diff --git a/.github/workflows/update-pomerium.yaml b/.github/workflows/update-dependencies.yaml similarity index 57% rename from .github/workflows/update-pomerium.yaml rename to .github/workflows/update-dependencies.yaml index f2961ea..0dcef30 100644 --- a/.github/workflows/update-pomerium.yaml +++ b/.github/workflows/update-dependencies.yaml @@ -1,4 +1,4 @@ -name: Update Pomerium +name: Update Dependencies on: schedule: @@ -6,7 +6,7 @@ on: workflow_dispatch: jobs: - update: + update-dependencies: runs-on: ubuntu-latest steps: - name: Checkout @@ -15,28 +15,35 @@ jobs: submodules: "true" token: ${{ secrets.APPARITOR_GITHUB_TOKEN }} - - name: Update Pomerium - run: make update-pomerium + - name: Setup ASDF + uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 + + - name: Update Tools + run: ./scripts/update-dependencies tools + + - name: Update Pomerium Dependencies + run: ./scripts/update-dependencies pomerium - name: Generate run: make generate - - name: Check for changes + - name: Check for Changes id: git-diff run: | git config --global user.email "apparitor@users.noreply.github.com" git config --global user.name "GitHub Actions" - git add deps/github.com/pomerium + git add . git diff --cached --exit-code || echo "changed=true" >> $GITHUB_OUTPUT - name: Create Pull Request if: ${{ steps.git-diff.outputs.changed }} == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 with: author: GitHub Actions - body: "This PR updates Pomerium Dependencies" - commit-message: "ci: update pomerium dependencies" + body: "This PR updates dependencies not managed by dependabot." + branch: ci/update-core + commit-message: "ci: update dependencies" delete-branch: true labels: ci - title: "ci: update pomerium dependencies" + title: "ci: update dependencies" token: ${{ secrets.APPARITOR_GITHUB_TOKEN }} diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..e80943b --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +python 3.14.2 diff --git a/deps/github.com/pomerium/enterprise-client b/deps/github.com/pomerium/enterprise-client index b6649de..35a3bee 160000 --- a/deps/github.com/pomerium/enterprise-client +++ b/deps/github.com/pomerium/enterprise-client @@ -1 +1 @@ -Subproject commit b6649dee7d6cfab9ff46c6c240bf0c37f0152159 +Subproject commit 35a3bee09b04ee461dc12a9990425b1a0b1bff48 diff --git a/scripts/update-dependencies b/scripts/update-dependencies new file mode 100755 index 0000000..0e6e379 --- /dev/null +++ b/scripts/update-dependencies @@ -0,0 +1,58 @@ +#!/bin/bash +set -euo pipefail + +_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.." + +require-command() { + local _command="${1?"command is required"}" + + if ! command -v "$_command" >/dev/null 2>&1; then + echo "$_command is required" + exit 1 + fi +} + +get-tool-version() { + local _tool="${1?"tool is required"}" + + require-command asdf + + asdf current --no-header "$_tool" | tr -s ' ' | cut -d ' ' -f2 +} + +update-pomerium() { + pushd "$_project_root" + + git submodule update --remote deps/github.com/pomerium + + popd +} + +update-tools() { + pushd "$_project_root" + + require-command asdf + + asdf install python latest + asdf set python latest + + popd +} + +run() { + local _command="$1" + case "$_command" in + pomerium) + update-pomerium + ;; + tools) + update-tools + ;; + *) + echo "unknown command $_command" + exit 1 + ;; + esac +} + +run "${1?'command is required'}"