search

artichoke / docker-artichoke-nightly

🐳 Docker builds for nightly Artichoke
https://hub.docker.com/r/artichokeruby/artichoke
MIT License
5 stars 0 forks source link

Automate the gathering and publishing of new toolchain versions #195

Closed b-n closed 9 months ago

b-n commented 9 months ago

An attempt at automatically updating the toolchain version.

In short what this PR does:

I've had some success running this action with act, however for some reason I'm getting a "Could not read from remote repository" when it tries to run git remote prune origin here: https://github.com/peter-evans/create-pull-request/blob/main/src/create-pull-request.ts#L138. (running with act -s GITHUB_TOKEN="$(gh auth token)" -j check-toolchain-version, have also tried a hardcoded PAT token, to no success).

I can confirm everything works up until the git pr/commit part of it, so that's all good. In theory the last PR part should "Just work", but it might be a wait and see on the next rust release. I fear having a dirty tree (only easy way to test this) is causing some issue somewhere.

Fixes: #192

b-n commented 9 months ago

@lopopolo Woo! https://github.com/b-n/gh-action-test/blob/main/.github/workflows/create-pr.yaml generates https://github.com/b-n/gh-action-test/pull/1 so the answer is yes - we can play with variables, and yes - it works. I added you as a contributor to that repo so you can press the play button here: https://github.com/b-n/gh-action-test/actions/workflows/create-pr.yaml (if you just want to see it working :sweat_smile:

I'll fix up this PR tomorrow at some point. The key takeaways:

b-n commented 9 months ago

w.r.t runner permissions: I can't find a terraform setting for this specific switch: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests.

Apparently it's possible to just us gh commands on github runners without having to use this particular setting (haven't tested). It seems a bit redundant though whether it's from a action or whether it's from your own gh scripting to restrict this functionality, so I'm not sure what's the best course.

The create-pull-request does use just the plain github api from what it looks. I do wonder whether providing a machine token to the token: attribute (e.g. a machine PAT token) would actually circumvent this setting. Is the one available for the artichoke org?

b-n commented 9 months ago

@lopopolo I have one tiny other little idea:

Why? Because then we can use the exact same github action in this repo as we can in the main artichoke repo. Thoughts?

Could also make it a published action. e.g.

- uses: artichoke/rust-toolchain-dependabot
  with:
    toolchain_path: ./rust-toolchain.toml
    toolchain_syntax: toml
    pre_commit_command: "bundle exec rake toolchain:sync"

"A github action that will check and update the rust toolchain. You can provide your own command to update any other files prior to commiting"

b-n commented 9 months ago

Sorry, another message - eventually I might try and commit a dependabot-core for rust-toolchain. Looks like an old issue is people wanting it a long time ago: https://github.com/dependabot/dependabot-core/issues/1758#issuecomment-834333421

Dependabot-core usage restricts the running of pre-post commit things, but there is apparently a way to bump commits on top of dependabot PRs, so that could be done for the toolchain:sync part: https://github.com/dependabot/dependabot-core/issues/1758#issuecomment-834333421 (This is a big TIL for me today - kinda cool :sweat_smile:)

lopopolo commented 9 months ago

w.r.t runner permissions: I can't find a terraform setting for this specific switch: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests.

at https://github.com/artichoke/docker-artichoke-nightly/settings/actions:

Screenshot 2024-01-21 at 4 25 54 PM

There's an org setting I can flip to enable us turning that on in this repo. Let me look to see if I can terraform this.

Screenshot 2024-01-21 at 4 27 15 PM
lopopolo commented 9 months ago

@lopopolo I have one tiny other little idea:

  • Even though not "needed", we can create a rust-toolchain.toml file in this repo.
  • In the rakefile, we read the current version from rust-toolchain.toml instead of inside the artichoke main repo: https://github.com/artichoke/artichoke/blob/trunk/Rakefile#L201
  • We read/update the value in rust-toolchain.toml via grep/sed.

Why? Because then we can use the exact same github action in this repo as we can in the main artichoke repo. Thoughts?

Could also make it a published action. e.g.

- uses: artichoke/rust-toolchain-dependabot
  with:
    toolchain_path: ./rust-toolchain.toml
    toolchain_syntax: toml
    pre_commit_command: "bundle exec rake toolchain:sync"

"A github action that will check and update the rust toolchain. You can provide your own command to update any other files prior to commiting"

this sounds pretty sweet and I'd be interested to experiment here. Let me know if you want me to set up a repo for you

b-n commented 9 months ago

@lopopolo I'll merge this one for now after incorporating the feedback. I'm sure the action will fail on the run unless those options are action perms are added.

Also, more than happy to give a generic action a go, so yes please to a repo!

lopopolo commented 8 months ago
Screenshot 2024-02-19 at 4 26 56 PM

I tweaked the setting and bumped the job. It worked!

lopopolo commented 8 months ago

It looks like PRs created with this workflow don't trigger github status checks to run on PRs: https://github.com/peter-evans/create-pull-request/issues/48

A workaround I've found is to close and then reopen the PR.