cffconvert-github-action icon indicating copy to clipboard operation
cffconvert-github-action copied to clipboard
verified publisher icon citation-file-format

Create an action to keep track of cffconvert version

Open abelsiqueira opened this issue 3 years ago • 5 comments

Since we are hardcoding the docker image version, if it is updated, this needs to be updated.

abelsiqueira avatar Jan 20 '22 13:01 abelsiqueira

Dependabot is a bot related to this topic. Whenever a configured dependency is updated, it will submit a Pull Request with an appropriate update to the repository it is set up for. Authorised people watching the repository can then instruct Dependabot to merge its Pull Request by commenting on it, an automatic email response to mails fulfilling the pattern of this repository should suffice for automation.

Might this be an option?

kevinmatthes avatar Nov 01 '22 21:11 kevinmatthes

Thanks for the suggestion, I don't know much about dependabot, but it might be an option. Whoever takes up this issue can check that.

abelsiqueira avatar Nov 02 '22 07:11 abelsiqueira

Hello, @abelsiqueira!

I think I found a concrete solution for this issue.

  1. Create a requirements.txt with both cffconvert == 2.0.0 and bump2version as requirements.
  2. Configure Dependabot to update Python dependencies, i.e. requirements.txt.
  3. Configure bump2version.
  4. Create a workflow.

Paste this to requirements.txt in the repository root:

bump2version
cffconvert == 2.0.0

This file will be solely edited by Dependabot and is required for the workflow to fetch all Python packages for the version update. I expect the versions of the CLI, the Docker edition as well as the Action to be synchronised.

Now for Dependabot:

version: 2
updates:
  - package-ecosystem: pip
    directory: / # `requirements.txt` in the repository root.
    schedule: # When to check for updates?
      interval: daily # Almost daily; I experienced a delay of about two days for Git sub-modules.
      time: '00:00' # Dummy UTC time.  I highly recommend to set a time in order to override the random time set for this repository.

You can also add milestones and / or assignees, at option. You can assign all maintainers of this repository to the resulting Pull Request such that all of you will receive an email from Dependabot. Answer that message ("Reply to List") to instruct Dependabot to update the cffconvert dependency. bump2version will always stay the latest version, so Dependabot will only edit the second line of requirements.txt.

This will configure bump2version:

[bumpversion]
commit = True
current_version = 2.0.0
tag = True
tag_message =
tag_name = {new_version}

[bumpversion:file:CITATION.cff]

[bumpversion:file:action.yml]

When called, bump2version will update the version of cffconvert in the Action definition and also this Action's version in the CITATION.cff. The release date will not be edited automatically. The changes will be committed and a new tag will be created. This file is self-maintaining.

And now, finally, the workflow:

name: bump2version # Dummy name.
on:
  push:
    paths:
      - requirements.txt # Dispatched when Dependabot updates the file due to the email it received.
permissions:
  contents: write # The version increments need to be committed.
jobs:
  update: # Dummy name.
    name: release # Dummy name.
    runs-on: ubuntu-latest
    steps:
      - name: python # We need to run Python CLIs.
        uses: actions/setup-python@v4
        with:
          python-version: 3.9 # This is a mandatory field.  It might need to be updated once in about two years.
      - name: checkout # Make `requirements.txt` accessible.
        uses: actions/checkout@v3
        with:
          persist-credentials: false # Persisting them is not required.
      - name: dependencies # Install all dependencies.
        uses: py-actions/py-dependency-install@v4
      - name: bump2version # A rather dirty hack but it works.
        run: bump2version major --new-version `cffconvert --version`

If Dependabot also tracks the GitHub Actions, they can be kept always up-to-date, as well.

Important: this is just a suggestion I did not test, yet. If you like the idea, I can submit you a working implementation in a Pull Request.

I am looking forward for your feedback!

kevinmatthes avatar Nov 12 '22 20:11 kevinmatthes

Another option would be Renovate which only requires an initial setup to listen to the cffconvert repository for GitHub releases and to update all version strings referring to it using regular expressions. This is the easiest (install one free GitHub App into the organisation account and configure it using one file) and most efficient (immediate, self-merging updates) approach I found, so far.

kevinmatthes avatar Jul 01 '23 20:07 kevinmatthes

Hi @kevinmatthes, sorry to leave you hanging. I haven't been working on this project lately. Also, the updates to cffconvert version were not so frequent so the investment in keeping this action up-to-date was not warranted (because it remained up-to-date). I think there might be some updates to cffconvert soon, but I am not sure how much work will be done in this action. Maybe @jspaaks has some opinion on this?

abelsiqueira avatar Jul 13 '23 09:07 abelsiqueira