Techognito/starter-kit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Run npm-update in a GitHub workflow

Browse source 
This avoids a lot of moving parts in our infrastructure (webhook,
npm-trigger roundtrip, tasks container), works in exactly the same way
for independent third-party projects, and does not need *any* secret
other than the automatically provided GitHub token.

Let this run early every morning, roughly similar frequency as
cockpituous used to do. Also add a manual trigger, so that we get a
button to run it on demand.

Closes #384
This commit is contained in:
Martin Pitt 2020-10-20 09:08:08 +02:00 committed by GitHub
parent 7838cb70a9
commit 8e16b06df2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
.github/workflows/npm-update.yml vendored Normal file
View file

@ -0,0 +1,25 @@
name: npm-update
on:
schedule:
- cron: '0 2 * * *'
# can be run manually on https://github.com/cockpit-project/starter-kit/actions
workflow_dispatch:
jobs:
npm-update:
runs-on: ubuntu-latest
steps:
- name: Set up dependencies
run: sudo apt-get install -y npm make
- name: Set up configuration and secrets
run: |
printf '[user]\n\tname = Cockpit Project\n\temail=cockpituous@gmail.com\n' > ~/.gitconfig
echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token
- name: Clone repository
uses: actions/checkout@v2
- name: Run npm-update bot
run: |
make bots
bots/npm-update

13
.tasks
View file

@ -1,13 +0,0 @@
#!/bin/sh
# When run automated, randomize to minimize stampeding herd
if [ -t 0 ]; then
chance=10
else
chance=$(shuf -i 0-10 -n 1)
fi
if [ $chance -gt 9 ]; then
# Open issues for things that need doing on a regular basis
bots/npm-trigger
fi

8
README.md
View file

@ -103,6 +103,14 @@ with detailed comments how to use it. There is also an
[example GitHub release action](.github/workflows/release.yml.disabled) to set
up secrets and run cockpituous.
# Automated maintenance
It is important to keep your [NPM modules](./package.json) up to date, to keep
up with security updates and bug fixes. This is done with the
[npm-update bot script](https://github.com/cockpit-project/bots/blob/master/npm-update)
which is run weekly or upon [manual request](https://github.com/cockpit-project/starter-kit/actions) through the
[npm-update.yml](.github/workflows/npm-update.yml) [GitHub action](https://github.com/features/actions).
# Further reading
* The [Starter Kit announcement](http://cockpit-project.org/blog/cockpit-starter-kit.html)