From 3ff6fac8141574b31f3a93f613a3ea7db2a52a1a Mon Sep 17 00:00:00 2001 From: Derek Misler Date: Tue, 3 Mar 2026 11:19:30 -0500 Subject: [PATCH] feat: auto-update CAGENT_VERSION on new cagent releases Add workflow triggered by repository_dispatch (from dagent's release_cagent.yml) or manual workflow_dispatch to automatically update the CAGENT_VERSION file and create/update a PR. Key behaviors: - Validates version exists as a GitHub release before updating - Exits early if already up to date - Reuses a single PR branch (auto/update-cagent-version) so successive releases update the same PR instead of creating duplicates - Uses docker-agent GitHub App token with RELEASE_TOKEN fallback --- .github/workflows/update-cagent-version.yml | 142 ++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 .github/workflows/update-cagent-version.yml diff --git a/.github/workflows/update-cagent-version.yml b/.github/workflows/update-cagent-version.yml new file mode 100644 index 0000000..bbb78e5 --- /dev/null +++ b/.github/workflows/update-cagent-version.yml @@ -0,0 +1,142 @@ +name: Update cagent version + +on: + repository_dispatch: + types: [cagent-release] + workflow_dispatch: + inputs: + version: + description: "cagent version (e.g., v1.28.1). Leave empty to use latest release." + required: false + type: string + +jobs: + update-version: + runs-on: ubuntu-latest + env: + HAS_APP_SECRETS: ${{ secrets.CAGENT_REVIEWER_APP_ID != '' }} + steps: + - name: Generate GitHub App token + if: env.HAS_APP_SECRETS == 'true' + id: app-token + continue-on-error: true + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2 + with: + app_id: ${{ secrets.CAGENT_REVIEWER_APP_ID }} + private_key: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }} + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + token: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }} + + - name: Determine version + id: version + env: + DISPATCH_VERSION: ${{ github.event.client_payload.version }} + INPUT_VERSION: ${{ inputs.version }} + GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }} + run: | + if [ -n "$INPUT_VERSION" ]; then + VERSION="$INPUT_VERSION" + echo "Using manual input version: $VERSION" + elif [ -n "$DISPATCH_VERSION" ]; then + VERSION="$DISPATCH_VERSION" + echo "Using dispatched version: $VERSION" + else + echo "No version specified, fetching latest release from docker/cagent..." + VERSION=$(gh release view --repo docker/cagent --json tagName --jq '.tagName') + echo "Latest release: $VERSION" + fi + + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + + - name: Validate version exists + env: + GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }} + VERSION: ${{ steps.version.outputs.version }} + run: | + echo "Validating that $VERSION exists as a release on docker/cagent..." + if ! gh release view "$VERSION" --repo docker/cagent > /dev/null 2>&1; then + echo "❌ Release $VERSION not found on docker/cagent" + exit 1 + fi + echo "✅ Release $VERSION exists" + + - name: Check current version + id: check + env: + VERSION: ${{ steps.version.outputs.version }} + run: | + CURRENT=$(cat CAGENT_VERSION | tr -d '[:space:]') + echo "Current version: $CURRENT" + echo "Target version: $VERSION" + + if [ "$CURRENT" = "$VERSION" ]; then + echo "Already up to date, nothing to do." + echo "skip=true" >> "$GITHUB_OUTPUT" + else + echo "Version update needed: $CURRENT → $VERSION" + echo "skip=false" >> "$GITHUB_OUTPUT" + echo "current=$CURRENT" >> "$GITHUB_OUTPUT" + fi + + - name: Update CAGENT_VERSION + if: steps.check.outputs.skip != 'true' + env: + VERSION: ${{ steps.version.outputs.version }} + run: | + echo "$VERSION" > CAGENT_VERSION + echo "Updated CAGENT_VERSION to $VERSION" + + - name: Create or update PR + if: steps.check.outputs.skip != 'true' + env: + GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }} + VERSION: ${{ steps.version.outputs.version }} + CURRENT: ${{ steps.check.outputs.current }} + run: | + BRANCH="auto/update-cagent-version" + RELEASE_URL="https://github.com/docker/cagent/releases/tag/$VERSION" + + # Configure git + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + # Create or reset branch + git checkout -B "$BRANCH" + git add CAGENT_VERSION + git commit -m "chore: update cagent to $VERSION" + + # Force-push to handle both new and existing branches. + # This branch is exclusively managed by this workflow, so --force is safe. + git push --force origin "$BRANCH" + + # Check if a PR already exists for this branch + EXISTING_PR=$(gh pr list --head "$BRANCH" --state open --json number --jq '.[0].number') + + if [ -n "$EXISTING_PR" ]; then + echo "Updating existing PR #$EXISTING_PR" + gh pr edit "$EXISTING_PR" \ + --title "chore: update cagent to $VERSION" \ + --body "$(cat < Auto-generated by the [update-cagent-version](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow. + EOF + )" + else + echo "Creating new PR" + gh pr create \ + --title "chore: update cagent to $VERSION" \ + --body "$(cat < Auto-generated by the [update-cagent-version](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow. + EOF + )" \ + --label "kind/dependencies" + fi