Merge pull request #1565 from GoogleContainerTools/snapshots-update-s…

…cript Only create `knife` updates for actual changes
GoogleContainerTools · Apr 10, 2024 · 5086d44 · 5086d44
2 parents ae1c50a + cafa2e7
commit 5086d44
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 16 deletions.
diff --git a/.github/workflows/update-deb-package-snapshots.yml b/.github/workflows/update-deb-package-snapshots.yml
@@ -22,27 +22,21 @@ jobs:
         with:
           go-version: "1.20"
 
-      - name: Update snapshots and lock using "knife"
-        run: ./knife update-snapshots && ./knife lock
+      - name: Update snapshots
+        run: ./knife github-update-snapshots
 
       - name: Run update sboms script
+        if: env.DISTROLESS_DIFF
         run: |
           for i in $(seq 5); do
             bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc fetch //private/pkg/test/oci_image:test_sboms && break || sleep 20;
           done
           bazel run @//private/pkg/test/oci_image:test_sboms
 
       - name: Create commits
+        if: env.DISTROLESS_DIFF
         id: create-commits
         run: |
-          # Check work tree and end successfully if empty
-          if [ -z "$(git status --porcelain)" ]; then
-            echo "Nothing to commit";
-            echo "HAS_CHANGES=FALSE" >> "$GITHUB_OUTPUT"
-            exit 0;
-          fi
-          echo "HAS_CHANGES=TRUE" >> "$GITHUB_OUTPUT"
-
           git checkout -b update-snapshots
 
           # Set identity.
@@ -55,11 +49,13 @@ jobs:
           git push --force origin HEAD
 
       - name: Create Pull Request
-        if: steps.create-commits.outputs.HAS_CHANGES == 'TRUE'
+        if: env.DISTROLESS_DIFF
         env:
           GH_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
         run: |
-          if ! OUTPUT=$(gh pr create -B main -H update-snapshots -t "Bumping packages to latest stable versions" -b "Bumping packages to latest stable versions" 2>&1) ; then
+          BODY_FILE=$(mktemp)
+          printf "Bumping packages to latest stable version\n\`\`\`diff\n$DISTROLESS_DIFF\n\`\`\`\n" >> $BODY_FILE
+          if ! OUTPUT=$(gh pr create -B main -H update-snapshots -t "Bumping packages to latest stable versions" --body-file "$BODY_FILE" 2>&1) ; then
             echo $OUTPUT
             if [[ "${OUTPUT}" =~ "already exists" ]]; then
               echo "PR already exists and it was updated. Ending successfully";

diff --git a/knife b/knife
@@ -22,7 +22,6 @@ if [ $(uname) == "Darwin" ]; then
     export PATH="/opt/homebrew/opt/gnu-sed/libexec/gnubin:$PATH"
 fi
 
-
 function cmd_lock() {
     echo "🚧 Querying for repos"
     echo ""
@@ -51,7 +50,7 @@ function find_latest_snapshot() {
     cat $tmp | grep -ohE "([0-9]+T[0-9]+Z)" | head -n1
 }
 
-function cmd_update_snapshot() {
+function cmd_update_snapshots() {
     echo "🧐 Looking for updates... "
     latest=$(find_latest_snapshot "debian")
     latest_security=$(find_latest_snapshot "debian-security")
@@ -100,6 +99,15 @@ function cmd_update_snapshot() {
     echo "👌 Done..."
 }
 
+# write DISTROLESS_DIFF to GITHUB_ENV if changes are made
+function cmd_github_update_snapshots() {
+    local tmp=$(mktemp -d)
+    jq -nr 'inputs.packages[] | .key + " " + .sha256' ./private/repos/deb/*.lock.json | sort > "$tmp/old.hashes"
+    cmd_update_snapshots
+    cmd_lock
+    jq -nr 'inputs.packages[] | .key + " " + .sha256' ./private/repos/deb/*.lock.json | sort > "$tmp/new.hashes"
+    diff "$tmp/old.hashes" "$tmp/new.hashes" | tee "$tmp/diff" || printf "DISTROLESS_DIFF<<EOF\n$(<$tmp/diff)\nEOF" >> "$GITHUB_ENV"
+}
 
 function cmd_lint () {
     echo "🧹 Linting"
@@ -120,7 +128,6 @@ function cmd_lint () {
     find . -name "*.py" | xargs pylint --disable=R,C
 }
 
-
 function cmd_test () {
     echo "🧪 Testing"
     echo "" 
@@ -156,11 +163,14 @@ lock)
     cmd_lock
     ;;
 update-snapshots)
-    cmd_update_snapshot
+    cmd_update_snapshots
     ;;
 lint)
     cmd_lint
     ;;
+github-update-snapshots)
+    cmd_github_update_snapshots
+    ;;
 test)
     cmd_test
     ;;