feat: auto-update CAGENT_VERSION on new cagent releases

.github/workflows/update-cagent-version.yml

@@ -0,0 +1,142 @@
+name: Update cagent version
+
+on:
+  repository_dispatch:
+    types: [cagent-release]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "cagent version (e.g., v1.28.1). Leave empty to use latest release."
+        required: false
+        type: string
+
+jobs:
+  update-version:
+    runs-on: ubuntu-latest
+    env:
+      HAS_APP_SECRETS: ${{ secrets.CAGENT_REVIEWER_APP_ID != '' }}
+    steps:
+      - name: Generate GitHub App token
+        if: env.HAS_APP_SECRETS == 'true'
+        id: app-token
+        continue-on-error: true
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
+        with:
+          app_id: ${{ secrets.CAGENT_REVIEWER_APP_ID }}
+          private_key: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }}
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+
+      - name: Determine version
+        id: version
+        env:
+          DISPATCH_VERSION: ${{ github.event.client_payload.version }}
+          INPUT_VERSION: ${{ inputs.version }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+        run: |
+          if [ -n "$INPUT_VERSION" ]; then
+            VERSION="$INPUT_VERSION"
+            echo "Using manual input version: $VERSION"
+          elif [ -n "$DISPATCH_VERSION" ]; then
+            VERSION="$DISPATCH_VERSION"
+            echo "Using dispatched version: $VERSION"
+          else
+            echo "No version specified, fetching latest release from docker/cagent..."
+            VERSION=$(gh release view --repo docker/cagent --json tagName --jq '.tagName')
+            echo "Latest release: $VERSION"
+          fi
+
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Validate version exists
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          echo "Validating that $VERSION exists as a release on docker/cagent..."
+          if ! gh release view "$VERSION" --repo docker/cagent > /dev/null 2>&1; then
+            echo "❌ Release $VERSION not found on docker/cagent"
+            exit 1
+          fi
+          echo "✅ Release $VERSION exists"
+
+      - name: Check current version
+        id: check
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          CURRENT=$(cat CAGENT_VERSION | tr -d '[:space:]')
+          echo "Current version: $CURRENT"
+          echo "Target version:  $VERSION"
+
+          if [ "$CURRENT" = "$VERSION" ]; then
+            echo "Already up to date, nothing to do."
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "Version update needed: $CURRENT → $VERSION"
+            echo "skip=false" >> "$GITHUB_OUTPUT"
+            echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Update CAGENT_VERSION
+        if: steps.check.outputs.skip != 'true'
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          echo "$VERSION" > CAGENT_VERSION
+          echo "Updated CAGENT_VERSION to $VERSION"
+
+      - name: Create or update PR
+        if: steps.check.outputs.skip != 'true'
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.RELEASE_TOKEN }}
+          VERSION: ${{ steps.version.outputs.version }}
+          CURRENT: ${{ steps.check.outputs.current }}
+        run: |
+          BRANCH="auto/update-cagent-version"
+          RELEASE_URL="https://github.com/docker/cagent/releases/tag/$VERSION"
+
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Create or reset branch
+          git checkout -B "$BRANCH"
+          git add CAGENT_VERSION
+          git commit -m "chore: update cagent to $VERSION"
+
+          # Force-push to handle both new and existing branches.
+          # This branch is exclusively managed by this workflow, so --force is safe.
+          git push --force origin "$BRANCH"
+
+          # Check if a PR already exists for this branch
+          EXISTING_PR=$(gh pr list --head "$BRANCH" --state open --json number --jq '.[0].number')
+
+          if [ -n "$EXISTING_PR" ]; then
+            echo "Updating existing PR #$EXISTING_PR"
+            gh pr edit "$EXISTING_PR" \
+              --title "chore: update cagent to $VERSION" \
+              --body "$(cat <<EOF
+          ## Summary
+          Updates \`CAGENT_VERSION\` from \`$CURRENT\` to \`$VERSION\`.
+          - **Release**: [$VERSION]($RELEASE_URL)
+          - **Triggered by**: \`${{ github.event_name }}\`
+          > Auto-generated by the [update-cagent-version](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow.
+          EOF
+          )"
+          else
+            echo "Creating new PR"
+            gh pr create \
+              --title "chore: update cagent to $VERSION" \
+              --body "$(cat <<EOF
+          ## Summary
+          Updates \`CAGENT_VERSION\` from \`$CURRENT\` to \`$VERSION\`.
+          - **Release**: [$VERSION]($RELEASE_URL)
+          - **Triggered by**: \`${{ github.event_name }}\`
+          > Auto-generated by the [update-cagent-version](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow.
+          EOF
+          )" \
+              --label "kind/dependencies"
+          fi