eps-update-devcontainer/action.yml at main · NHSDigital/eps-update-devcontainer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Update devcontainer version
description: "Updates the devcontainer version in devcontainer.json."
inputs:
  calling_repo_base_branch:
    description: "The base branch from the calling repository that should be merged into"
    required: false
    default: main
  CREATE_PULL_REQUEST_APP_ID:
    description: "GitHub App ID for creating pull requests"
    required: true
  CREATE_PULL_REQUEST_PEM:
    description: "Private key for the GitHub App in PEM format"
    required: true
runs:
  using: "composite"
  steps:
    - name: Checkout calling repo code
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        ref: ${{ inputs.calling_repo_base_branch }}
        fetch-depth: 0
        persist-credentials: false

    - name: Load config value
      shell: bash
      id: load-config
      run: |
        set -euo pipefail
        DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json)

        DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json)

        {
          echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE"
          echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION"
        } >> "$GITHUB_OUTPUT"

    - name: Resolve latest devcontainer image version from GHCR
      shell: bash
      id: resolve-version
      env:
        GH_TOKEN: "${{ github.token }}"
        DEVCONTAINER_IMAGE: "${{ steps.load-config.outputs.DEVCONTAINER_IMAGE }}"
        DEVCONTAINER_VERSION: "${{ steps.load-config.outputs.DEVCONTAINER_VERSION }}"
      run: |
        set -euo pipefail

        PACKAGE_NAME="eps-devcontainers/${DEVCONTAINER_IMAGE}"
        ENCODED_PACKAGE_NAME=$(python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' "$PACKAGE_NAME")
        VERSIONS_JSON=$(gh api \
          -H "Accept: application/vnd.github+json" \
          "/orgs/NHSDigital/packages/container/${ENCODED_PACKAGE_NAME}/versions?per_page=100")
        LATEST_VIA_LATEST_TAG=$(jq -r '
          [ .[]
            | select((.metadata.container.tags // []) | index("latest"))
          ]
          | sort_by(.created_at)
          | reverse
          | .[0].metadata.container.tags // []
          | map(select(test("^v")))
          | .[0] // empty
        ' <<< "$VERSIONS_JSON")

        LATEST_V_TAG=$(jq -r '
          [ .[]
            | {created_at, tags: (.metadata.container.tags // [])}
          ]
          | sort_by(.created_at)
          | reverse
          | map(.tags[]? | select(test("^v")))
          | .[0] // empty
        ' <<< "$VERSIONS_JSON")

        RESOLVED_VERSION="$LATEST_VIA_LATEST_TAG"

        if [[ -z "$RESOLVED_VERSION" ]]; then
          RESOLVED_VERSION="$LATEST_V_TAG"
        fi

        if [[ -z "$RESOLVED_VERSION" ]]; then
          echo "No version tag matching ^v found for package ${PACKAGE_NAME}" >&2
          exit 1
        fi

        echo "Resolved latest version: ${RESOLVED_VERSION}"
        echo "latest_version=${RESOLVED_VERSION}" >> "$GITHUB_OUTPUT"

    - name: Update devcontainer version in config
      shell: bash
      run: |
        set -euo pipefail

        if [[ "$LATEST_DEVCONTAINER_VERSION" == "$DEVCONTAINER_VERSION" ]]; then
          echo "IMAGE_VERSION is already up to date (${DEVCONTAINER_VERSION})"
          exit 0
        fi

        python3 - <<'PY'
        import json
        import os
        from pathlib import Path
        config_file = Path('.devcontainer/devcontainer.json')
        config = json.loads(config_file.read_text())
        config['build']['args']['IMAGE_VERSION'] = os.environ['LATEST_DEVCONTAINER_VERSION']
        config_file.write_text(json.dumps(config, indent=2) + '\n')
        PY

        echo "Updated IMAGE_VERSION from ${DEVCONTAINER_VERSION} to ${LATEST_DEVCONTAINER_VERSION}"
      env:
        LATEST_DEVCONTAINER_VERSION: "${{ steps.resolve-version.outputs.latest_version }}"
        DEVCONTAINER_VERSION: "${{ steps.load-config.outputs.DEVCONTAINER_VERSION }}"

    - name: Create GitHub App Token
      uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
      id: generate-token
      with:
        app-id: "${{ inputs.CREATE_PULL_REQUEST_APP_ID }}"
        private-key: "${{ inputs.CREATE_PULL_REQUEST_PEM }}"

    - name: Create Pull Request
      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
      with:
        token: "${{ steps.generate-token.outputs.token }}"
        commit-message: Update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}
        title: "Upgrade: [dependabot] - update devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}"
        body: |
          Updating devcontainer image version to ${{ steps.resolve-version.outputs.latest_version }}.
        branch: devcontainer-image-update
        base: ${{ inputs.calling_repo_base_branch }}
        branch-suffix: random
        sign-commits: true
        delete-branch: true