Skip to content

Update dependencies using github actions #5636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update dependencies using github actions #5636

wants to merge 5 commits into from

Conversation

nawazkh
Copy link
Member

@nawazkh nawazkh commented May 12, 2025
edited
Loading

What type of PR is this?
/kind cleanup

What this PR does / why we need it:

  • This PR adds a GitHub workflow to update versions for
    • CONTROLLER_GEN
    • CONVERSION_GEN
    • KUSTOMIZE
    • AZWI
    • MOCKGEN
    • RELEASE_NOTES
    • KUBECTL
    • HELM
    • YQ
    • CODESPELL
  • The GitHub workflow will create individual PRs for each of the updated dependency.
    • Run every Sunday at midnight UTC.
    • PR is titled as [dependency] bump $tool to $latest"
  • hack/tools/tools.yaml now becomes the source of truth for the versions of the tools consumed in CAPZ's Makefile (tools that cannot be updated via existing dependabot workflow).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #N/A

Special notes for your reviewer:

  • Idea here is that Github workflow checks every week and creates individual PRs for each dependency.
    • It would be the responsibility of the maintainer to approve/reject the PR.
  • Dependabot is not used here because dependabot did not support updating binaries like kustomize, azwi, kpromo. Doing via GitHub action unifies the automation workflow and is also easier to maintain.
  • Note: Update Tool Versions workflow can also be triggered manually.

TODOs:

  • squashed commits
  • includes documentation
  • adds unit tests
  • cherry-pick candidate

Release note:

NONE

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels May 12, 2025
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 12, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jackfrancis for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 12, 2025
nawazkh
nawazkh commented May 12, 2025
View reviewed changes
Makefile
Comment on lines +49 to +69

# Tools directory
TOOLS_DIR := hack/tools
TOOLS_BIN_DIR := $(abspath $(TOOLS_DIR)/bin)
TOOLS_YAML := $(TOOLS_DIR)/tools.yaml
ADDONS_DIR := templates/addons

# Templates directory
TEMPLATES_DIR := $(ROOT_DIR)/templates
BIN_DIR := $(abspath $(ROOT_DIR)/bin)
EXP_DIR := exp
GO_INSTALL = ./scripts/go_install.sh
E2E_DATA_DIR ?= $(ROOT_DIR)/test/e2e/data
AZURE_TEMPLATES := $(E2E_DATA_DIR)/infrastructure-azure
KUBETEST_CONF_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/conformance.yaml)
KUBETEST_WINDOWS_CONFIG ?= upstream-windows.yaml
KUBETEST_WINDOWS_CONF_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/$(KUBETEST_WINDOWS_CONFIG))
KUBETEST_REPO_LIST_PATH ?= $(abspath $(E2E_DATA_DIR)/kubetest/)
AZURE_TEMPLATES := $(E2E_DATA_DIR)/infrastructure-azure
ADDONS_DIR := templates/addons
CONVERSION_VERIFIER := $(TOOLS_BIN_DIR)/conversion-verifier

# Bin directory
BIN_DIR := $(abspath $(ROOT_DIR)/bin)

# Exp directory
EXP_DIR := exp
Copy link
Member Author

@nawazkh nawazkh May 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is just reorganizing the Makefile.

@nawazkh
Copy link
Member Author

nawazkh commented May 12, 2025

/label tide/merge-method-squash

@k8s-ci-robot k8s-ci-robot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label May 12, 2025
@nawazkh nawazkh marked this pull request as ready for review May 12, 2025 20:58
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 12, 2025
@k8s-ci-robot k8s-ci-robot requested review from Jont828 and mboersma May 12, 2025 20:58
@nawazkh
Copy link
Member Author

nawazkh commented May 12, 2025

Testing the workflow, will remove the latest commit before merging.
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 12, 2025
nawazkh
nawazkh commented May 12, 2025
View reviewed changes
@nawazkh
Copy link
Member Author

nawazkh commented May 12, 2025
edited
Loading

Ran this GitHub workflow in my local and it resulted in below output as expected 🟢

