Update WordPress JS dependencies

.github/workflows/update-wordpress-js-dependencies-orchestrator.yml

@@ -0,0 +1,67 @@
+name: Update WordPress JS Dependencies
+on:
+  workflow_call:
+    inputs:
+      WP_SCRIPT_DIST_TAG:
+        description: The tag to use for updating the dependencies. e.g. wp-6.7
+        required: true
+        type: string
+      PACKAGES:
+        description: Comma separated list of packages to call the update js wordpress dependencies.
+        required: false
+        type: string
+    secrets:
+      GH_API_TOKEN:
+        description: An GH API Token capable of triggering repository_dispatch.
+        required: true
+
+jobs:
+  update-dependencies:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
+      WP_SCRIPT_DIST_TAG: ${{ inputs.WP_SCRIPT_DIST_TAG }}
+      PACKAGES: ${{ inputs.PACKAGES }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Read composer.json and specified packages and call the workflows
+      run: |
+        # Initialize an array for packages
+        packages=()
+
+        # Add packages from composer.json if it exists
+        if [ -f composer.json ]; then
+          composer_packages=$(cat composer.json | jq -r '.require | keys[]')
+          for pkg in $composer_packages; do
+            packages+=("$pkg")
+          done
+        fi
+
+        # Add packages from the PACKAGES environment variable
+        IFS=',' read -r -a env_packages <<< "$PACKAGES"
+        for pkg in "${env_packages[@]}"; do
+          packages+=("$pkg")
+        done
+
+        # Process all unique packages
+        unique_packages=$(echo "${packages[@]}" | tr ' ' '\n' | sort -u)
+
+
+        for package in ${unique_packages[@]}; do
+          echo "Processing package: $package"
+
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ env.GH_API_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/$package/dispatches \
+            -d '{"event_type":"update_wp_dependencies","client_payload":{"wp_version":"${{ env.WP_SCRIPT_DIST_TAG }}"}}'
+        done
+

.github/workflows/update-wordpress-js-dependencies.yml

@@ -0,0 +1,138 @@
+name: Update WordPress JS Dependencies
+on:
+  workflow_call:
+    inputs:
+      WP_SCRIPT_DIST_TAG:
+        description: The tag to use for updating the dependencies. e.g. wp-6.7
+        required: true
+        type: string
+      NPM_REGISTRY_DOMAIN:
+        description: Domain of the private npm registry.
+        default: https://npm.pkg.github.com/
+        required: false
+        type: string
+    secrets:
+      GITHUB_USER_EMAIL:
+        description: Email address for the GitHub user configuration.
+        required: false
+      GITHUB_USER_NAME:
+        description: Username for the GitHub user configuration.
+        required: false
+      GITHUB_USER_SSH_KEY:
+        description: Private SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
+        required: false
+      GITHUB_USER_SSH_PUBLIC_KEY:
+        description: Public SSH key associated with the GitHub user for the token passed as `GITHUB_USER_TOKEN`.
+        required: false
+      NPM_REGISTRY_TOKEN:
+        description: Authentication for the private npm registry.
+        required: false
+
+jobs:
+  update-dependencies:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      PACKAGE_MANAGER: npm
+      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
+      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
+      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
+      GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}
+      WP_SCRIPT_DIST_TAG: ${{ github.event.client_payload.wp_version || inputs.WP_SCRIPT_DIST_TAG }}
+      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
+      NPM_REGISTRY_DOMAIN: ${{ inputs.NPM_REGISTRY_DOMAIN }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        ssh-key: ${{ env.GITHUB_USER_SSH_KEY }}
+
+    - name: Set global variables
+      run: |
+        echo "TEMP_BRANCH_NAME=update/${{ env.WP_SCRIPT_DIST_TAG }}" >> $GITHUB_ENV
+        echo "CURRENT_DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
+
+    - name: Set up SSH
+      if: ${{ env.GITHUB_USER_SSH_KEY != '' }}
+      uses: webfactory/[email protected]
+      with:
+        ssh-private-key: ${{ env.GITHUB_USER_SSH_KEY }}
+
+    - name: Set up Git
+      run: |
+        git config --global user.email "${{ env.GITHUB_USER_EMAIL }}"
+        git config --global user.name "${{ env.GITHUB_USER_NAME }}"
+        git config --global advice.addIgnoredFile false
+        git config --global push.autoSetupRemote true
+
+    - name: Set up signing commits
+      if: ${{ env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
+      run: |
+        : # Create empty SSH private key file so Git does not complain.
+        touch "${{ runner.temp }}/signingkey"
+        echo "${{ env.GITHUB_USER_SSH_PUBLIC_KEY }}" > "${{ runner.temp }}/signingkey.pub"
+        git config --global commit.gpgsign true
+        git config --global gpg.format ssh
+        git config --global user.signingkey "${{ runner.temp }}/signingkey.pub"
+
+    - name: Checkout to temporary branch
+      run: |
+        git show-ref -q refs/remotes/origin/${{ env.TEMP_BRANCH_NAME }} && git checkout ${{ env.TEMP_BRANCH_NAME }} || git checkout -b ${{ env.TEMP_BRANCH_NAME }}
+
+    - name: Set up node cache mode
+      run: |
+        if [ "${{ env.PACKAGE_MANAGER }}" == 'npm' ] && { [ -f "${GITHUB_WORKSPACE}/package-lock.json" ] || [ -f "${GITHUB_WORKSPACE}/npm-shrinkwrap.json" ]; }; then
+          echo "NODE_CACHE_MODE=npm" >> $GITHUB_ENV
+        elif [ "${{ env.PACKAGE_MANAGER }}" == 'yarn' ] && [ -f "${GITHUB_WORKSPACE}/yarn.lock" ]; then
+          echo "NODE_CACHE_MODE=yarn" >> $GITHUB_ENV
+        else
+          echo "No lock files found or unknown package manager"
+        fi
+
+    - name: Set up node
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ env.NODE_VERSION }}
+        registry-url: ${{ env.NPM_REGISTRY_DOMAIN }}
+        cache: ${{ env.NODE_CACHE_MODE }}
+
+
+    - name: Install dependencies
+      env:
+        ARGS: ${{ env.NODE_CACHE_MODE == 'yarn' && '--frozen-lockfile' || env.NODE_CACHE_MODE == 'npm' && 'ci' || 'install' }}
+      run: ${{ format('{0} {1} --ignore-scripts', env.PACKAGE_MANAGER, env.ARGS) }}
+
+    - name: Running the update
+      env:
+        SCRIPT_START: ${{ env.PACKAGE_MANAGER == 'yarn' && 'yarn' || env.PACKAGE_MANAGER == 'npm' && 'npm run' }}
+      run: |
+        ./node_modules/.bin/wp-scripts packages-update --dist-tag=${{ env.WP_SCRIPT_DIST_TAG }}
+
+    - name: Git add and commit
+      run: |
+        git add -A
+        git commit -m "[BOT] Add dependencies changes for #${{ github.ref }}" --no-verify || ((echo "HAS_GIT_CHANGES=no" >> $GITHUB_ENV) && (echo "No changes to commit"))
+
+    - name: Git push
+      if: ${{ env.HAS_GIT_CHANGES != 'no' }}
+      run: git push
+
+
+    - name: Create Pull Request
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh pr create \
+          --base ${{ github.event.repository.default_branch }} \
+          --head ${{ env.TEMP_BRANCH_NAME }} \
+          --title "Align WP Dependencies to meet dist tag ${{ env.WP_SCRIPT_DIST_TAG }} - ${{ env.CURRENT_DATE }}" \
+          --body "This PR updates the WordPress dependencies to meet the version ${{ env.WP_SCRIPT_DIST_TAG }}." \
+          --label "dependencies"
+
+    - name: Delete signing key files
+      if: ${{ always() && env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
+      run: |
+        rm -f "${{ runner.temp }}/signingkey"
+        rm -f "${{ runner.temp }}/signingkey.pub"

docs/update-wp-dependencies.md

@@ -0,0 +1,112 @@
+# Update WP Dependencies
+
+This workflow is meant to ease the task of updating the **@wordpress/name** dependencies.
+
+We are providing two reusable workflows. 
+
+1. One workflow lives in the package having the dependencies, we will call this "Update WP Dependencies Workflow".
+2. The other workflow lives in a package that is meant to orchestrate other packages through composer, we will call this "Update WP Dependencies Orchestrator Workflow". 
+    This is simply a workflow that triggers the other one in other packages.
+
+## WP Dependencies Update Workflow
+
+The workflow will create a PR with the updated dependencies.
+
+
+### Configuration parameters for WP Dependencies Update Workflow
+
+#### Inputs for WP Dependencies Update Workflow
+
+| Name                  | Default                         | Description                                                                                                                                                                                                                                                                                                       |
+|-----------------------|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `WP_SCRIPT_DIST_TAG`  | `'wp-6.7'`                      | The dist tag used by [wp-scripts packages-update](https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#packages-update). You can see which tags are available by going to any [WordPress Package in NPM](https://www.npmjs.com/package/@wordpress/blocks?activeTab=versions) and see the Tag column |
+| `NPM_REGISTRY_DOMAIN` | `'https://npm.pkg.github.com/'` | Domain of the private npm registry                                                                                                                                                                                                                                                                                |
+
+
+#### Secrets for WP Dependencies Update Workflow
+
+| Name                         | Description                                                                  |
+|------------------------------|------------------------------------------------------------------------------|
+| `GITHUB_USER_EMAIL`          | Email address for the GitHub user configuration                              |
+| `GITHUB_USER_NAME`           | Username for the GitHub user configuration                                   |
+| `GITHUB_USER_SSH_KEY`        | Private SSH key associated with the GitHub user passed as `GITHUB_USER_NAME` |
+| `GITHUB_USER_SSH_PUBLIC_KEY` | Public SSH key associated with the GitHub user passed as `GITHUB_USER_NAME`  |
+| `NPM_REGISTRY_TOKEN`         | Authentication for the private npm registry                                  |
+
+**Example with configuration parameters:**
+
+```yaml
+name: WordPress JS Dependencies Update
+on:
+  workflow_dispatch:
+    inputs:
+      WP_SCRIPT_DIST_TAG:
+        description: The tag to use for updating the dependencies. e.g. wp-6.7
+        default: wp-6.7
+        required: true
+        type: string
+  repository_dispatch:
+    types: ['update_wp_dependencies']
+
+jobs:
+  update_wp_dependencies:
+    uses: inpsyde/reusable-workflows/.github/workflows/update-wordpress-js-dependencies.yml@main
+    secrets:
+        GITHUB_USER_EMAIL: ${{ secrets.DEPLOYBOT_EMAIL }}
+        GITHUB_USER_NAME: ${{ secrets.DEPLOYBOT_USER }}
+        GITHUB_USER_SSH_KEY: ${{ secrets.DEPLOYBOT_SSH_PRIVATE_KEY }}
+        GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.DEPLOYBOT_SSH_PUBLIC_KEY }}
+        NPM_REGISTRY_TOKEN: ${{ secrets.DEPLOYBOT_PACKAGES_READ_ACCESS_TOKEN }}
+    with:
+        NPM_REGISTRY_DOMAIN: "https://npm.pkg.github.com/"
+        WP_SCRIPT_DIST_TAG: ${{ inputs.WP_SCRIPT_DIST_TAG }}
+```
+
+## WP Dependencies Update Orchestrator Workflow
+
+The workflow will trigger the WP Dependencies Update Workflow in other repositories.
+
+
+### Configuration parameters for WP Dependencies Update Orchestrator Workflow
+
+#### Inputs for WP Dependencies Update Orchestrator Workflow
+
+| Name                  | Default    | Description                                                                                                                                                                                                                                                                                                       |
+|-----------------------|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `WP_SCRIPT_DIST_TAG`  | `'wp-6.7'` | The dist tag used by [wp-scripts packages-update](https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#packages-update). You can see which tags are available by going to any [WordPress Package in NPM](https://www.npmjs.com/package/@wordpress/blocks?activeTab=versions) and see the Tag column |
+| `PACKAGES`            | `''`       | A comma-separated list of repository in the form of organization-name/repository-name                                                                                                                                                                                                                             |
+
+
+#### Secrets for WP Dependencies Update Orchestrator Workflow
+
+| Name           | Description                                       |
+|----------------|---------------------------------------------------|
+| `GH_API_TOKEN` | A classic API token with repo and workflow access |
+
+**Example with configuration parameters:**
+
+```yaml
+name: Call Update WordPress Deps using loop from composer and defined packages
+
+on:
+  workflow_dispatch:
+    inputs:
+      WP_SCRIPT_DIST_TAG:
+        description: 'The WP dist tag. e.g.: wp-6.7'
+        required: true
+      PACKAGES:
+        description: Comma separated list of packages to call the update js wordpress dependencies.
+        required: false
+        type: string
+
+
+jobs:
+  update-dependencies:
+    uses: inpsyde/reusable-workflows/.github/workflows/update-wordpress-js-dependencies-orchestrator.yml@main
+    with:
+      WP_SCRIPT_DIST_TAG: ${{ inputs.WP_SCRIPT_DIST_TAG }}
+      PACKAGES: ${{ inputs.PACKAGES }}
+    secrets:
+      GH_API_TOKEN: ${{ secrets.DEPLOYBOT_REPO_READ_WRITE_TOKEN }}
+```
+