hitanshu/CFTunnels
1
0
Fork 0
forked from Hithomelabs/CFTunnels
Code Pull Requests Activity
003bc776cc
CFTunnels/.gitea/workflows/rewrite-updates.yml

147 lines
6.5 KiB
YAML
Raw Blame History

name: Monthly Dependency Updates via OpenRewrite
run-name: Monthly dependency updates started by ${{ gitea.actor }}
on:
schedule:
# Run monthly on the 1st at 2 AM UTC
- cron: '0 2 1 * *'
workflow_dispatch:
inputs:
urgent_security:
description: 'Apply urgent security updates outside schedule'
required: false
type: boolean
default: false
jobs:
dependency-updates:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.TOKEN }}
- name: JDK setup
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '17'
- name: Validate Gradle Wrapper
uses: gradle/actions/wrapper-validation@v3
- name: Create update branch
run: |
BRANCH_NAME="dependency-updates-$(date +%Y-%m)"
git checkout -b $BRANCH_NAME
git push origin $BRANCH_NAME
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
- name: Run full test suite before updates
run: |
echo "Running pre-update test validation..."
./gradlew clean test integrationTestOnly
echo "Pre-update tests completed successfully"
- name: Run OpenRewrite Dry Run
run: |
echo "Running OpenRewrite dry run to preview changes..."
./gradlew rewriteDryRun
echo "Dry run completed"
- name: Apply OpenRewrite Updates
run: |
echo "Applying OpenRewrite updates..."
./gradlew rewriteRun
# Check if any changes were made
if git diff --quiet; then
echo "No dependency updates available"
exit 0
else
echo "Dependency updates applied"
fi
- name: Run full test suite after updates
run: |
echo "Running post-update test validation..."
./gradlew clean test integrationTestOnly
echo "Post-update tests completed successfully"
- name: Commit and push changes
if: success()
run: |
git config --global user.name "${{ gitea.actor }}"
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
# Add all changes
git add .
# Create commit message with update summary
COMMIT_MSG="Monthly dependency updates via OpenRewrite - $(date +%Y-%m)
Applied automatic dependency updates:
- Spring Boot minor version updates
- SpringDoc OpenAPI compatible updates
- PostgreSQL driver updates
- Spring ecosystem security patches
All tests passed before and after updates.
Changes previewed via OpenRewrite dry run and validated."
git commit -m "$COMMIT_MSG"
git push origin $BRANCH_NAME
- name: Create Pull Request against test branch
if: success()
run: |
# Get list of changes for PR description
CHANGES=$(git diff HEAD~1 --name-only | paste -sd ", " -)
# Create PR via Gitea API
curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/pulls" \
-H "Authorization: token ${{ secrets.TOKEN }}" \
-H "Content-Type: application/json" \
-d "{
\"title\": \"Monthly dependency updates via OpenRewrite - $(date +%Y-%m)\",
\"body\": \"## Summary\\n\\nAutomated monthly dependency updates via OpenRewrite for $(date +%B %Y).\\n\\n### Changes Applied\\n\\n✅ **Test Validation Completed**\\n- Full test suite passed before updates\\n- Full test suite passed after updates\\n\\n📦 **Updated Dependencies**\\n- Spring Boot minor version updates (3.4.x → 3.5.x compatible)\\n- SpringDoc OpenAPI compatible version updates\\n- PostgreSQL driver updates\\n- Spring ecosystem security patches\\n\\n### Files Modified\\n\\n$CHANGES\\n\\n### Safety Information\\n\\n🔒 **Manual Review Required**\\n- All updates applied via OpenRewrite safe recipes\\n- No breaking changes included\\n- No major version updates\\n- Experimental features excluded\\n\\n### Next Steps\\n\\n1. Review the changes in this PR\\n2. Merge if no conflicts\\n3. Deploy to staging for final validation\\n\\n---\\n\\n*This PR was created automatically via OpenRewrite on $(date +%Y-%m-%d)*\",
\"head\": \"$BRANCH_NAME\",
\"base\": \"test\"
}"
- name: Notify Gitea users
if: success()
run: |
curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/issues" \
-H "Authorization: token ${{ secrets.TOKEN }}" \
-H "Content-Type: application/json" \
-d "{
\"title\": \"📦 Monthly dependency updates PR created for review\",
\"body\": \"OpenRewrite has created dependency updates PR **#$(${{ env.BRANCH_NAME }})** for manual review.\\n\\n🔗 **Pull Request**: [Monthly dependency updates via OpenRewrite - $(date +%Y-%m)](https://gitea.hithomelabs.com/Hithomelabs/CFTunnels/pulls/${{ env.BRANCH_NAME }})\\n\\n✅ **Status**: Ready for manual review\\n📊 **Test Results**: All tests passed\\n🔄 **Target Branch**: test\\n\\nPlease review the changes and merge if approved.\",
\"labels\": [\"dependencies\", \"openrewrite\", \"monthly-update\"]
}"
- name: Handle no updates case
if: failure()
run: |
echo "No dependency updates were needed this month"
curl -X POST "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/issues" \
-H "Authorization: token ${{ secrets.TOKEN }}" \
-H "Content-Type: application/json" \
-d "{
\"title\": \"📋 Monthly dependency update check completed\",
\"body\": \"OpenRewrite completed its monthly dependency check for $(date +%B %Y).\\n\\n✅ **Status**: No updates required\\n🔍 **Result**: All dependencies are up to date\\n📅 **Date\": $(date +%Y-%m-%d)\\n\\nNo action needed this month.\",
\"labels\": [\"dependencies\", \"openrewrite\", \"no-updates\"]
}"
- name: Clean up branch on failure
if: failure()
run: |
echo "Cleaning up failed update branch..."
git push origin --delete $BRANCH_NAME 2>/dev/null || true
View Git Blame Copy Permalink