fa-sharp/axum-template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da2129344dca81594ca7382ef20f3d58f7c21ec7
axum-template/.github/workflows/dependency-check.yml
fa-sharp da2129344d Update dependency-check.yml
2026-02-20 03:07:12 -05:00

274 lines
9.5 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Dependency Check
on:
schedule:
# Run every Monday at 9:00 AM UTC
- cron: "0 9 * * 1"
workflow_dispatch: # Allow manual triggering
env:
RUST_VERSION: "1.90"
TEA_VERSION: "0.9.2"
jobs:
check-dependencies:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Install Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ env.RUST_VERSION }}
cache-workspaces: |
dep-check-test
dep-check-no-aide
- name: Install cargo-generate and cargo-edit
uses: taiki-e/install-action@v2
with:
tool: cargo-generate,cargo-edit
- name: Generate test project from template
run: |
mkdir -p dep-check-test && cd dep-check-test
cargo generate --path .. --name dep-check-test --vcs none --init \
--define project_description="Dependency check test project" \
--define env_prefix="APP" \
--define default_port="3000" \
--define default_log_level="info" \
--define include_aide=true
working-directory: ${{ github.workspace }}
- name: Check current dependencies
run: cargo check
working-directory: dep-check-test
# - name: Run tests with current dependencies
# run: cargo test
# working-directory: dep-check-test
- name: Upgrade dependencies and capture changes
id: upgrade
run: |
# Run cargo upgrade and capture output
UPGRADE_OUTPUT=$(cargo upgrade --incompatible 2>&1)
echo "$UPGRADE_OUTPUT"
echo "$UPGRADE_OUTPUT" > ../upgrade-output.txt
# Check if any dependencies were actually upgraded
if echo "$UPGRADE_OUTPUT" | grep -E "name\s+old req\s+compatible\s+latest\s+new req" > /dev/null; then
echo "has_updates=true" >> $GITHUB_OUTPUT
echo "✅ Updates detected"
else
echo "has_updates=false" >> $GITHUB_OUTPUT
echo " No updates available"
fi
cat Cargo.toml
working-directory: dep-check-test
- name: Check with upgraded dependencies
run: cargo check
working-directory: dep-check-test
- name: Build with upgraded dependencies
run: cargo build
working-directory: dep-check-test
# - name: Run tests with upgraded dependencies
# run: cargo test
# working-directory: dep-check-test
- name: Update template Cargo.toml if upgrades succeeded
if: steps.upgrade.outputs.has_updates == 'true'
run: |
echo "📝 Updating template with new dependency versions..."
# Run the merge script from .ci directory
python3 .ci/merge_versions.py dep-check-test/Cargo.toml Cargo.toml.liquid
# Show what changed
echo ""
echo "Changes to template:"
git diff Cargo.toml.liquid
git checkout -b deps/auto-upgrade-${{ github.run_number }}
git add Cargo.toml.liquid
git config user.email "bot@gitea.actions"
git config user.name "Dependency Bot"
git commit -m "chore: upgrade dependencies"
working-directory: ${{ github.workspace }}
- name: Create issue on failure
if: failure()
run: |
ISSUE_TITLE="⚠️ Weekly Dependency Check Failed"
ISSUE_BODY="The weekly dependency check has failed. Please review the workflow run for details.
