Automation: Update tooling versions #156
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is used to update the custom tooling versions for the project. | |
| # | |
| # We prefer to use Dependabot to update external dependencies, but at this time it does not include Homebrew as a supported package manager (https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories). | |
| # Furthermore, neither `swiftlint` nor `clang-format` are listed as dependencies in our repository, therefore also not picked up by Dependabot. | |
| # | |
| # Therefore we are using a custom workflow to update relevant files and open a pull request with the changes. | |
| name: "Automation: Update tooling versions" | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - ".github/workflows/auto-update-tools.yml" | |
| - "Brewfile*" | |
| - "Makefile" | |
| - "scripts/.clang-format-version" | |
| - "scripts/.swiftlint-version" | |
| - ".pre-commit-config.yaml" | |
| # Permissions configuration: | |
| # - 'contents: write' is required to allow the workflow to commit changes to the repository | |
| # when updating the tooling version files and creating branches for pull requests. | |
| # - 'pull-requests: write' is required to allow the workflow to create pull requests | |
| # using the peter-evans/create-pull-request action when tooling version updates are available. | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # Concurrency configuration: | |
| # - We use a named concurrency group to prevent multiple instances of this workflow from running | |
| # simultaneously, which could lead to race conditions when creating branches and pull requests. | |
| # Since this workflow modifies version files and creates PRs, concurrent runs could interfere | |
| # with each other, resulting in conflicting branches or duplicate PRs. | |
| # - We enable cancellation of in-progress runs because only the most recent run matters for | |
| # version updates. There's no value in completing outdated runs, especially for scheduled | |
| # workflows that might queue up overnight. This approach conserves GitHub Actions minutes | |
| # and ensures we're always working with the latest repository state. | |
| concurrency: | |
| group: "auto-update-tools" | |
| cancel-in-progress: true | |
| jobs: | |
| auto-update-tools: | |
| runs-on: macos-15 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Update Homebrew | |
| run: brew update | |
| - name: Install Tools | |
| run: make init | |
| - name: Update tooling versions | |
| run: make update-versions | |
| - name: Check tooling versions | |
| run: make check-versions | |
| - name: Print git status and changes | |
| run: | | |
| git status | |
| git diff HEAD | |
| - name: Create pull request for clang-format version | |
| uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8 | |
| if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }} | |
| with: | |
| add-paths: scripts/.clang-format-version | |
| branch: github-actions/auto-update-tools-clang-format | |
| commit-message: "chore(deps): Update clang-format version" | |
| delete-branch: true | |
| title: "chore(deps): Update clang-format version" | |
| sign-commits: true | |
| base: main | |
| - name: Create pull request for swiftlint version | |
| uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8 | |
| if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }} | |
| with: | |
| add-paths: scripts/.swiftlint-version | |
| branch: github-actions/auto-update-tools-swiftlint | |
| commit-message: "chore(deps): Update swiftlint version" | |
| delete-branch: true | |
| title: "chore(deps): Update swiftlint version" | |
| sign-commits: true | |
| base: main |