Giter VIP home page Giter VIP logo

clojure-dependency-update-action's Introduction

Clojure Dependency Update Action

A GitHub Action to create Pull Requests for your out-of-date dependencies in clojure projects. This action can automatically update the following dependency files:

This action uses antq to check and update dependencies.

Requirements

The Actions platform is constantly being refined by the GitHub team. To ensure the safety of all end-users, they occasionally deprecate functionality which poses security risks. This impacts all first and third party Actions which you may use in your workflows. When diagnosing issues, please check your Actions tab for any deprecation notices.

As of writing, this action requires that actions/checkout is set to at least 3.x.y.

Maintenance Mode

As of May 25, 2023 this action is now in maintenence mode. I will continue to support existing users by applying patches and fixes, but new feature development is frozen. I recommend upgrading dependency management to a cross-language tool such as Renovate.

If you prefer per-language tools, you are free to fork this repository or reference its implementation in the Actions you maintain.

Sample Usage

Basic

name: Clojure Dependency Checking

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - name: Checkout Latest Commit
      uses: actions/[email protected]
      with:
        ref: ${{ github.head_ref }}

    - name: Check Clojure Dependencies
      uses: nnichols/clojure-dependency-update-action@v4
      with:
        github-token: ${{ secrets.github_token }}

Advanced

name: Batch Dependency Update

on: workflow_dispatch

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - name: Checkout Latest Commit
      uses: actions/[email protected]
      with:
        ref: ${{ github.head_ref }}

    - name: Check Clojure Dependencies
      uses: nnichols/clojure-dependency-update-action@v4
      with:
        github-token: ${{ secrets.github_token }}
        git-username: nnichols
        skips: "pom boot"
        batch: true
        branch: "main"
        directories: "cli web"

Supported Arguments

  • github-token: The only required argument. Can either be the default token, as seen above, or a personal access token with write access to the repository.
  • branch: The branch that dependencies should be checked on and Pull Requests created against. Defaults to master
  • git-email: The email address each commit should be associated with. Defaults to a github provided noreply address
  • git-username: The GitHub username each commit should be associated with. Defaults to github-actions[bot]
  • excludes: Artifact names to be excluded from the antq check. Defaults to an empty list. See antq-action for more information.
  • directories: Directories to search for project files in. Defaults to the root of the repository. See antq-action for more information.
  • skips: Build tools/files to skip by default. Defaults to an empty list. See antq-action for more information.
  • batch: Updates all outdated dependencies in a single pull request. Set to "true" to enable

Alternatives

As the Clojure ecosystem matures, more first-class options for dependency management now support the language. The following is a growing list of alternative tools to consider:

Acknowledgements

Special thanks to Chad Taylor for figuring out the initial bash script this is based on.

Licensing

Copyright © 2021-2023 Nick Nichols

Distributed under the MIT License

clojure-dependency-update-action's People

Contributors

listx avatar nnichols avatar renovate[bot] avatar timokramer avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

rickmoynihan andrewmcveigh jennet reifyhealth timokramer corasaurus-hex listx

clojure-dependency-update-action's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

dockerfile
Dockerfile
  • nnichols/clojure-dependency-update-action sha256:06c47e969b386796a09f296d80af705c1d8b578cae41ebe018b08a0f657d4081
  • Check this box to trigger a request for Renovate to run again on this repository

Update process is failing

Bug Report

Describe the Bug

Two weeks ago it start to runing this error:
image

User Information

name: Batch Dependency Update

on:
  workflow_dispatch:

  schedule:
    - cron: "50 1 * * 1" # Mondays at 1:50 AM

jobs:
  update-deps:
    name: Update dependencies

    runs-on: ubuntu-latest

    steps:
    - name: Checkout Latest Commit
      uses: actions/[email protected]

    - name: Check deps
      uses:  nnichols/clojure-dependency-update-action@v5
      with:
        github-token: ${{ secrets.GITHUB_TOKEN }}
        batch: "true"
        branch: "development"
        skips: "github-action"

Batch bump PR feature

Feature Request

Hi, thanks for the amazing github action, I added it to clojure-lsp and it worked very well!
One feature that would be nice is to generate the PR with all the bumps instead of one by bump, a option like batch: true would be great.

Re-Write as a Babashka action

Feature Request

Problem Statement

This action has quickly accreted complexity from it's initial implementation, and is hard to test and verify in it's current state. To improve argument verification, iterability, and to test components of the application - I believe it is best to rewrite the action in Babashka.

Ideal Solution

Re-Write this action as a Babashka script

Alternative solutions

Implement bash tests or leverage awk/jq more

Add lib Changelog to the PR feature

Feature Request

I known this is not simple but if the lib has a CHANGELOG file on it's repo (if it's a github repo or something like that), add the changelog to the PR description would be great

version 4 fails to parse upgrades from the upgrade list

Bug Report

Describe the Bug

I get an empty $UPGRADES value when running the v4 action. This causes the action to fail with a red herring gh pr create error.

