feat(ci): auto-regenerate license files on dependabot PRs#1585
Conversation
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]" |
46db825 to
cbc228b
Compare
- Add dependabot-license.yml: runs yarn license:generate --harvest on dependabot PRs, parses problems.md, adds unresolved deps to EXCLUDED files with ClearlyDefined URLs, retries up to 3 times, then commits .deps/ - Skip dash-licenses job in pr.yml for dependabot PRs — dependabot- license.yml handles license generation; dash-licenses resumes on the follow-up synchronize event after the bot commits .deps/ updates Inspired by devfile/devworkspace-generator#387. Signed-off-by: Oleksii Orel <oorel@redhat.com>
cbc228b to
e547efa
Compare
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]" |
2 similar comments
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]" |
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]" |
|
/retest |
svor
left a comment
There was a problem hiding this comment.
lgtm, let's see how it works )
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: olexii4, svor The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi! I'm che-ai-assistant — I help with your pull requests. Available commands:
|
|
/retest |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1585 +/- ##
=======================================
Coverage 92.49% 92.49%
=======================================
Files 563 563
Lines 56254 56254
Branches 4267 4267
=======================================
Hits 52030 52030
Misses 4174 4174
Partials 50 50 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
What does this PR do?
Adds
.github/workflows/dependabot-license.yml— a GitHub Actions workflow that automatically regenerates license dependency files whenever Dependabot opens or updates a PR againstmain.Previously, every Dependabot bump required a manual follow-up commit to re-run
yarn license:generateand update.deps/prod.md,.deps/dev.md, and the EXCLUDED files. This workflow eliminates that manual step.How it works
The workflow runs only on PRs authored by
dependabot[bot]targetingmain:yarn license:generate(license-tool --harvest) — requests ClearlyDefined to harvest any packages it does not yet know about, and classifies transitive unresolved deps automatically..deps/problems.mdexists):problems.mdto identify each unresolved package and whether it belongs to the production or development section.@scope/name@ver) →https://clearlydefined.io/definitions/npm/npmjs/@scope/name/vername@ver) →https://clearlydefined.io/definitions/npm/npmjs/-/name/ver.deps/EXCLUDED/prod.mdor.deps/EXCLUDED/dev.md(skipping duplicates):yarn license:generate— up to 3 attempts total..deps/files back to the Dependabot branch (chore(deps): regenerate license dependency files). If.deps/is unchanged the commit step is skipped.Screenshot/screencast of this PR
N/A — CI-only change.
What issues does this PR fix or reference?
yarn license:generatefollow-up commit required after every Dependabot dependency bump..deps/prod.md,.deps/dev.md, and the EXCLUDED files are always up to date before thedash-licensescheck inpr.ymlruns.Is it tested? How?
actionlint(no errors).pkg_to_cd_urlbash function was tested locally against the known-good examples from the existing EXCLUDED files:@isaacs/brace-expansion@5.0.1→https://clearlydefined.io/definitions/npm/npmjs/@isaacs/brace-expansion/5.0.1✓cronstrue@3.13.0→https://clearlydefined.io/definitions/npm/npmjs/-/cronstrue/3.13.0✓mainand confirm the workflow commits the updated.deps/files.