name: Monthly Dependency Updates via OpenRewrite run-name: Monthly dependency updates started by ${{ gitea.actor }} on: schedule: # Run monthly on the 1st at 2 AM UTC - cron: '0 2 1 * *' workflow_dispatch: inputs: urgent_security: description: 'Apply urgent security updates outside schedule' required: false type: boolean default: false jobs: dependency-updates: runs-on: ubuntu-latest permissions: contents: write pull-requests: write steps: - name: Check out repository code uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ secrets.TOKEN }} - name: JDK setup uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: '17' - name: Validate Gradle Wrapper uses: gradle/actions/wrapper-validation@v3 - name: Create update branch run: | BRANCH_NAME="dependency-updates-$(date +%Y-%m)" git checkout -b $BRANCH_NAME git push origin $BRANCH_NAME echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV - name: Run full test suite before updates run: | echo "Running pre-update test validation..." ./gradlew clean test integrationTestOnly echo "Pre-update tests completed successfully" - name: Run OpenRewrite Dry Run run: | echo "Running OpenRewrite dry run to preview changes..." ./gradlew rewriteDryRun echo "Dry run completed" - name: Apply OpenRewrite Updates run: | echo "Applying OpenRewrite updates..." ./gradlew rewriteRun # Check if any changes were made if git diff --quiet; then echo "No dependency updates available" exit 0 else echo "Dependency updates applied" fi - name: Run full test suite after updates run: | echo "Running post-update test validation..." ./gradlew clean test integrationTestOnly echo "Post-update tests completed successfully" - name: Commit and push changes if: success() run: | git config --global user.name "${{ gitea.actor }}" git config --global user.email "${{ gitea.actor }}@users.noreply.github.com" # Add all changes git add . # Create commit message with update summary COMMIT_MSG="Monthly dependency updates via OpenRewrite - $(date +%Y-%m) Applied automatic dependency updates: - Spring Boot minor version updates - SpringDoc OpenAPI compatible updates - PostgreSQL driver updates - Spring ecosystem security patches All tests passed before and after updates. Changes previewed via OpenRewrite dry run and validated." git commit -m "$COMMIT_MSG" git push origin $BRANCH_NAME - name: Create Pull Request against test branch if: success() run: | # Get list of changes for PR description CHANGES=$(git diff HEAD~1 --name-only | paste -sd ", " -) # Create PR via Gitea API curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/pulls" \ -H "Authorization: token ${{ secrets.TOKEN }}" \ -H "Content-Type: application/json" \ -d "{ \"title\": \"Monthly dependency updates via OpenRewrite - $(date +%Y-%m)\", \"body\": \"## Summary\\n\\nAutomated monthly dependency updates via OpenRewrite for $(date +%B %Y).\\n\\n### Changes Applied\\n\\nāœ… **Test Validation Completed**\\n- Full test suite passed before updates\\n- Full test suite passed after updates\\n\\nšŸ“¦ **Updated Dependencies**\\n- Spring Boot minor version updates (3.4.x ā†’ 3.5.x compatible)\\n- SpringDoc OpenAPI compatible version updates\\n- PostgreSQL driver updates\\n- Spring ecosystem security patches\\n\\n### Files Modified\\n\\n$CHANGES\\n\\n### Safety Information\\n\\nšŸ”’ **Manual Review Required**\\n- All updates applied via OpenRewrite safe recipes\\n- No breaking changes included\\n- No major version updates\\n- Experimental features excluded\\n\\n### Next Steps\\n\\n1. Review the changes in this PR\\n2. Merge if no conflicts\\n3. Deploy to staging for final validation\\n\\n---\\n\\n*This PR was created automatically via OpenRewrite on $(date +%Y-%m-%d)*\", \"head\": \"$BRANCH_NAME\", \"base\": \"test\" }" - name: Notify Gitea users if: success() run: | curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/issues" \ -H "Authorization: token ${{ secrets.TOKEN }}" \ -H "Content-Type: application/json" \ -d "{ \"title\": \"šŸ“¦ Monthly dependency updates PR created for review\", \"body\": \"OpenRewrite has created dependency updates PR **#$(${{ env.BRANCH_NAME }})** for manual review.\\n\\nšŸ”— **Pull Request**: [Monthly dependency updates via OpenRewrite - $(date +%Y-%m)](https://gitea.hithomelabs.com/Hithomelabs/CFTunnels/pulls/${{ env.BRANCH_NAME }})\\n\\nāœ… **Status**: Ready for manual review\\nšŸ“Š **Test Results**: All tests passed\\nšŸ”„ **Target Branch**: test\\n\\nPlease review the changes and merge if approved.\", \"labels\": [\"dependencies\", \"openrewrite\", \"monthly-update\"] }" - name: Handle no updates case if: failure() run: | echo "No dependency updates were needed this month" curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/issues" \ -H "Authorization: token ${{ secrets.TOKEN }}" \ -H "Content-Type: application/json" \ -d "{ \"title\": \"šŸ“‹ Monthly dependency update check completed\", \"body\": \"OpenRewrite completed its monthly dependency check for $(date +%B %Y).\\n\\nāœ… **Status**: No updates required\\nšŸ” **Result**: All dependencies are up to date\\nšŸ“… **Date\": $(date +%Y-%m-%d)\\n\\nNo action needed this month.\", \"labels\": [\"dependencies\", \"openrewrite\", \"no-updates\"] }" - name: Clean up branch on failure if: failure() run: | echo "Cleaning up failed update branch..." git push origin --delete $BRANCH_NAME 2>/dev/null || true