM Lockfile |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + schedule: |
| 6 | + # Run at 3AM UTC every Monday |
| 7 | + - cron: '0 3 * * 1' |
| 8 | + push: |
| 9 | + branches: |
| 10 | + - main |
| 11 | + - release-1.** |
| 12 | + paths: |
| 13 | + - 'rpms.in.yaml' |
| 14 | + - '.rhdh/docker/Dockerfile' |
| 15 | +permissions: |
| 16 | + contents: write |
| 17 | + pull-requests: write |
| 18 | + |
| 19 | +env: |
| 20 | + DOCKERFILE_PATH: .rhdh/docker/Dockerfile |
| 21 | +jobs: |
| 22 | + update-lockfile: |
| 23 | + runs-on: ubuntu-latest |
| 24 | + steps: |
| 25 | + - name: Checkout repository |
| 26 | + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # 4.3.0 |
| 27 | + with: |
| 28 | + fetch-depth: 0 |
| 29 | + |
| 30 | + - name: Check if hermetic Dockerfile exists |
| 31 | + run: | |
| 32 | + if [ ! -f "${{ env.DOCKERFILE_PATH }}" ]; then |
| 33 | + echo "Error: ${{ env.DOCKERFILE_PATH }} not found!" |
| 34 | + exit 1 |
| 35 | + fi |
| 36 | + - name: Configure Git |
| 37 | + run: | |
| 38 | + git config --global user.name "rhdh-bot" |
| 39 | + git config --global user.email "[email protected]" |
| 40 | +
|
| 41 | + - name: Install rpm-lockfile-prototype |
| 42 | + run: | |
| 43 | + if [[ ! -x "${HOME}/.local/bin/rpm-lockfile-prototype" ]]; then |
| 44 | + echo "Installing rpm-lockfile-prototype ..." |
| 45 | +
|
| 46 | + sudo apt-get update |
| 47 | + sudo apt-get install -y python3 python3-pip python3-dev build-essential |
| 48 | + sudo apt-get install -y podman skopeo rpm |
| 49 | + sudo apt-get install -y dnf python3-dnf |
| 50 | + |
| 51 | + mkdir -p "${HOME}/.local/bin/" |
| 52 | + python3 -m pip install --user https://github.com/konflux-ci/rpm-lockfile-prototype/archive/refs/heads/main.zip |
| 53 | + |
| 54 | + # Update PATH |
| 55 | + export PATH=${PATH%":${HOME}/.local/bin"}:${HOME}/.local/bin |
| 56 | + echo "${HOME}/.local/bin" >> $GITHUB_PATH |
| 57 | + else |
| 58 | + echo "rpm-lockfile-prototype already installed" |
| 59 | + fi |
| 60 | + - name: Run rpm-lockfile-prototype |
| 61 | + run: | |
| 62 | + echo "Running '${HOME}/.local/bin/rpm-lockfile-prototype -f ${{ env.DOCKERFILE_PATH }} rpms.in.yaml' in $(pwd)" |
| 63 | +
|
| 64 | + - name: Check for lockfile changes |
| 65 | + id: check-lockfile-changes |
| 66 | + run: | |
| 67 | + if git diff --quiet rpms.lock.yaml; then |
| 68 | + echo "No changes to rpms.lock.yaml detected, skipping PR creation" |
| 69 | + echo "changes=false" >> $GITHUB_OUTPUT |
| 70 | + else |
| 71 | + echo "Changes detected in rpms.lock.yaml, creating PR" |
| 72 | + echo "changes=true" >> $GITHUB_OUTPUT |
| 73 | + fi |
| 74 | +
|
| 75 | + - name: Create Pull Request |
| 76 | + id: create-pull-request |
| 77 | + if: steps.check-lockfile-changes.outputs.changes == 'true' |
| 78 | + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 |
| 79 | + with: |
| 80 | + token: ${{ secrets.GITHUB_TOKEN }} |
| 81 | + commit-message: "chore: update rpms.lock.yaml" |
| 82 | + title: "chore: update RPM lockfile" |
| 83 | + body: | |
| 84 | + ## Description |
| 85 | + |
| 86 | + This PR updates the `rpms.lock.yaml` file with the latest package versions based on current `rpms.in.yaml` configuration using `${{ env.DOCKERFILE_PATH }}` as the base container context |
| 87 | + |
| 88 | + This PR was automatically created by the [Update RPM Lockfile GitHub Action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). |
| 89 | + branch: update-rpm-lockfile |
| 90 | + delete-branch: true |
| 91 | + draft: false |
| 92 | + sign-commits: true |
| 93 | + labels: | |
| 94 | + lgtm |
| 95 | + approved |
| 96 | + add-paths: | |
| 97 | + rpms.lock.yaml |
| 98 | +
|
| 99 | + - name: Summary |
| 100 | + run: | |
| 101 | + if [ "${{ steps.check-lockfile-changes.outputs.changes }}" == "true" ]; then |
| 102 | + echo "✅ RPM lockfile updated and created PR: ${{ steps.create-pull-request.outputs.pull-request-url }}" |
| 103 | + else |
| 104 | + echo "🚫 No changes detected in RPM lockfile" |
| 105 | + fi |
0 commit comments