Run set -euo pipefail
kubectl
v1.29.10
v1.31.0
Switched to a new branch 'update-tool-kubectl-v1.31.0'
Updating kubectl from v1.29.10 to v1.31.0
[update-tool-kubectl-v1.31.0 cbe38dd] dependency: bump kubectl to v1.31.0
 1 file changed, 1 insertion(+), 1 deletion(-)
To https://github.com/nawazkh/cluster-api-provider-azure
 + be21e86...cbe38dd update-tool-kubectl-v1.31.0 -> update-tool-kubectl-v1.31.0 (forced update)
Warning: 1 uncommitted change
https://github.com/nawazkh/cluster-api-provider-azure/pull/77
Switched to branch 'main'
Your branch is up to date with 'origin/main'.
HEAD is now at 636a2cc Tools dot yaml (#76)
Removing gh_2.49.0_linux_amd64/LICENSE
Removing gh_2.49.0_linux_amd64/share/
mockgen
v0.4.0
v1.6.0
Updating mockgen from v0.4.0 to v1.6.0
v3.17.3
Updating helm from v3.14.4 to v3.17.3
Switched to a new branch 'update-tool-helm-v3.17.3'
[update-tool-helm-v3.17.3 dbe9f55] dependency: bump helm to v3.17.3
 1 file changed, 1 insertion(+), 1 deletion(-)
remote: 
remote: Create a pull request for 'update-tool-helm-v3.17.3' on GitHub by visiting:        
remote:      https://github.com/nawazkh/cluster-api-provider-azure/pull/new/update-tool-helm-v3.17.3        
remote: 
To https://github.com/nawazkh/cluster-api-provider-azure
 * [new branch]      update-tool-helm-v3.17.3 -> update-tool-helm-v3.17.3
https://github.com/nawazkh/cluster-api-provider-azure/pull/84
Switched to branch 'main'
Your branch is up to date with 'origin/main'.
HEAD is now at 636a2cc Tools dot yaml (#76)
yq
v4.35.2
v4.45.4
Updating yq from v4.35.2 to v4.45.4
Switched to a new branch 'update-tool-yq-v4.45.4'
[update-tool-yq-v4.45.4 10141cf] dependency: bump yq to v4.45.4
 1 file changed, 1 insertion(+), 1 deletion(-)
remote: 
remote: Create a pull request for 'update-tool-yq-v4.45.4' on GitHub by visiting:        
remote:      https://github.com/nawazkh/cluster-api-provider-azure/pull/new/update-tool-yq-v4.45.4        
remote: 
To https://github.com/nawazkh/cluster-api-provider-azure
 * [new branch]      update-tool-yq-v4.45.4 -> update-tool-yq-v4.45.4
https://github.com/nawazkh/cluster-api-provider-azure/pull/85
Switched to branch 'main'
Your branch is up to date with 'origin/main'.
HEAD is now at 636a2cc Tools dot yaml (#76)

And created the following PRs in my fork

Screenshot 2025-05-12 at 5 08 18 PM

@nawazkh
Update dependencies using github actions
e7ab2d3 
- create individual PRs for each of the updated tool
- envsubst is updated via go list instead of hack/tools/tools.yaml
- adjust labels
@nawazkh nawazkh moved this from Todo to Needs Review in CAPZ Planning May 12, 2025
@nawazkh
Copy link
Member Author

nawazkh commented May 12, 2025

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 12, 2025
@nawazkh
Copy link
Member Author

nawazkh commented May 12, 2025

Upon closer inspection, kpromo's latest does not get fetched from https://api.github.com/repos/kubernetes-sigs/kpromo/releases/latest
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 12, 2025
@nawazkh nawazkh marked this pull request as draft May 12, 2025 23:53
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 12, 2025
@nawazkh nawazkh marked this pull request as ready for review May 13, 2025 00:10
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 13, 2025
@nawazkh
Copy link
Member Author

nawazkh commented May 13, 2025

/test pull-cluster-api-provider-azure-e2e

@k8s-ci-robot
Copy link
Contributor

@nawazkh: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cluster-api-provider-azure-e2e 9f8bf2c link true /test pull-cluster-api-provider-azure-e2e

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsturtevant jsturtevant Awaiting requested review from jsturtevant

@nojnhuh nojnhuh Awaiting requested review from nojnhuh

@Jont828 Jont828 Awaiting requested review from Jont828

@mboersma mboersma Awaiting requested review from mboersma

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
CAPZ Planning
Status: Needs Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nawazkh @k8s-ci-robot