From 167f111cd54c0653463c37ab72c6e698e54eb6f1 Mon Sep 17 00:00:00 2001
From: Kenneth Bingham <kenneth.bingham@netfoundry.io>
Date: Wed, 14 Feb 2024 18:22:22 -0500
Subject: [PATCH] add workflow to send a pull request when vcpkg update is
 available

---
 .github/workflows/docker-publish.yml | 12 +++++-
 .github/workflows/vcpkg-bumper.yml   | 60 ++++++++++++++++++++++++++++
 .vcpkg_version                       |  1 +
 Dockerfile                           |  5 ++-
 4 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/vcpkg-bumper.yml
 create mode 100644 .vcpkg_version

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 65257ee..fc2830a 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -24,7 +24,6 @@ jobs:
 
     runs-on: ubuntu-latest
     permissions:
-      contents: read
       packages: write
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
@@ -73,6 +72,14 @@ jobs:
             # keep major version, e.g., v1, tag updated to latest release
             type=semver,pattern=v{{major}},enable=${{startsWith(github.ref, 'refs/tags/v')}}
 
+      - name: Find vcpkg version to install
+        id: select_vcpkg
+        shell: bash
+        run: |
+          set -o pipefail
+          set -o xtrace
+          echo "vcpkg_version=$(< ./.vcpkg_version)" | tee -a $GITHUB_OUTPUT
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
@@ -85,7 +92,8 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
+          build-args: |
+            VCPKG_VERSION=${{ steps.select_vcpkg.outputs.vcpkg_version }}
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
diff --git a/.github/workflows/vcpkg-bumper.yml b/.github/workflows/vcpkg-bumper.yml
new file mode 100644
index 0000000..f1f216d
--- /dev/null
+++ b/.github/workflows/vcpkg-bumper.yml
@@ -0,0 +1,60 @@
+name: Bump vcpkg version
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Run every day at 10:00 UTC (05:00 EST)
+    - cron: 0 10 * * *
+
+jobs:
+  bump:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Find latest vcpkg version
+        id: latest_vcpkg
+        uses: gregziegan/fetch-latest-release@v2.0.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          repo_path: "microsoft/vcpkg"
+
+      - name: Compare vcpkg version
+        id: compare_vcpkg
+        shell: bash
+        env:
+          NEW_VCPKG_VERSION: ${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
+        run: |
+          set -o pipefail
+          set -o xtrace
+          CURRENT_VCPKG_VERSION="$(< ./.vcpkg_version)"
+          if [[ "$NEW_VCPKG_VERSION" == "$CURRENT_VCPKG_VERSION" ]]; then
+            echo "update_vcpkg=false" | tee -a $GITHUB_OUTPUT
+          else
+            echo "update_vcpkg=true" | tee -a $GITHUB_OUTPUT
+          fi
+
+      - name: Bump version file
+        if: steps.compare_vcpkg.outputs.update_vcpkg == 'true'
+        shell: bash
+        env:
+          NEW_VCPKG_VERSION: ${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
+        run: |
+          set -o pipefail
+          set -o xtrace
+          echo -n "$NEW_VCPKG_VERSION" > .vcpkg_version
+
+      - name: Create Pull Request if vcpkg version changed
+        if: steps.compare_vcpkg.outputs.update_vcpkg == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: bump vcpkg version to ${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
+          title: bump vcpkg version to ${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
+          body: update vcpkg to version ${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
+          branch: update-vcpkg-${{ vars.VCPKG_VERSION || steps.latest_vcpkg.outputs.tag_name }}
diff --git a/.vcpkg_version b/.vcpkg_version
new file mode 100644
index 0000000..0079d66
--- /dev/null
+++ b/.vcpkg_version
@@ -0,0 +1 @@
+2024.02.14
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index b4e6458..6441818 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,7 @@
 
 # pin the cmake version to ensure repeatable builds
 ARG CMAKE_VERSION="3.26.3"
+ARG VCPKG_VERSION="2024.03.25"
 # patch releases are automatically accepted by pip install ninja~=1.11.0
 ARG NINJA_MINOR_VERSION="1.11.0"
 
@@ -10,6 +11,7 @@ ARG NINJA_MINOR_VERSION="1.11.0"
 FROM ubuntu:bionic
 
 ARG CMAKE_VERSION
+ARG VCPKG_VERSION
 ARG NINJA_MINOR_VERSION
 ARG XDG_CONFIG_HOME
 ARG DEBIAN_FRONTEND=noninteractive
@@ -68,6 +70,7 @@ RUN curl -sSLf https://apt.llvm.org/llvm-snapshot.gpg.key \
     && chmod +r /usr/share/keyrings/llvm-snapshot.gpg \
     && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot.gpg] http://apt.llvm.org/bionic/ llvm-toolchain-bionic-17 main" > /etc/apt/sources.list.d/llvm-snapshot.list
 
+# when we migrate this builder to focal or newer, just remove this ppa and the rest should work
 RUN add-apt-repository ppa:git-core/ppa \
     && apt-get update \
     && apt-get --yes --quiet --no-install-recommends install \
@@ -110,7 +113,7 @@ ENV VCPKG_FORCE_SYSTEM_BINARIES=yes
 # global config settings as root in GIT_CONFIG_GLOBAL
 RUN cd /usr/local \
     && git config --global advice.detachedHead false \
-    && git clone --branch 2023.06.20 https://github.com/microsoft/vcpkg \
+    && git clone --branch "${VCPKG_VERSION}" https://github.com/microsoft/vcpkg \
     && ./vcpkg/bootstrap-vcpkg.sh -disableMetrics \
     && chmod -R ugo+rwX /usr/local/vcpkg