diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 774a52e8192..effcc2a23dd 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -40,7 +40,7 @@ _Actions:_ _Recovery:_ Manually trigger the action again on the relevant tag. -## increment-milestones-on-tag [🔗](increment-milestones-on-tag.yaml) +### increment-milestones-on-tag [🔗](increment-milestones-on-tag.yaml) _Trigger:_ When creating a tag. Release Candidate tags containing "-RC" or "-rc" will skip this. @@ -53,7 +53,7 @@ _Recovery:_ Manually close the related milestone and create a new one. _Notes:_ This actions will handle _minor_ releases only. As there is no milestone for _patch_ releases, it won't close and create _patch_ releated milestone. -## update-download-releases [🔗](update-download-releases.yaml) +### update-download-releases [🔗](update-download-releases.yaml) _Trigger:_ When a release is published. @@ -63,7 +63,7 @@ _Recovery:_ Download artifacts and upload them manually to the related _download _Notes:_ _Download releases_ are special GitHub releases with fixed URL and tags, but rolling artifacts to provided stable download links (ex [latest](https://github.com/DataDog/dd-trace-java/releases/tag/download-latest) and [latest-v1](https://github.com/DataDog/dd-trace-java/releases/tag/download-latest-v1)). -## update-issues-on-release [🔗](update-issues-on-release.yaml) +### update-issues-on-release [🔗](update-issues-on-release.yaml) _Trigger:_ When a release is published. Releases of type `prereleased` should skip this. @@ -94,6 +94,14 @@ _Trigger:_ When pushing commits to `master`. _Action:_ Run GitHub CodeQL action, upload result to GitHub security tab and DataDog Code Analysis. +### update-gradle-dependencies [🔗](trivy-analysis.yml) + +_Trigger:_ Every week or manually. + +_Action:_ Update the Grade dependencies and their locking files. + +_Recovery:_ Manually trigger the action again. + ### trivy-analysis [🔗](trivy-analysis.yml) _Trigger:_ When pushing commits to `master` or any pull request to `master`. diff --git a/.github/workflows/update-gradle-dependencies.yaml b/.github/workflows/update-gradle-dependencies.yaml new file mode 100644 index 00000000000..6d9a90d9688 --- /dev/null +++ b/.github/workflows/update-gradle-dependencies.yaml @@ -0,0 +1,43 @@ +name: Update Gradle dependencies +on: + schedule: + - cron: '0 4 * * 0' + workflow_dispatch: + +jobs: + update-gradle-dependencies: + runs-on: ubuntu-latest + name: Update Gradle dependencies + steps: + - name: Checkout repository + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6 + with: + submodules: 'recursive' + - name: Pick a branch name + run: echo "BRANCH_NAME=ci/update-gradle-dependencies-$(date +'%Y%m%d')" >> $GITHUB_ENV + - name: Create branch + run: | + git checkout -b $BRANCH_NAME + - name: Update Gradle dependencies + run: | + GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G'" \ + JAVA_HOME=$JAVA_HOME_8_X64 \ + JAVA_8_HOME=$JAVA_HOME_8_X64 \ + JAVA_11_HOME=$JAVA_HOME_11_X64 \ + JAVA_17_HOME=$JAVA_HOME_17_X64 \ + JAVA_21_HOME=$JAVA_HOME_21_X64 \ + ./gradlew resolveAndLockAll --write-locks --parallel --stacktrace --no-daemon --max-workers=4 + - name: Create pull request + env: + GH_TOKEN: ${{ github.token }} + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add **/gradle.lockfile + git commit -m "chore: Update Gradle dependencies" + git push -u origin $BRANCH_NAME + gh pr create --title "Update Gradle dependencies" \ + --body "This PR updates the Gradle dependencies" \ + --base master \ + --label "tag: dependencies" \ + --label "tag: no release notes"