Upgrade dependencies #102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upgrade dependencies | |
| on: | |
| workflow_dispatch: # Allow running on-demand | |
| schedule: | |
| # Every Monday at 8:00 UTC (4:00 Eastern) | |
| - cron: '0 8 * * 1' | |
| jobs: | |
| upgrade: | |
| name: Upgrade & Open Pull Request | |
| runs-on: sfdc-ubuntu-latest | |
| env: | |
| BRANCH_NAME: auto-dependency-upgrades | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # [Optional] Use a separate key to automatically execute checks on the resulting PR | |
| # https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs | |
| ssh-key: ${{ secrets.DEPLOY_KEY }} | |
| - uses: ./.github/setup-docker-compose | |
| - name: Upgrade JS dependencies | |
| run: > | |
| docker-compose run --no-deps web /bin/sh -c 'rm -f yarn.lock && chown | |
| -R $(whoami):$(whoami) . && npx --yes yarn-upgrade-all' | |
| - name: Upgrade Python dependencies | |
| run: > | |
| docker-compose run --no-deps web /bin/sh -c 'pip-compile --upgrade -o | |
| requirements/prod.txt requirements/prod.in && pip-compile --upgrade -o | |
| requirements/dev.txt requirements/dev.in' | |
| - name: Detect changes | |
| id: changes | |
| run: | |
| echo "::set-output name=count::$(git status --porcelain=v1 2>/dev/null | |
| | wc -l)" | |
| - name: Commit & push changes | |
| if: steps.changes.outputs.count > 0 | |
| run: | | |
| sudo chown -R $(whoami):$(whoami) .git | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| git add . | |
| git commit -m "Automated dependency upgrades" | |
| git push -f origin ${{ github.ref_name }}:$BRANCH_NAME | |
| - name: Open pull request if needed | |
| if: steps.changes.outputs.count > 0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| PR=$(gh pr list --head $BRANCH_NAME --json number -q '.[0].number') | |
| if [ -z $PR ]; then | |
| gh pr create \ | |
| --head $BRANCH_NAME \ | |
| --title "Automated dependency upgrades" \ | |
| --body "Full log: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| else | |
| echo "Pull request already exists, won't create a new one." | |
| fi |