Skip to content

Commit 07a543a

Browse files
fix(ci): Fix Update Ubutu Deps Workflow (#764)
* Fix update-deps workflow: - fixes permission of update-ubuntu-deps workflow - fix incorrect buildkit version bump for ubuntu-deps - fix update-container-runtime fetching nerdctl rc tags Signed-off-by: Swapnanil-Gupta <[email protected]> * run update-deps workflow on PR Signed-off-by: Swapnanil-Gupta <[email protected]> --------- Signed-off-by: Swapnanil-Gupta <[email protected]>
1 parent decaddc commit 07a543a

File tree

3 files changed

+37
-26
lines changed

3 files changed

+37
-26
lines changed

.github/workflows/update-dependencies.yaml

Lines changed: 23 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
name: Update dependencies
2+
23
on:
34
schedule:
45
- cron: '0 11 * * 2'
@@ -8,6 +9,15 @@ on:
89
type: string
910
description: The tag of nerdctl full archive to update
1011
required: false
12+
pull_request:
13+
branches:
14+
- main
15+
paths:
16+
- .github/workflows/update-dependencies.yaml
17+
- .github/workflows/update-ubuntu-dependencies.yaml
18+
- bin/update-lima-bundles.sh
19+
- bin/update-container-runtime-full-archive.sh
20+
- bin/update-debian-dependencies.sh
1121

1222
permissions:
1323
contents: read
@@ -44,6 +54,7 @@ jobs:
4454
run: bash bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
4555

4656
- name: create PR
57+
if: github.event_name != 'pull_request'
4758
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
4859
with:
4960
# A Personal Access Token instead of the default `GITHUB_TOKEN` is required
@@ -62,13 +73,6 @@ jobs:
6273
tag: ${{ steps.fetch-tag.outputs.tag }}
6374

6475
steps:
65-
- name: Checkout nerdctl
66-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
67-
with:
68-
repository: containerd/nerdctl
69-
fetch-depth: 0
70-
fetch-tags: true
71-
7276
- name: Fetch tag for latest release
7377
id: fetch-tag
7478
env:
@@ -78,7 +82,12 @@ jobs:
7882
echo "tag=$OVERRIDE_TAG" >> $GITHUB_OUTPUT
7983
echo "Override tag: $OVERRIDE_TAG"
8084
else
81-
latest_tag="$(git tag --sort=-version:refname | head -n 1)"
85+
latest_tag="$(\
86+
curl -s "https://api.github.com/repos/containerd/nerdctl/releases/latest" | \
87+
grep '"tag_name":' | \
88+
head -1 | \
89+
cut -d'"' -f4 \
90+
)"
8291
echo "tag=$latest_tag" >> $GITHUB_OUTPUT
8392
echo "Latest tag is ${latest_tag}"
8493
fi
@@ -102,6 +111,7 @@ jobs:
102111
run: bash bin/update-container-runtime-full-archive.sh -t "${{ env.NERDCTL_TAG }}"
103112

104113
- name: Create PR
114+
if: github.event_name != 'pull_request'
105115
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
106116
with:
107117
token: ${{ secrets.GITHUB_TOKEN }}
@@ -119,4 +129,9 @@ jobs:
119129
and reopened manually to trigger automated checks.
120130
121131
update-ubuntu-dependencies:
132+
# Add permissions needed to create a PR
133+
permissions:
134+
contents: write
135+
pull-requests: write
136+
122137
uses: ./.github/workflows/update-ubuntu-dependencies.yaml

.github/workflows/update-ubuntu-dependencies.yaml

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,7 @@ name: update-ubuntu-dependencies
22

33
on:
44
workflow_call:
5-
6-
# Add permissions needed to create a PR
7-
permissions:
8-
contents: write
9-
pull-requests: write
5+
workflow_dispatch:
106

117
jobs:
128
update-dependencies-and-create-pr:
@@ -37,7 +33,7 @@ jobs:
3733
fi
3834
3935
- name: Create or update PR
40-
if: steps.changes.outputs.changed == 'true'
36+
if: github.event_name != 'pull_request' && steps.changes.outputs.changed == 'true'
4137
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
4238
with:
4339
token: ${{ secrets.GITHUB_TOKEN }}

bin/update-debian-dependencies.sh

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,14 @@ NERDCTL_LATEST=$(get_latest_tag "containerd/nerdctl")
9898
NERDCTL_COMMIT=$(get_commit_for_tag "containerd/nerdctl" "$NERDCTL_LATEST")
9999
update_dependency "NERDCTL" "$NERDCTL_LATEST" "$NERDCTL_COMMIT"
100100

101+
# Get nerdctl dockerfile content
102+
echo "Getting nerdctl dockerfile content..."
103+
NERDCTL_DOCKERFILE=$(get_nerdctl_dockerfile "$NERDCTL_LATEST")
104+
105+
# Get BuildKit version from nerdctl Dockerfile
106+
echo "Getting BuildKit version from nerdctl Dockerfile..."
107+
BUILDKIT_VERSION=$(get_buildkit_version "$NERDCTL_DOCKERFILE")
108+
101109
# Update buildkit with version from nerdctl
102110
echo "Updating buildkit to version $BUILDKIT_VERSION..."
103111
BUILDKIT_COMMIT=$(get_commit_for_tag "moby/buildkit" "$BUILDKIT_VERSION")
@@ -109,24 +117,16 @@ SOCI_LATEST=$(get_latest_tag "awslabs/soci-snapshotter")
109117
SOCI_COMMIT=$(get_commit_for_tag "awslabs/soci-snapshotter" "$SOCI_LATEST")
110118
update_dependency "SOCI" "$SOCI_LATEST" "$SOCI_COMMIT"
111119

112-
# Get nerdctl dockerfile content
113-
echo "Getting nerdctl dockerfile content..."
114-
NERDCTL_DOCKERFILE=$(get_nerdctl_dockerfile "$NERDCTL_LATEST")
115-
116-
# Get BuildKit version from nerdctl Dockerfile
117-
echo "Getting BuildKit version from nerdctl Dockerfile..."
118-
BUILDKIT_VERSION=$(get_buildkit_version "$NERDCTL_DOCKERFILE")
119-
120-
# Get Cosign version from nerdctl Dockerfile
121-
echo "Getting Cosign version from nerdctl Dockerfile..."
122-
COSIGN_VERSION=$(get_cosign_version "$NERDCTL_DOCKERFILE")
123-
124120
# Update CNI plugins
125121
echo "Updating CNI plugins..."
126122
CNI_LATEST=$(get_cni_plugin_version "$NERDCTL_DOCKERFILE")
127123
CNI_COMMIT=$(get_commit_for_tag "containernetworking/plugins" "$CNI_LATEST")
128124
update_dependency "CNI" "$CNI_LATEST" "$CNI_COMMIT"
129125

126+
# Get Cosign version from nerdctl Dockerfile
127+
echo "Getting Cosign version from nerdctl Dockerfile..."
128+
COSIGN_VERSION=$(get_cosign_version "$NERDCTL_DOCKERFILE")
129+
130130
# Update cosign with version from nerdctl
131131
echo "Updating cosign to version $COSIGN_VERSION..."
132132
if [ -n "$COSIGN_VERSION" ]; then

0 commit comments

Comments
 (0)