auto release dependency updates

Caleb Lloyd · Caleb Lloyd · commit c3771a40ac63 · 2024-04-09T11:46:21.000-04:00
Signed-off-by: Caleb Lloyd &lt;caleb@synadia.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,6 +6,10 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: docker
+    directory: /cicd
+    schedule:
+      interval: daily
 
   # version updates: disabled
   # security updates: enabled
diff --git a/.github/workflows/deps-release-detect.yaml b/.github/workflows/deps-release-detect.yaml
@@ -0,0 +1,85 @@
+name: Deps Release
+
+on: 'pull_request'
+
+permissions:
+  contents: write
+
+jobs:
+  detect:
+    name: Detect
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+          git checkout -b "$GITHUB_HEAD_REF"
+
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      
+      - name: Install semver
+        run: |-
+          npm install -g semver
+
+      - name: Bump
+        run: |-
+          set -e
+          push=0
+          config='[
+            {
+              "directory": "cicd",
+              "dependencyName": "alpine"
+            }
+          ]'
+
+          deps='${{ steps.dependabot-metadata.outputs.updated-dependencies-json }}'
+
+          for i in $(seq 0 "$(("$(echo "$config" | jq length) - 1"))"); do
+            directory="$(echo "$config" | jq -r ".[$i].directory")"
+            dependencyName="$(echo "$config" | jq -r ".[$i].dependencyName")"
+            match="$(echo "$deps" | jq ".[] | select(.directory == \"/$directory\" and .dependencyName == \"$dependencyName\")")"
+            if [ -z "$match" ]; then
+              continue
+            fi
+
+            updateType="$(echo "$match" | jq -r ".updateType")"
+            prevVersion="$(echo "$match" | jq -r ".prevVersion")"
+            newVersion="$(echo "$match" | jq -r ".newVersion")"
+
+            echo "directory        : $directory"
+            echo "dependencyName   : $dependencyName"
+            echo "updateType       : $updateType"
+            echo "prevVersion      : $prevVersion"
+            echo "newVersion       : $newVersion"
+
+            tag_deps_version="$(git ls-remote 2>/dev/null \
+              | grep -oE 'refs/tags/v[0-9]+\.[0-9]+\.[0-9]+' \
+              | cut -d'/' -f3 \
+              | xargs semver \
+              | tail -n 1 \
+              | xargs semver -i patch)"
+              
+            echo "$tag_deps_version" > ./cicd/tag-base-version.txt
+            git add ./cicd/tag-base-version.txt
+            if git commit -m "bump dependency release to $tag_deps_version"; then
+              push=1
+            fi
+          done
+
+          if [ "$push" = "1" ]; then
+            git push -u origin "$GITHUB_HEAD_REF"
+          fi
diff --git a/.github/workflows/deps-release-tag.yaml b/.github/workflows/deps-release-tag.yaml
@@ -0,0 +1,37 @@
+name: Deps Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  tag:
+    name: Tag
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - id: tag
+        name: Determine tag
+        run: |
+          version="$(head -n 1 ./cicd/tag_deps_version.txt)"
+          ref_name="v$version"
+          create=true
+          if [ "$(git ls-remote origin "refs/tags/$ref_name" | wc -l)" = "1" ]; then
+            create=false
+          fi
+
+          echo "version=$version" | tee -a "$GITHUB_OUTPUT"
+          echo "ref-name=$ref_name" | tee -a "$GITHUB_OUTPUT"
+          echo "create=$create" | tee -a "$GITHUB_OUTPUT"
+
+      - if: ${{ fromJSON(steps.tag.outputs.create) }}
+        name: Tag
+        run: |
+          git tag "${{ steps.tag.outputs.ref-name }}"
+          git push origin "${{ steps.tag.outputs.ref-name }}"
diff --git a/cicd/Dockerfile b/cicd/Dockerfile
@@ -1,7 +1,7 @@
 #syntax=docker/dockerfile-upstream:1.5
 ARG GO_APP
 
-FROM alpine:3.19 as deps
+FROM alpine:3.19.0 as deps
 
 ARG GO_APP
 ARG GORELEASER_DIST_DIR=/go/src/dist
@@ -28,7 +28,7 @@ RUN <<EOT
   cp ${BIN_PATH} /go/bin
 EOT
 
-FROM alpine:3.19
+FROM alpine:3.19.0
 
 ARG GO_APP
 ENV GO_APP ${GO_APP}
diff --git a/cicd/tag_deps_version.txt b/cicd/tag_deps_version.txt
@@ -0,0 +1 @@
+0.14.1
