2023-10-16 11:05:02 -04:00
|
|
|
name: Update locked rpms
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_dispatch:
|
|
|
|
schedule:
|
|
|
|
- cron: "0 8 * * 0" # every sunday at 8am
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
update-rpms:
|
|
|
|
runs-on: "ubuntu-22.04"
|
|
|
|
permissions:
|
|
|
|
id-token: write
|
|
|
|
contents: read
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2024-05-24 05:04:23 -04:00
|
|
|
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
|
2024-06-05 04:41:19 -04:00
|
|
|
with:
|
|
|
|
token: ${{ secrets.CI_COMMIT_PUSH_PR }}
|
2023-10-16 11:05:02 -04:00
|
|
|
|
|
|
|
- name: Assume AWS role to upload Bazel dependencies to S3
|
2024-02-21 09:29:06 -05:00
|
|
|
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
2023-10-16 11:05:02 -04:00
|
|
|
with:
|
|
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
|
|
|
|
aws-region: eu-central-1
|
|
|
|
|
|
|
|
- name: Setup bazel
|
|
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
|
|
|
|
|
|
- name: Update rpms
|
|
|
|
run: bazel run //image/mirror:update_packages
|
|
|
|
|
|
|
|
- name: Check if there are any changes
|
|
|
|
id: git-check
|
|
|
|
run: |
|
|
|
|
if git diff --quiet; then
|
|
|
|
echo "commitChanges=false" | tee -a "${GITHUB_OUTPUT}"
|
|
|
|
else
|
|
|
|
echo "commitChanges=true" | tee -a "${GITHUB_OUTPUT}"
|
|
|
|
fi
|
|
|
|
|
|
|
|
- name: Create pull request
|
2024-05-08 08:33:35 -04:00
|
|
|
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
2023-10-16 11:05:02 -04:00
|
|
|
with:
|
|
|
|
branch: "image/automated/update-rpms-${{ github.run_number }}"
|
|
|
|
base: main
|
|
|
|
title: "image: update locked rpms"
|
|
|
|
body: |
|
|
|
|
:robot: *This is an automated PR.* :robot:
|
|
|
|
|
|
|
|
The PR is triggered as part of the scheduled rpm update workflow.
|
|
|
|
It updates the locked rpm packages that form the Constellation OS images.
|
|
|
|
commit-message: "image: update locked rpms"
|
|
|
|
committer: edgelessci <edgelessci@users.noreply.github.com>
|
2024-06-05 04:41:19 -04:00
|
|
|
author: edgelessci <edgelessci@users.noreply.github.com>
|
2023-10-17 03:46:37 -04:00
|
|
|
labels: dependencies
|
2023-10-16 11:05:02 -04:00
|
|
|
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
|
|
|
|
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
|