Skip to content

update_pip

update_pip #80

Workflow file for this run

# This workflow will automatically update the bundled pip and
# will create and update PRs in a similar way to dependabot.
#
# Notes:
# * If someone force pushes the main branch at around the same time as the scheduled run,
# it the run will probably fail with obscure errors.
# * I suspects this is true for non-forced push commits too.
name: update_pip
on:
schedule:
- cron: '0 0 * * 0' # Run at midnight UTC only on sunday
workflow_dispatch:
permissions:
pull-requests: write
contents: write
jobs:
update:
name: update
runs-on: ubuntu-latest
# Don't run on forks
if: github.repository == 'JeanChristopheMorinPerso/rez-pip'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Check if pip is up-to-date and download if not
run: |
set -e
error_code=0
git fetch origin __update_pip__ > /dev/null 2>&1 || error_code=$?
if [[ $error_code -eq 0 ]]; then
echo 'Switching to __update_pip__ branch'
set -x
git switch __update_pip__
git pull origin __update_pip__
else
echo 'Branch __update_pip__ does not exists'
fi
set -x
pipx run nox -s download_pip
if [[ $error_code -eq 0 ]]; then
git switch -
fi
id: download_pip
- name: Confirm step outputs
run: |
set -e
if [[ '${{ steps.download_pip.outputs.downloaded-pip-path }}' == '' ]]; then
echo 'steps.download_pip.outputs.downloaded-pip-path is empty!'
exit 1
fi
if [[ '${{ steps.download_pip.outputs.previous-pip-version }}' == '' ]]; then
echo 'steps.download_pip.outputs.previous-pip-version is empty!'
exit 1
fi
- name: Get __update_pip__ PR number
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
id: get-pull-request-number
env:
GH_TOKEN: ${{ github.token }}
run: |
set -ex
number=$(gh pr list --app rez-pip-update-bot --limit 1 --head __update_pip__ --json number --jq '.[].number')
echo "number=${number}" >> $GITHUB_OUTPUT
- uses: actions/setup-node@v3
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
with:
node-version: 16
- name: Install JS deps
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
run: npm install @octokit/auth-app @actions/github @octokit/request
- name: Get token
id: auth-token
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
uses: actions/github-script@v6
env:
GH_BOT_APP_ID: ${{ secrets.GH_BOT_APP_ID }}
GH_BOT_PRIVATE_KEY: ${{ secrets.GH_BOT_PRIVATE_KEY }}
with:
result-encoding: string
script: |
const authAppMod = require('@octokit/auth-app');
const githubMod = require('@actions/github');
const requestMod = require('@octokit/request');
const appId = process.env.GH_BOT_APP_ID;
core.setSecret(appId);
const privateKey = process.env.GH_BOT_PRIVATE_KEY;
core.setSecret(privateKey);
console.log('Creating app object');
const appAuth = authAppMod.createAppAuth({
appId,
privateKey,
request: requestMod.request.defaults({
baseUrl: 'https://api/github.com',
}),
});
console.log('Creating auth app');
const accessToken = await appAuth({ type: 'app' });
console.log('Creating octokit client');
const octokit = githubMod.getOctokit(accessToken.token);
console.log('Fetching installation ID');
const { data: { id: installationId } } = await octokit.rest.apps.getRepoInstallation({
owner: context.repo.owner,
repo: context.repo.repo,
});
console.log('Creating installation access token');
const { data: installation } = await octokit.rest.apps.createInstallationAccessToken({
installation_id: installationId,
});
core.setSecret(installation.token);
core.info('Token generated successfully!');
return installation.token;
- name: Create commit
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
run: |
set -ex
if [ -z ${{ steps.get-pull-request-number.outputs.number }} ]; then
echo 'Creating branch named __update_pip__'
git switch -c __update_pip__
else
echo '__update_pip__ already exists. Re-using it'
git fetch origin __update_pip__
git switch __update_pip__
fi
cp -v ${{ steps.download_pip.outputs.downloaded-pip-path }} src/rez_pip/data/pip.pyz
git add src/rez_pip/data/pip.pyz
# https://stackoverflow.com/a/74071223
git config user.name 'rez-pip-update-bot[bot]'
# 133434221 comes from https://api.github.com/users/rez-pip-update-bot[bot]
git config user.email '133434221+rez-pip-update-bot[bot]@users.noreply.github.com'
git commit --signoff -m 'Update pip from ${{ steps.download_pip.outputs.previous-pip-version }} to ${{ steps.download_pip.outputs.new-pip-version }}'
git push origin __update_pip__
- name: PR
if: steps.download_pip.outputs.downloaded-pip-path != 'none'
env:
GH_TOKEN: ${{ steps.auth-token.outputs.result }}
run: |
set -e
version=$(echo '${{ steps.download_pip.outputs.new-pip-version }}' | sed 's/\./-/g')
title='Update pip to ${{ steps.download_pip.outputs.new-pip-version }}'
cat << EOF > $RUNNER_TEMP/pr_body
Update pip from ${{ steps.download_pip.outputs.previous-pip-version }} to ${{ steps.download_pip.outputs.new-pip-version }}.
Changelog: https://pip.pypa.io/en/stable/news/#v${version}.
---
_This PR was created by the [rez-pip-update-bot](https://github.com/apps/rez-pip-update-bot) bot and the workflow located at [.github/workflows/update_pip.yaml](../blob/main/.github/workflows/update_pip.yaml)_
EOF
if [[ '${{ steps.get-pull-request-number.outputs.number }}' != '' ]]; then
echo 'Updating PR #${{ steps.get-pull-request-number.outputs.number }}'
set -x
gh pr edit ${{ steps.get-pull-request-number.outputs.number }} \
--title "${title}" \
--body-file $RUNNER_TEMP/pr_body
else
echo 'Creating new PR'
set -x
gh pr create \
--base main \
--head __update_pip__ \
--title "${title}" \
--body-file $RUNNER_TEMP/pr_body \
--label 'pip-update'
fi