chore(ci): gh action to run a daily check for upstream required upgrade#106
Conversation
Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
Does the PR have any schema changes?Does the PR have any schema changes?Looking good! No breaking changes found. Maintainer note: consult the runbook for dealing with any breaking changes. |
Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
|
It would be nice to have a more event-driven upgrade approach here. We have a workflow in the Terraform provider repo to open an issue on this repo when a release happens: https://github.com/equinix/terraform-provider-equinix/blob/main/.github/workflows/pulumi.yml I see that that's failing due to SAML issues but there may be a way to resolve that since this repo is public and I can list issues in the UI without even logging in. That said, it's possible that GitHub protections around automated token access (GitHub Actions that run with the automated token can't trigger other GitHub Actions) would still be a problem. If we stick with the scheduled check we should remove the Pulumi workflow from the Terraform provider repo. IMO we could also do more frequent checks since this workflow should be fairly lightweight. Another option to consider is if we could somehow make Renovate aware of this dependency and have it open the upgrade PR for us the way it does for other dependencies. |
|
@ctreatma yes, the idea is to remove the action from the Terraform repository because I actually see that even fixing it can bring more authentication problems in the future. The tool https://github.com/pulumi/upgrade-provider integrates well with the |
Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
|
@ctreatma I have updated the cron to run every 8 hours Monday through Friday. Let's see how it works this way and if we need to update it in the future |
|
Renovate can be configured to run additional commands after updating a dependency version number, so it could theoretically run those make tasks, but a scheduled job works too and requires less configuration. Checking every 8 hours sounds like a good compromise. |
| - name: Run upgrade-provider upstream check | ||
| id: upstream_version | ||
| run: | | ||
| upgrade-provider "$REPO" --kind=check-upstream-version |
There was a problem hiding this comment.
Just to confirm: the upgrade-provider command runs all necessary make tasks & patches and then opens a GitHub PR with the resulting changes?
There was a problem hiding this comment.
exactly. This action executes it with kind=check-upstream-version, If a change is detected, it will create a new issue with the title "Upgrade terraform-provider-equinix to vX.Y.Z". That will trigger the upgrade-provider action
kind=all, this updates both the terraform provider, the bridge plugin and its dependencies
Replaced with in-repo gh action equinix/pulumi-equinix#106 Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
…#729) Replaced with in-repo gh action equinix/pulumi-equinix#106 Signed-off-by: Oscar Cobles <oscar.cobles@eu.equinix.com>
No description provided.