Automate updating weekly version #689
Conversation
timja
commented
Oct 21, 2021
timja
commented
- Automate updating weekly version
- Downgrade weekly for testing on CI
.github/workflows/updatecli.yaml
Outdated
| - uses: tibdex/github-app-token@v1 | ||
| id: generate-token | ||
| with: | ||
| app_id: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_APP_ID }} | ||
| private_key: ${{ secrets.JENKINS_DEPENDENCY_UPDATER_PRIVATE_KEY }} |
There was a problem hiding this comment.
Is there a reason we cannot use the standard $GITHUB_TOKEN?
There was a problem hiding this comment.
We had an issue with it in the helm-charts repo, something to do with other workflows not starting correctly, we had to always push a new commit or re-run all jobs. May be ok in a repo not using github actions.
There was another issue IIRC about it committing as the last user to commit to the main branch but that's probably fixed by specifying the bot details
There was a problem hiding this comment.
When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
We had to create a technical user on https://github.com/updatecli/ to avoid this problem (PR opened but no workflow triggered).
There was a problem hiding this comment.
events triggered by the GITHUB_TOKEN will not create a new workflow run
Fine…why would we care here? Our only push-triggered action is a Jenkins build.
There was a problem hiding this comment.
I join @jglick if we can rely on a GITHUB_TOKEN, I think it's better as we don't have to rotate that password.
There was a problem hiding this comment.
the credentials are managed centrally here, so doesn't really make much difference but yeah sure will switch when I get a chance later on
| @@ -14,7 +14,7 @@ | |||
| <properties> | |||
| <changelist>999999-SNAPSHOT</changelist> | |||
| <bom>weekly</bom> | |||
| <jenkins.version>2.317</jenkins.version> | |||
| <jenkins.version>2.316</jenkins.version> | |||
There was a problem hiding this comment.
Why? Just to see if the workflow will bump it back up again?
.github/workflows/updatecli.yaml
Outdated
| flags: "--config ./updatecli/updatecli.d --values updatecli/values.yaml" | ||
| env: | ||
| UPDATECLI_GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | ||
|
|
||
| - name: Apply | ||
| uses: updatecli/updatecli-action@v1 | ||
| with: | ||
| flags: "--config ./updatecli/updatecli.d --values updatecli/values.yaml" |
There was a problem hiding this comment.
| flags: "--config ./updatecli/updatecli.d --values updatecli/values.yaml" | |
| env: | |
| UPDATECLI_GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| - name: Apply | |
| uses: updatecli/updatecli-action@v1 | |
| with: | |
| flags: "--config ./updatecli/updatecli.d --values updatecli/values.yaml" | |
| flags: "--config updatecli/updatecli.d --values updatecli/values.yaml" | |
| env: | |
| UPDATECLI_GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| - name: Apply | |
| uses: updatecli/updatecli-action@v1 | |
| with: | |
| flags: "--config updatecli/updatecli.d --values updatecli/values.yaml" |
?
There was a problem hiding this comment.
I vote for starting with ./: it helps when reading (or getting started) to undertsand that it's a file path relative to the working dir
There was a problem hiding this comment.
Is there any other reason than just eye habit? I am more used to './' than nothing.
Co-authored-by: Jesse Glick <[email protected]>
.github/workflows/updatecli.yaml
Outdated
| - name: Diff | ||
| uses: updatecli/updatecli-action@v1 | ||
| with: | ||
| command: diff |
There was a problem hiding this comment.
@timja is there a reason to perform a diff in this workflow? I understand that the "apply" is always performed so it seems redundant?
On other github.com/jenkins-infra/jenkins-infra repositories:
- The "apply" is only executed on the principal branch (ref. https://github.com/jenkins-infra/jenkins-infra/blob/production/.github/workflows/updatecli.yaml#L34) because we know it's built once a day, week, hour
- While the
diffis always executed to ensure that a PR does not break updatecli
There was a problem hiding this comment.
I just copied this out of the github workflow guide on updatecli.io
There was a problem hiding this comment.
|
It's not working because maven and java aren't in the update cli docker image. unless anyone has any better ideas |
|
You can install maven and java as part of the script, OR use a maven docker image and add updatecli binary instead ?
… Le 21 oct. 2021 à 22:46, Tim Jacomb ***@***.***> a écrit :
It's not working because maven and java aren't in the update cli docker image.
I'll take a look tomorrow probably switching to sed commands I guess
unless anyone has any better ideas
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
