Skip to content

Bump dependencies in Cargo.lock #73

Bump dependencies in Cargo.lock

Bump dependencies in Cargo.lock #73

Workflow file for this run

# Automatically run `cargo update` periodically.
#
# Originally based on
# [Rust's own dependency-upgrading workflow](https://github.com/rust-lang/rust/blob/master/.github/workflows/dependencies.yml)
# and subsequently adapted to the needs of this project.
# Rust source code may be used under the terms of the MIT or Apache 2.0 licenses,
# which we do here.
---
name: Bump dependencies in Cargo.lock
on:
schedule:
# Run weekly early in the morning on Mondays.
- cron: '37 03 * * MON'
workflow_dispatch:
# Needed so we can run it manually
permissions:
contents: read
defaults:
run:
shell: bash
env:
MAIN_CARGO_PR_TITLE: Weekly `cargo update` of primary dependencies
MAIN_CARGO_PR_MESSAGE: |
Automation to keep dependencies in the primary `Cargo.lock` current.
The following is the output from `cargo update`:
FUZZ_CARGO_PR_TITLE: Weekly `cargo update` of fuzzing dependencies
FUZZ_CARGO_PR_MESSAGE: |
Automation to keep dependencies in the fuzzing `Cargo.lock` current.
The following is the output from `cargo update`:
CARGO_COMMIT_MESSAGE: "cargo update \n\n"
jobs:
update-main-cargo:
if: github.repository_owner == 'obi1kenobi'
name: update main dependencies
runs-on: ubuntu-latest
steps:
- name: checkout the source code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
cache: false
- name: cargo update
# Remove first line that always just says "Updating crates.io index"
run: CARGO_TERM_COLOR=never cargo update 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log
- name: upload Cargo.lock artifact for use in PR
uses: actions/upload-artifact@v4
with:
name: main-Cargo-lock
path: Cargo.lock
retention-days: 1
- name: upload cargo-update log artifact for use in PR
uses: actions/upload-artifact@v4
with:
name: main-cargo-updates
path: cargo_update.log
retention-days: 1
pr-main-cargo:
if: github.repository_owner == 'obi1kenobi'
name: open or amend PR (main)
needs: update-main-cargo
runs-on: ubuntu-latest
env:
BRANCH_NAME: main_cargo_update
permissions:
contents: write
pull-requests: write
steps:
- name: checkout the source code
uses: actions/checkout@v4
with:
persist-credentials: true
- name: download Cargo.lock from update job
uses: actions/download-artifact@v4
with:
name: main-Cargo-lock
- name: download cargo-update log from update job
uses: actions/download-artifact@v4
with:
name: main-cargo-updates
- name: craft PR body and commit message
run: |
set -euo pipefail
echo "${CARGO_COMMIT_MESSAGE}" > commit.txt
cat cargo_update.log >> commit.txt
echo "${MAIN_CARGO_PR_MESSAGE}" > body.md
echo '```txt' >> body.md
cat cargo_update.log >> body.md
echo '```' >> body.md
- name: commit
run: |
set -euo pipefail
git config user.name github-actions
git config user.email [email protected]
git switch --force-create "$BRANCH_NAME"
git add ./Cargo.lock
DIFF="$(git diff --staged)"
if [[ "$DIFF" == "" ]]; then
echo "Cargo.lock was not changed, bailing out and not making a PR"
exit 1
fi
git commit --no-verify --file=commit.txt
- name: push
run: |
set -euo pipefail
git push --no-verify --force --set-upstream origin "$BRANCH_NAME"
- name: edit existing open pull request
id: edit
# Don't fail job if we need to open new PR
continue-on-error: true
env:
# We have to use a Personal Access Token (PAT) here.
# PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
# do not automatically trigger more workflows:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }}
run: |
set -euo pipefail
# Exit with error if PR is closed
STATE="$(gh pr view "$BRANCH_NAME" --repo "$GITHUB_REPOSITORY" --json state --jq '.state')"
if [[ "$STATE" != "OPEN" ]]; then
exit 1
fi
gh pr edit "$BRANCH_NAME" --title "${MAIN_CARGO_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY"
- name: open new pull request