Your branch is up to date with 'origin/master'.
unknown argument "master"; please quote all values that have spaces

Usage:  gh pr create [flags]

Flags:
  -a, --assignee login    Assign people by their login
  -B, --base branch       The branch into which you want your code merged
  -b, --body string       Body for the pull request
  -d, --draft             Mark pull request as a draft
  -f, --fill              Do not prompt for title/body and just use commit info
  -H, --head branch       The branch that contains commits for your pull request (default: current branch)
  -l, --label name        Add labels by name
  -m, --milestone name    Add the pull request to a milestone by name
  -p, --project name      Add the pull request to projects by name
      --recover string    Recover input from a failed run of create
  -r, --reviewer handle   Request reviews from people or teams by their handle
  -t, --title string      Title for the pull request
  -w, --web               Open the web browser to create a pull request

It appears to be caused by the use of the string output of the command's eval rather than the direct output, as after a bit of poking around in the script, this line change fixed the problem

Steps to Reproduce

Steps to reproduce the behavior:

My repo settings were:

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - name: Checkout Latest Commit
      uses: actions/[email protected]

    - name: Check deps
      uses: nnichols/clojure-dependency-update-action@v4
      with:
        directories: api
        batch: true
        branch: master
        github-token: ${{ secrets.github_token }}

Expected Behavior

The script to successfully parse and run upgrades and diffs for each upgrade found, then to switch to a new branch and create a PR.

Can't get this action to work in my workflow

Bug Report

Describe the Bug

When I specify the branch action parameter, I get an error error: pathspec 'main' did not match any file(s) known to git

Steps to Reproduce

With this workflow config:

name: update-clj-cljs-dependencies-and-make-PR
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check clj/s dependencies and create merge-request
        uses: nnichols/clojure-dependency-update-action@v4
        with:
          github-token: ${{ secrets.github_token }}
          batch: "true"
          branch: "main"

I get this output in actions:

Run nnichols/clojure-dependency-update-action@v4
/usr/bin/docker run --name c42e57923e2a0451aab170b1b6061e399_88b4b7 --label 49859c --workdir /github/workspace --rm -e "INPUT_GITHUB-TOKEN" -e "INPUT_BATCH" -e "INPUT_BRANCH" -e "INPUT_GIT-EMAIL" -e "INPUT_GIT-USERNAME" -e "INPUT_EXCLUDES" -e "INPUT_DIRECTORIES" -e "INPUT_SKIPS" -e "TOKEN" -e "EMAIL" -e "NAME" -e "BRANCH" -e "EXCLUDE" -e "DIRECTORY" -e "SKIP" -e "BATCH" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/nette/nette":"/github/workspace" 49859c:42e57923e2a0451aab170b1b6061e399
error: pathspec 'main' did not match any file(s) known to git
Downloading: antq/antq/maven-metadata.xml from clojars
Downloading: antq/antq/maven-metadata.xml from datomic-cloud
Cloning: https://github.com/simongray/datalinguist
...
Your branch is up to date with 'origin/pieter/net-679-update-dependencies-in-depsedn'.
unknown argument "main"; please quote all values that have spaces

Usage:  gh pr create [flags]

Flags:
  -a, --assignee login    Assign people by their login
  -B, --base branch       The branch into which you want your code merged
  -b, --body string       Body for the pull request
  -d, --draft             Mark pull request as a draft
  -f, --fill              Do not prompt for title/body and just use commit info
  -H, --head branch       The branch that contains commits for your pull request (default: current branch)
  -l, --label name        Add labels by name
  -m, --milestone name    Add the pull request to a milestone by name
  -p, --project name      Add the pull request to projects by name
      --recover string    Recover input from a failed run of create
  -r, --reviewer handle   Request reviews from people or teams by their handle
  -t, --title string      Title for the pull request
  -w, --web               Open the web browser to create a pull request

Support monorepo

Bug Report

Describe the Bug

Not sure it's a bug, let me know if I'm wrong.
I love this project and use it all the time on clojure-lsp, the issue is that we moved from a single deps.edn to a modular codebase so now we have this structure:

- deps.edn at the root of the project 
|-- cli/deps.edn
|-- lib/deps.edn

how could I change this action to check for updates on the 3 deps.edn files? I tried the directories but it didn't work.
Thank you!

Action takes hours to complete

Bug Report

Describe the Bug

The bump action takes more than 2 hours to complete on clojure-lsp repo, example
This makes github delays to spawn some other actions as clojure-lsp has lot of actions on a free tier

Steps to Reproduce

Expected Behavior

Expect to take way less time to avoid multiple running tasks from different commits on master.

User Information

Additional Context

Add any other context about the problem here.

Allow specifying a tag to add to PRs

Feature Request

Problem Statement

When working with lots of PRs it's helpful to filter by tags. Dependabot adds a tag dependencies to all PRs it creates. This allows only viewing dependency upgrades but also hiding them if wanted.

Personally I often want to hide dependency upgrade PRs when looking for PRs to review.

Ideal Solution

Provide an additional option to the action that allows specifying a tag that is added to PRs

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.