Update Composer Dependencies (with vendor) #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Composer Dependencies (with vendor) | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update-composer-deps: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Git | |
| run: | | |
| git config user.name "dependabot[bot]" | |
| git config user.email "49699333+dependabot[bot]@users.noreply.github.com" | |
| - name: Set up PHP 8.3 with extensions | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.3' | |
| extensions: curl,mysqli,openssl,soap,mbstring,json,zip,zlib,libxml,dom,gmp,gd,intl | |
| coverage: none | |
| - name: Cache Composer dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.composer/cache | |
| key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ runner.os }}-composer- | |
| - name: Install Composer | |
| run: | | |
| curl -sS https://getcomposer.org/installer | php | |
| sudo mv composer.phar /usr/local/bin/composer | |
| - name: Check outdated package and generate metadata | |
| id: pr_meta | |
| run: | | |
| OUTDATED=$(composer outdated --direct --format=json) | |
| PACKAGE=$(echo "$OUTDATED" | jq -r '.installed[0]') | |
| if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "null" ]; then | |
| NAME=$(echo "$PACKAGE" | jq -r '.name') | |
| FROM=$(echo "$PACKAGE" | jq -r '.version') | |
| TO=$(echo "$PACKAGE" | jq -r '.latest') | |
| BRANCH="dependabot/composer/$(echo $NAME | tr '/' '/')-$TO" | |
| REPO_URL="https://github.com/$(echo "$NAME" | cut -d/ -f1)/$(echo "$NAME" | cut -d/ -f2)" | |
| echo "name=$NAME" >> $GITHUB_OUTPUT | |
| echo "from=$FROM" >> $GITHUB_OUTPUT | |
| echo "to=$TO" >> $GITHUB_OUTPUT | |
| echo "branch=$BRANCH" >> $GITHUB_OUTPUT | |
| echo "title=Bump $NAME from $FROM to $TO" >> $GITHUB_OUTPUT | |
| echo "body<<EOF" >> $GITHUB_OUTPUT | |
| echo "Bumps [$NAME]($REPO_URL) from $FROM to $TO." >> $GITHUB_OUTPUT | |
| echo "- [Release notes]($REPO_URL/releases)" >> $GITHUB_OUTPUT | |
| echo "- [Changelog]($REPO_URL/blob/master/CHANGELOG.md)" >> $GITHUB_OUTPUT | |
| echo "- [Commits]($REPO_URL/compare/v$FROM...v$TO)" >> $GITHUB_OUTPUT | |
| echo "" >> $GITHUB_OUTPUT | |
| echo "---" >> $GITHUB_OUTPUT | |
| echo "updated-dependencies:" >> $GITHUB_OUTPUT | |
| echo "- dependency-name: $NAME" >> $GITHUB_OUTPUT | |
| echo " dependency-version: $TO" >> $GITHUB_OUTPUT | |
| echo " dependency-type: direct:production" >> $GITHUB_OUTPUT | |
| echo " update-type: version-update:semver-patch" >> $GITHUB_OUTPUT | |
| echo "" >> $GITHUB_OUTPUT | |
| echo "Signed-off-by: dependabot[bot] <[email protected]>" >> $GITHUB_OUTPUT | |
| echo "Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| else | |
| echo "No outdated packages." | |
| echo "skip=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Exit if nothing to update | |
| if: steps.pr_meta.outputs.skip == 'true' | |
| run: echo "No changes to commit." | |
| - name: Update dependencies and push | |
| if: steps.pr_meta.outputs.skip != 'true' | |
| run: | | |
| composer update --no-interaction | |
| git checkout -b "${{ steps.pr_meta.outputs.branch }}" | |
| git add composer.lock vendor/ | |
| git commit -m "Bump ${{ steps.pr_meta.outputs.name }} from ${{ steps.pr_meta.outputs.from }} to ${{ steps.pr_meta.outputs.to }}" | |
| git push -u origin "${{ steps.pr_meta.outputs.branch }}" | |