# Only run if there wasn't an existing PR
if: steps.edit.outcome != 'success'
env:
# We have to use a Personal Access Token (PAT) here.
# PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
# do not automatically trigger more workflows:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }}
run: |
set -euo pipefail
gh pr create --title "${MAIN_CARGO_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY" --label R-automated
- name: set PR to auto-merge
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --squash --auto --delete-branch
update-fuzz-cargo:
if: github.repository_owner == 'obi1kenobi'
name: update fuzz dependencies
runs-on: ubuntu-latest
steps:
- name: checkout the source code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
cache: false
- name: cargo update
# Remove first line that always just says "Updating crates.io index"
run: |
cd trustfall_core/fuzz/
CARGO_TERM_COLOR=never cargo update 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log
- name: upload Cargo.lock artifact for use in PR
uses: actions/upload-artifact@v4
with:
name: fuzz-Cargo-lock
path: trustfall_core/fuzz/Cargo.lock
retention-days: 1
- name: upload cargo-update log artifact for use in PR
uses: actions/upload-artifact@v4
with:
name: fuzz-cargo-updates
path: trustfall_core/fuzz/cargo_update.log
retention-days: 1
pr-fuzz-cargo:
if: github.repository_owner == 'obi1kenobi'
name: open or amend PR (fuzz)
needs: update-fuzz-cargo
runs-on: ubuntu-latest
env:
BRANCH_NAME: fuzz_cargo_update
permissions:
contents: write
pull-requests: write
steps:
- name: checkout the source code
uses: actions/checkout@v4
with:
persist-credentials: true
- name: download Cargo.lock from update job
uses: actions/download-artifact@v4
with:
name: fuzz-Cargo-lock
path: trustfall_core/fuzz/
- name: download cargo-update log from update job
uses: actions/download-artifact@v4
with:
name: fuzz-cargo-updates
- name: craft PR body and commit message
run: |
set -euo pipefail
echo "${CARGO_COMMIT_MESSAGE}" > commit.txt
cat cargo_update.log >> commit.txt
echo "${FUZZ_CARGO_PR_TITLE}" > body.md
echo '```txt' >> body.md
cat cargo_update.log >> body.md
echo '```' >> body.md
- name: commit
run: |
set -euo pipefail
git config user.name github-actions
git config user.email [email protected]
git switch --force-create "$BRANCH_NAME"
git add ./trustfall_core/fuzz/Cargo.lock
DIFF="$(git diff --staged)"
if [[ "$DIFF" == "" ]]; then
echo "Cargo.lock was not changed, bailing out and not making a PR"
exit 1
fi
git commit --no-verify --file=commit.txt
- name: push
run: |
set -euo pipefail
git push --no-verify --force --set-upstream origin "$BRANCH_NAME"
- name: edit existing open pull request
id: edit
# Don't fail job if we need to open new PR
continue-on-error: true
env:
# We have to use a Personal Access Token (PAT) here.
# PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
# do not automatically trigger more workflows:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }}
run: |
set -euo pipefail
# Exit with error if PR is closed
STATE="$(gh pr view "$BRANCH_NAME" --repo "$GITHUB_REPOSITORY" --json state --jq '.state')"
if [[ "$STATE" != "OPEN" ]]; then
exit 1
fi
gh pr edit "$BRANCH_NAME" --title "${FUZZ_CARGO_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY"
- name: open new pull request
# Only run if there wasn't an existing PR
if: steps.edit.outcome != 'success'
env:
# We have to use a Personal Access Token (PAT) here.
# PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
# do not automatically trigger more workflows:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }}
run: |
set -euo pipefail
gh pr create --title "${FUZZ_CARGO_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY" --label R-automated
- name: set PR to auto-merge
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --squash --auto --delete-branch