asdf
asdf copied to clipboard
asdf-vm
Dependabot support
Is your feature request related to a problem? Please describe
I want to automate keeping my .tool-versions at the newest releases.
Describe the proposed solution
A new package-ecosystem for dependabot. This would be in https://github.com/dependabot/dependabot-core , not this repo.
Dependabot's CONTRIBUTING.md says
We are not currently accepting new ecosystems into dependabot-core. We want to focus more of our resources on merging improvements to the ecosystems we already support. If you are an ecosystem maintainer and are interested in integrating with Dependabot, and are willing to help provide the expertise necessary to build and support it, please open an issue and let us know. We hope to be able to accept community contributions for ecosystem support again soon.
So this would require a significant amount of effort to coordinate with dependabot, and a commitment of maintenance effort for the future. And that would have to come from the asdf team, rather than a community contribution. It may not be possible or worthwhile for the asdf team right now.
Describe similar asdf features and why they are not sufficient
The status quo is manually updating .tool-versions when I happen to hear about new releases.
Describe other workarounds you've considered
- A GitHub actions cron job to run and parse
asdf list all ${plugin}and compare it to.tool-versions. for each of the plugins a repository uses. But this is a lot of work and duplication and will not be as good as real dependabot. -
In dependabot-core, each ecosystem implementation is in its own gem so you can use Dependabot for a language we have not merged by creating a script to run your own gem or fork of core, e.g. dependabot-lein-runner (dependabot-core/CONTRIBUTING.md)
An easier solution to this would be to add a GitHub Action to https://github.com/asdf-vm/actions which performed this diff with slight configuration.
Would that be an acceptable solution?
Here's the github action we've been using, which also updates the version where it's found in our Dockerfile, and opens a PR as a draft PR (there was something about it playing nicer with our CI if a human marked it as non-draft, but I don't remember what it was.)
An action that anybody could use in /asdf-vm/actions could be nice, but I wonder if there's so much customization here (for my use, and presumably others would be similar) that it'd require an unreasonable amount of configuration.
name: 'Update asdf-managed language'
description: 'Update the versions of a language in .tool-versions and Dockerfile'
inputs:
language:
description: 'Language to update'
required: true
current-version-filter:
description: 'Filter to apply to the current version'
required: false
default: 'cat'
latest-version:
description: 'Command to get the latest relevant version'
required: true
docker-image-prefix:
description: 'Dockerfile image name prefix to grep for'
required: true
release-notes:
description: 'Release notes URL prefix'
required: true
token:
description: 'GitHub access token'
required: true
runs:
using: composite
steps:
- id: current
run: |
version=$(cat .tool-versions | grep ${{ inputs.language }} | cut -d' ' -f2 | ${{ inputs.current-version-filter }})
echo "::set-output name=version::$version"
shell: bash
- id: latest
run: |
version=$(${{ inputs.latest-version }})
echo "::set-output name=version::$version"
shell: bash
- id: update
if: steps.current.outputs.version != steps.latest.outputs.version
run: |
current=${{ steps.current.outputs.version }}
latest=${{ steps.latest.outputs.version }}
original_branch=$(git rev-parse --abbrev-ref HEAD)
new_branch="update/${{ inputs.language }}/$latest"
git fetch
if git branch --list --all | grep -q $new_branch
then
echo 'update already proposed, skipping'
else
git checkout -b $new_branch
sed -i "s/${{ inputs.language }} $current/${{ inputs.language }} $latest/" .tool-versions
sed -i "s/${{ inputs.docker-image-prefix }}$current/${{ inputs.docker-image-prefix }}$latest/" Dockerfile
git add .tool-versions Dockerfile
git config user.name "automated asdf updates"
git commit -m "update ${{ inputs.language }} to $latest"
git push origin $new_branch
gh pr create --draft --title "update ${{ inputs.language }} to $latest" --body "$(printf '[Release notes](${{ inputs.release-notes }}%s)\nIgnore by closing PR but not deleting branch' $latest)"
git checkout $original_branch
fi
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.token }}
name: Update asdf dependencies
on:
workflow_dispatch:
schedule:
- cron: "40 12 * * MON"
jobs:
update_asdf:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: asdf-vm/actions/plugins-add@v1
- name: update Erlang
uses: ./.github/actions/update-asdf
with:
language: 'erlang'
latest-version: 'asdf list all erlang | grep -v rc | tail -1'
docker-image-prefix: 'erlang-'
release-notes: 'https://www.erlang.org/patches/otp-'
token: ${{ secrets.GITHUB_TOKEN }}
- name: update Elixir
uses: ./.github/actions/update-asdf
with:
language: 'elixir'
current-version-filter: 'cut -d- -f1'
latest-version: asdf list all elixir | grep -v otp | grep '^[0-9]' | grep -v rc | tail -1
docker-image-prefix: 'elixir:'
release-notes: 'https://github.com/elixir-lang/elixir/releases/tag/v'
token: ${{ secrets.GITHUB_TOKEN }}
- name: update Node.js
uses: ./.github/actions/update-asdf
with:
language: 'nodejs'
latest-version: curl https://nodejs.org/dist/index.json | jq -r '[.[] | select(.lts)][0].version | ltrimstr("v")'
docker-image-prefix: 'node:'
release-notes: 'https://nodejs.org/en/blog/release/v'
token: ${{ secrets.GITHUB_TOKEN }}
