From c72841c188e65522c1f38923d08dfc1c526cf380 Mon Sep 17 00:00:00 2001 From: "Piotr P. Karwasz" Date: Fri, 11 Apr 2025 16:20:17 +0200 Subject: [PATCH] Adapt `merge-dependabot` to RTC This PR removes the `merge-dependabot` workflow and replaces it with a new `add-dependabot-changelog` workflow that: - Runs on each push to a `dependabot/*` branch. - If the current reference is a Dependabot PR it pushes a new changelog entry to the Dependabot branch. --- .../workflows/add-dependabot-changelog.yaml | 118 ++++++++++++++++++ .github/workflows/build.yaml | 1 - .github/workflows/merge-dependabot.yaml | 52 -------- 3 files changed, 118 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/add-dependabot-changelog.yaml delete mode 100644 .github/workflows/merge-dependabot.yaml diff --git a/.github/workflows/add-dependabot-changelog.yaml b/.github/workflows/add-dependabot-changelog.yaml new file mode 100644 index 00000000000..889cdf3e6bf --- /dev/null +++ b/.github/workflows/add-dependabot-changelog.yaml @@ -0,0 +1,118 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: add-dependabot-changelog + +on: + push: + branches: + - "dependabot/*" + +permissions: + contents: write + +jobs: + + add-changelog-entry: + runs-on: ubuntu-latest + + steps: + + - name: Fetch metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # 2.3.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Find dependency attributes + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + shell: bash + env: + DEPENDENCY_NAMES: ${{ steps.dependabot-metadata.outputs.dependency-names }} + DEPENDENCY_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }} + run: | + DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAMES" | tr "," '\n' | head -n 1) + cat >> $GITHUB_ENV << EOF + DEPENDENCY_NAME=$DEPENDENCY_NAME + DEPENDENCY_VERSION=$DEPENDENCY_VERSION + EOF + + - name: Checkout repository + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + + - name: Set up Java & GPG + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1 + with: + distribution: zulu + java-version: 17 + cache: maven + server-id: apache.releases.https + server-username: NEXUS_USERNAME + server-password: NEXUS_PASSWORD + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + + - name: Find the release version major + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + shell: bash + run: | + RELEASE_VERSION_MAJOR=$(./mvnw \ + --non-recursive --quiet --batch-mode \ + -DforceStdout=true \ + -Dexpression=parsedVersion.majorVersion \ + build-helper:parse-version help:evaluate \ + | tail -n 1) + echo "RELEASE_VERSION_MAJOR=$RELEASE_VERSION_MAJOR" >> $GITHUB_ENV + + - name: Create changelog entry + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + shell: bash + env: + PR_URL: ${{ github.event.pull_request.html_url }} + PR_ID: ${{ github.event.pull_request.number }} + run: | + if [ -d "src/changelog" ]; then + RELEASE_CHANGELOG_FILEPATH="src/changelog/.${RELEASE_VERSION_MAJOR}.x.x" + SAFE_DEPENDENCY_NAME=$(echo "$DEPENDENCY_NAME" | tr "[:upper:]" "[:lower:]" | sed -r 's/[^a-z0-9]/_/g' | sed -r 's/_+/_/g') + CHANGELOG_ENTRY_FILEPATH="$RELEASE_CHANGELOG_FILEPATH/update_${SAFE_DEPENDENCY_NAME}.xml" + mkdir -p $(dirname "$CHANGELOG_ENTRY_FILEPATH") + cat > "$CHANGELOG_ENTRY_FILEPATH" << EOF + + + + Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\` + + EOF + fi + + - name: Add & commit changes + if: ${{ steps.dependabot-metadata.outputs.dependency-names }} + shell: bash + env: + PR_ID: ${{ github.event.pull_request.number }} + PR_BRANCH: ${{ github.head_ref }} + run: | + git add src/changelog + git config user.name "ASF Logging Services RM" + git config user.email private@logging.apache.org + git commit -S -a -m "Add changelog for #$PR_ID" + # Push to the branch + git push diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e9c52a05d72..7582bdd6e78 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,6 @@ permissions: read-all jobs: build: - if: github.actor != 'dependabot[bot]' uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0 secrets: DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.DEVELOCITY_ACCESS_KEY }} diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml deleted file mode 100644 index 3690740ba65..00000000000 --- a/.github/workflows/merge-dependabot.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to you under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: merge-dependabot - -on: - pull_request_target: - paths-ignore: - - "**.adoc" - - "**.md" - - "**.txt" - -permissions: read-all - -jobs: - - build: - if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0 - secrets: - DV_ACCESS_TOKEN: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - with: - java-version: | - 8 - 17 - develocity-enabled: true - reproducibility-check-enabled: false - - merge-dependabot: - needs: build - uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/12.1.0 - with: - java-version: 17 - permissions: - contents: write # to push changelog commits - pull-requests: write # to close the PR - secrets: - GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} # to sign commits