blob: fff015d76eea8c3e3d9f327af76a694a183ec623 [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: merge-dependabot-reusable
on:
workflow_call:
inputs:
java-version:
description: The Java compiler version
default: 17
type: string
maven-args:
description: Additional Maven arguments
type: string
secrets:
GPG_SECRET_KEY:
description: GPG secret key for signing commits
required: true
env:
MAVEN_ARGS: ${{ inputs.maven-args }}
jobs:
merge-dependabot:
runs-on: ubuntu-latest
steps:
- name: Fetch metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # 2.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Find dependency attributes
shell: bash
env:
DEPENDENCY_NAMES: ${{ steps.dependabot-metadata.outputs.dependency-names }}
DEPENDENCY_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }}
run: |
DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAMES" | tr "," '\n' | head -n 1)
cat >> $GITHUB_ENV << EOF
DEPENDENCY_NAME=$DEPENDENCY_NAME
DEPENDENCY_VERSION=$DEPENDENCY_VERSION
EOF
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
with:
ref: ${{ steps.dependabot-metadata.outputs.target-branch }}
- name: Download and apply patch
shell: bash
env:
PATCH_URL: ${{ github.event.pull_request.patch_url }}
run: |
wget -O- "$PATCH_URL" | git apply
- name: Set up Java & GPG
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # 4.5.0
with:
distribution: zulu
java-version: ${{ inputs.java-version }}
cache: maven
server-id: apache.releases.https
server-username: NEXUS_USERNAME
server-password: NEXUS_PASSWORD
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
- name: Find the release version major
shell: bash
run: |
RELEASE_VERSION_MAJOR=$(./mvnw \
--non-recursive --quiet --batch-mode \
-DforceStdout=true \
-Dexpression=parsedVersion.majorVersion \
build-helper:parse-version help:evaluate \
| tail -n 1)
echo "RELEASE_VERSION_MAJOR=$RELEASE_VERSION_MAJOR" >> $GITHUB_ENV
- name: Create changelog entry
shell: bash
env:
PR_URL: ${{ github.event.pull_request.html_url }}
PR_ID: ${{ github.event.pull_request.number }}
run: |
if [ -d "src/changelog" ]; then
RELEASE_CHANGELOG_FILEPATH="src/changelog/.${RELEASE_VERSION_MAJOR}.x.x"
SAFE_DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAME" | tr "[:upper:]" "[:lower:]" | sed -r 's/[^a-z0-9]/_/g' | sed -r 's/_+/_/g')
CHANGELOG_ENTRY_FILEPATH="$RELEASE_CHANGELOG_FILEPATH/update_${SAFE_DEPENDENCY_NAME}.xml"
mkdir -p $(dirname "$CHANGELOG_ENTRY_FILEPATH")
cat > "$CHANGELOG_ENTRY_FILEPATH" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://logging.apache.org/xml/ns"
xsi:schemaLocation="https://logging.apache.org/xml/ns https://logging.apache.org/xml/ns/log4j-changelog-0.xsd"
type="updated">
<issue id="$PR_ID" link="$PR_URL"/>
<description format="asciidoc">Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\`</description>
</entry>
EOF
fi
- name: Add & commit changes
shell: bash
env:
PR_ID: ${{ github.event.pull_request.number }}
PR_BRANCH: ${{ github.head_ref }}
run: |
git add .
git config user.name "ASF Logging Services RM"
git config user.email private@logging.apache.org
git commit -S -a -m "Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\` (#$PR_ID)"
# Pushing the same commit to the Dependabot and main branch closes the PR
git push -f origin "HEAD:$PR_BRANCH"
# Allow for GitHub to realize that the PR branch changed
sleep 5
git push origin