Skip to content

support group configs specifically for security updates or version updates #20773

support group configs specifically for security updates or version updates

support group configs specifically for security updates or version updates #20773

Workflow file for this run

name: Specs
on: # yamllint disable-line rule:truthy
push:
branches:
- "main"
pull_request:
schedule:
- cron: "0 0 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
ci:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
suite:
- { path: bundler, name: bundler1, ecosystem: bundler }
- { path: bundler, name: bundler2, ecosystem: bundler }
- { path: cargo, name: cargo, ecosystem: cargo }
- { path: common, name: common, ecosystem: common}
- { path: composer, name: composer, ecosystem: composer }
- { path: docker, name: docker, ecosystem: docker }
- { path: elm, name: elm, ecosystem: elm }
- { path: git_submodules, name: git_submodules, ecosystem: gitsubmodule }
- { path: github_actions, name: github_actions, ecosystem: github-actions }
- { path: go_modules, name: go_module, ecosystem: gomod }
- { path: gradle, name: gradle, ecosystem: gradle }
- { path: hex, name: hex, ecosystem: mix }
- { path: maven, name: maven, ecosystem: maven }
- { path: npm_and_yarn, name: npm_and_yarn, ecosystem: npm }
- { path: nuget, name: nuget, ecosystem: nuget }
- { path: pub, name: pub, ecosystem: pub }
- { path: python, name: python, ecosystem: pip }
- { path: python, name: python_slow, ecosystem: pip }
- { path: swift, name: swift, ecosystem: swift }
- { path: devcontainers, name: devcontainers, ecosystem: devcontainers }
- { path: terraform, name: terraform, ecosystem: terraform }
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- uses: dorny/paths-filter@v3
id: changes
with:
filters: .github/ci-filters.yml
- name: Build ecosystem image
if: steps.changes.outputs[matrix.suite.path] == 'true'
run: script/build ${{ matrix.suite.path }}
- name: Run ${{ matrix.suite.name }} tests
if: steps.changes.outputs[matrix.suite.path] == 'true'
run: |
docker run \
--pull never \
--env "CI=true" \
--env "RAISE_ON_WARNINGS=true" \
--env "DEPENDABOT_TEST_ACCESS_TOKEN=${{ secrets.GITHUB_TOKEN }}" \
--env "SUITE_NAME=${{ matrix.suite.name }}" \
--rm ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }} bash -c \
"cd /home/dependabot/${{ matrix.suite.path }} && ./script/ci-test"
updater:
env:
DOCKER_BUILDKIT: 1
name: Updater
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
# using bundler as the test updater
- name: Build ecosystem image
run: script/build bundler
- name: Run updater tests
env:
DEPENDABOT_TEST_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: script/ci-test-updater
lint:
name: Lint
runs-on: ubuntu-latest
env:
BUNDLE_GEMFILE: updater/Gemfile
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- run: ./bin/lint
# yamllint is installed in GitHub Actions base runner image: https://github.com/adrienverge/yamllint/pull/588
- run: yamllint .
integration:
env:
DOCKER_BUILDKIT: 1
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Build ecosystem image
run: script/build silent
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Download Dependabot CLI
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz"
tar xzvf *.tar.gz >/dev/null 2>&1
./dependabot --version
- name: Run integration tests
env:
PATH: ${{ github.workspace }}:$PATH
run: |
cd silent/tests
go test ./...