ci: Add automatic dependency update

This needs 2 special variables defined:

- GITLAB_API_TOKEN, which has write permissions to the gitlab API
  (create in your account settings for example)
- SSH_BOT_KEY, which is a private ssh key, that can be used to push to
  the repository.

After that you can schedule a pipeline on main to update dependencies
every week or so.
This commit is contained in:
Nicolas Werner 2020-10-29 18:29:44 +01:00
parent fab1e1b980
commit 29f7b04f24
2 changed files with 69 additions and 0 deletions

View File

@ -235,3 +235,35 @@ snap:publish:
when: on_success
expire_in: 1 week
needs: []
update-dependencies:
stage: coverage
needs: []
tags:
- docker
only:
- schedules
variables:
HOST: ${CI_PROJECT_URL}
UPDATE_BRANCH: ci-bot/dependency-updates
PRIVATE_TOKEN: ${GITLAB_API_TOKEN}
before_script:
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_BOT_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan "https://gitlab.com" >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- git config --global user.email "bot@fluffy.chat"
- git config --global user.name "Dependency Update Bot"
- sudo apt-get update && sudo apt-get install -y curl
script:
- flutter pub get
- flutter pub pub run dapackages:dapackages.dart ./pubspec.yaml
- flutter pub get
- git remote set-url --push origin git@gitlab.com:$CI_PROJECT_PATH
- 'git diff --exit-code || (git checkout -B ${UPDATE_BRANCH} && git add . && git commit -m "chore: Update dependencies" && git push -f origin ${UPDATE_BRANCH} && ./scripts/open-mr.sh)'

37
scripts/open-mr.sh Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
# source: https://about.gitlab.com/blog/2017/09/05/how-to-automatically-create-a-new-mr-on-gitlab-with-gitlab-ci/
# Extract the host where the server is running, and add the URL to the APIs
[[ $HOST =~ ^https?://[^/]+ ]] && HOST="${BASH_REMATCH[0]}/api/v4/projects/"
# Look which is the default branch
TARGET_BRANCH=`curl --silent "${HOST}${CI_PROJECT_ID}" --header "PRIVATE-TOKEN:${PRIVATE_TOKEN}" | python3 -c "import sys, json; print(json.load(sys.stdin)['default_branch'])"`;
# The description of our new MR, we want to remove the branch after the MR has
# been closed
BODY="{
\"id\": ${CI_PROJECT_ID},
\"source_branch\": \"${UPDATE_BRANCH}\",
\"target_branch\": \"${TARGET_BRANCH}\",
\"remove_source_branch\": true,
\"title\": \"chore: automated dependency update\"
}";
# Require a list of all the merge request and take a look if there is already
# one with the same source branch
LISTMR=`curl --silent "${HOST}${CI_PROJECT_ID}/merge_requests?state=opened" --header "PRIVATE-TOKEN:${PRIVATE_TOKEN}"`;
COUNTBRANCHES=`echo ${LISTMR} | grep -o "\"source_branch\":\"${UPDATE_BRANCH}\"" | wc -l`;
# No MR found, let's create a new one
if [ ${COUNTBRANCHES} -eq "0" ]; then
curl -X POST "${HOST}${CI_PROJECT_ID}/merge_requests" \
--header "PRIVATE-TOKEN:${PRIVATE_TOKEN}" \
--header "Content-Type: application/json" \
--data "${BODY}";
echo "Opened a new dependency update MR."
exit;
fi
echo "No new merge request opened.";