update-dependencies #77
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update-dependencies | |
| on: | |
| schedule: | |
| - cron: '0 2 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| update-dependencies: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 | |
| with: | |
| role-to-assume: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }} | |
| role-session-name: ${{ github.repository_owner }}_${{ github.event.repository.name }} | |
| aws-region: us-gov-west-1 | |
| role-duration-seconds: 900 | |
| - name: Populate eks addons dependencies file | |
| run: | | |
| LATEST_EKS_CLUSTER_VERSION=$(aws eks describe-cluster-versions --query "clusterVersions | sort_by(@, &clusterVersion) | [-1].clusterVersion" --output text) | |
| # Get addon versions for the latest EKS cluster version, sort them by name, and remove unneeded fields | |
| # this needs to be sorted because AWS's api just returns them in a random order every time :( | |
| aws eks describe-addon-versions --kubernetes-version "$LATEST_EKS_CLUSTER_VERSION" \ | |
| | jq ' | |
| .addons |= ( | |
| # Sort the addons by name | |
| sort_by(.addonName) | |
| # Rebuild each add-on object | |
| | map({ | |
| addonName: .addonName, | |
| addonVersions: ( | |
| # 3) Sort, reverse, and select addonVersion | |
| .addonVersions | |
| | sort_by(.addonVersion) | |
| | reverse | |
| | map({ | |
| addonVersion: .addonVersion | |
| }) | |
| ) | |
| }) | |
| ) | |
| ' > dependencies/eks-addons-versions.json | |
| - name: Sign and push changes using graphql | |
| uses: planetscale/ghcommit-action@c6125dee9e9c0daebc4adea9f68ead8293414174 # v0.2.9 | |
| with: | |
| commit_message: "Update dependencies" | |
| repo: ${{ github.repository }} | |
| branch: ${{ github.head_ref || github.ref_name }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |