opencode-web-docker/.github/workflows/update-opencode-release.yml at main · djchen/opencode-web-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Update Upstream OpenCode Release

on:
  workflow_dispatch:
    inputs:
      release_tag:
        description: Specific upstream opencode release tag to pin.
        required: false
        type: string
  schedule:
    - cron: "17 0 * * *"

permissions:
  contents: read

concurrency:
  group: update-opencode-release
  cancel-in-progress: false

jobs:
  update-opencode:
    runs-on: ubuntu-latest
    environment: automation

    steps:
      - name: Check out repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
          submodules: recursive

      - name: Resolve target release
        id: release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          INPUT_RELEASE_TAG: ${{ inputs.release_tag }}
        run: |
          validate_release_tag() {
            if ! printf '%s\n' "$1" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)*(-[0-9A-Za-z][0-9A-Za-z.-]*)?$'; then
              printf 'Invalid release tag: %s\n' "$1" >&2
              exit 1
            fi
          }

          if [ -n "$INPUT_RELEASE_TAG" ]; then
            tag="$INPUT_RELEASE_TAG"
          else
            tag="$(gh release view --repo anomalyco/opencode --json tagName --jq .tagName)"
          fi

          validate_release_tag "$tag"
          printf 'tag=%s\n' "$tag" >> "$GITHUB_OUTPUT"

      - name: Setup Bun
        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Update submodule to target release
        env:
          RELEASE_TAG: ${{ steps.release.outputs.tag }}
        run: bun run upstream:update -- "$RELEASE_TAG"

      - name: Detect submodule changes
        id: diff
        run: |
          if git diff --quiet -- opencode; then
            echo "changed=false" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          echo "changed=true" >> "$GITHUB_OUTPUT"

      - name: Validate automation secrets
        if: steps.diff.outputs.changed == 'true'
        env:
          _APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
          _APP_KEY: ${{ secrets.APP_PRIVATE_KEY }}
        run: |
          if [ -z "$_APP_CLIENT_ID" ] || [ -z "$_APP_KEY" ]; then
            printf '%s\n' "APP_CLIENT_ID and APP_PRIVATE_KEY secrets are required to create automated update PRs."
            exit 1
          fi

      - name: Generate App token
        id: app-token
        if: steps.diff.outputs.changed == 'true'
        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
        with:
          client-id: ${{ secrets.APP_CLIENT_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}

      - name: Create pull request
        id: create-pr
        if: steps.diff.outputs.changed == 'true'
        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
        with:
          token: ${{ steps.app-token.outputs.token }}
          branch: automation/update-opencode-${{ steps.release.outputs.tag }}
          delete-branch: true
          commit-message: "chore: update opencode to ${{ steps.release.outputs.tag }}"
          title: "chore: update opencode to ${{ steps.release.outputs.tag }}"
          body: |
            ## Summary
            - update the `opencode/` submodule to `${{ steps.release.outputs.tag }}`
            - keep OpenCode Web Docker aligned with the latest upstream OpenCode release