**Action Required:**
- Review the failing dependencies
- Update the template if needed
- Test locally with \`cargo generate\` and \`cargo upgrade\`
**Workflow Run:** ${{ vars.PUBLIC_SERVER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_number }}"
# Create issue via Gitea API
curl -X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/json" \
"${{ github.api_url }}/repos/${{ github.repository }}/issues" \
-d "{
\"title\": \"$ISSUE_TITLE\",
\"body\": \"$ISSUE_BODY\",
\"labels\": [1],
\"ref\": \"${{ github.ref_name }}\"
}"
- name: Generate test project without aide
run: |
mkdir -p dep-check-no-aide && cd dep-check-no-aide
cargo generate --path .. --name dep-check-no-aide --vcs none --init \
--define project_description="Dependency check test project without aide" \
--define env_prefix="APP" \
--define default_port="3000" \
--define default_log_level="info" \
--define include_aide=false
working-directory: ${{ github.workspace }}
- name: Check without aide (current dependencies)
run: cargo check
working-directory: dep-check-no-aide
- name: Upgrade dependencies (no aide)
run: cargo upgrade --incompatible
working-directory: dep-check-no-aide
- name: Check without aide (upgraded dependencies)
run: cargo check
working-directory: dep-check-no-aide
- name: Build without aide (upgraded dependencies)
run: cargo build
working-directory: dep-check-no-aide
# - name: Run tests without aide (upgraded dependencies)
# run: cargo test
# working-directory: dep-check-no-aide
- name: Prepare PR body with upgrade summary
if: steps.upgrade.outputs.has_updates == 'true'
run: |
UPGRADE_SUMMARY=$(cat upgrade-output.txt | grep -A 100 "name.*old req.*compatible.*latest.*new req" | head -n 20)
cat > pr-body.txt << 'EOF'
This PR contains automated dependency upgrades that have been tested with `cargo check` and `cargo build`
## Changes
```
EOF
echo "$UPGRADE_SUMMARY" >> pr-body.txt
cat >> pr-body.txt << 'EOF'
```
## Testing
✅ Generated test project with aide
✅ Generated test project without aide
✅ All builds passed
✅ All checks passed
## Workflow Run
${{ vars.PUBLIC_SERVER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_number }}
---
*This PR was automatically created by the dependency check workflow.*
EOF
cat pr-body.txt
working-directory: ${{ github.workspace }}
- name: Install Tea
if: steps.upgrade.outputs.has_updates == 'true'
env:
TEA_DL_ARCH: '${{ fromJson(''{ "x86": "386", "x64": "amd64", "ARM": "arm", "ARM64": "arm64" }'')[ runner.arch ] }}'
TEA_DL_URL: "https://dl.gitea.com/tea/${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-"
shell: bash
run: |
if ! command -v tea >/dev/null 2>&1; then
TEA_DIR=$(mktemp -d -t tmp.XXXX)
pushd $TEA_DIR
wget -q -nc "${TEA_DL_URL}${TEA_DL_ARCH}"
wget -q -nc "${TEA_DL_URL}${TEA_DL_ARCH}.sha256"
if $(sha256sum --quiet -c "tea-${{ env.TEA_VERSION }}-linux-${TEA_DL_ARCH}.sha256"); then
sudo mv "tea-${{ env.TEA_VERSION }}-linux-${TEA_DL_ARCH}" /usr/bin/tea
sudo chmod +x /usr/bin/tea
sudo cp -rf /usr/bin/tea $RUNNER_TOOL_CACHE/bin
popd
rm -rf $TEA_DIR
else
popd
rm -rf $TEA_DIR
echo "::error title=⛔ error hint::Tea v${{ env.TEA_VERSION }} Checksum Failed"
exit 1
fi
else
echo "Tea CLI already installed"
fi
- name: Login to Gitea
if: steps.upgrade.outputs.has_updates == 'true'
shell: bash
run: >-
tea login add
-u "${{ github.server_url }}"
-t "${{ secrets.GITHUB_TOKEN }}"
- name: Create Pull Request with dependency updates
if: steps.upgrade.outputs.has_updates == 'true'
permissions:
contents: write
working-directory: ${{ github.workspace }}
run: |
# Read the PR body from file
PR_BODY=$(cat pr-body.txt)
# Configure git authentication
git config user.name "Dependency Bot"
git config user.email "bot@gitea.actions"
# Set up authenticated remote URL
git remote set-url origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@${{ github.server_url }}/${{ github.repository }}"
# Commit and push changes
git checkout -b "deps/auto-upgrade-${{ github.run_number }}"
git add Cargo.toml.liquid
git commit -m "chore: upgrade dependencies"
git push origin "deps/auto-upgrade-${{ github.run_number }}"
# Create PR with description from file
tea pr create \
--title "⬆️ Automated Dependency Upgrade" \
--description "$PR_BODY" \
--labels "deps/bot"
- name: Summary
if: success()
run: |
echo "✅ All dependency checks passed!"
echo ""
echo "Tested configurations:"
echo " - With aide: dep-check-test"
echo " - Without aide: dep-check-no-aide"
echo ""
if [ "${{ steps.upgrade.outputs.has_updates }}" = "true" ]; then
echo "📦 Updates found - PR created automatically"
else
echo " No dependency updates available"
fi
Reference in New Issue View Git Blame Copy Permalink