chore(ci): Add update workflow (#9)

* chore: Add .dockerignore Signed-off-by: Erik Swanson <erik@retailnext.net> * chore(ci): Add update workflow It doesn't look like we can rely on Renovate to run pip-compile, so run it ourselves in a cron action. * Disable Renovate's Python managers to avoid conflicts. Signed-off-by: Erik Swanson <erik@retailnext.net> --------- Signed-off-by: Erik Swanson <erik@retailnext.net>
retailnext · Jun 12, 2023 · 1c830a3 · 1c830a3
1 parent 6de2842
commit 1c830a3
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 16 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+/**
+!/requirements.txt
diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
@@ -0,0 +1,68 @@
+---
+name: Update
+on:
+  schedule:
+    - cron: '*/30 * * * *'
+permissions:
+  contents: write
+  pull-requests: write
+env:
+  IMAGE: "ghcr.io/${{ github.repository }}"
+jobs:
+  update:
+    name: Update
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Update requirements
+        id: update
+        run: |
+          docker create --name=pip-compile \
+          --entrypoint /bin/sh \
+          --interactive \
+          --user root \
+          --workdir /tmp \
+          $IMAGE
+          
+          docker cp requirements.in pip-compile:/tmp/
+          
+          docker start --attach --interactive pip-compile < ci/pip-compile.sh
+          
+          docker cp pip-compile:/tmp/requirements.txt .
+          
+          docker rm -f pip-compile
+          
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changes=Y" >> "$GITHUB_OUTPUT";
+          else
+            echo "changes=N" >> "$GITHUB_OUTPUT";
+          fi
+      - name: Generate Token
+        id: generate-token
+        uses: tibdex/github-app-token@v1
+        if: ${{ steps.update.output.changes == 'Y' }}
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Create Pull Request
+        id: create-pull-request
+        uses: peter-evans/create-pull-request@v5
+        if: ${{ steps.update.output.changes == 'Y' }}
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          add-paths: |
+            requirements.txt
+          base: main
+          branch: update/requirements
+          delete-branch: true
+          branch-suffix: short-commit-hash
+          commit-message: |
+            chore(deps): Update requirements.txt
+          signoff: true
+          labels: |
+            dependencies
+      - name: Enable Auto-Merge
+        if: ${{ steps.update.output.changes == 'Y' && steps.create-pull-request.outputs.pull-request-number }}
+        run: |
+          gh pr merge --auto --squash "${{ steps.create-pull-request.outputs.pull-request-number }}"
diff --git a/ci/pip-compile.sh b/ci/pip-compile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+set -eu
+/usr/local/bin/pip install --disable-pip-version-check pip-tools
+/usr/local/bin/pip-compile requirements.in
diff --git a/renovate.json b/renovate.json
@@ -1,21 +1,13 @@
 {
   "extends": [
-    "config:base"
+    "config:base",
+    ":automergeAll",
+    ":gitSignOff",
+    ":semanticCommits",
+    "docker:pinDigests"
   ],
-  "automerge": true,
-  "constraints": {
-    "python": "~=3.9.2"
-  },
-  "lockFileMaintenance": {
-    "enabled": true
-  },
-  "pip-compile": {
-    "fileMatch": [
-      "(^|/)requirements\\.in$"
-    ]
-  },
-  "pip_requirements": {
+  "platformAutomerge": true,
+  "python": {
     "enabled": false
-  },
-  "platformAutomerge": true
+  }
 }