AWS Service Spec Update #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS Service Spec Update | |
on: | |
schedule: | |
# Every Monday at 13:37 UTC | |
- cron: 37 13 * * 1 | |
workflow_dispatch: {} | |
jobs: | |
update-spec: | |
# this workflow will always fail in forks; bail if this isn't running in the upstream | |
if: github.repository == 'aws/aws-cdk' | |
name: Update AWS Service Spec packages | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v4 | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "*" | |
env: | |
NODE_OPTIONS: "--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}" | |
# Install all current dependencies | |
- name: Yarn Install | |
run: yarn install --frozen-lockfile | |
# Upload the current db to be used later | |
- name: Upload base database | |
uses: actions/upload-artifact@v4 | |
with: | |
name: db.base.json.gz | |
path: node_modules/@aws-cdk/aws-service-spec/db.json.gz | |
if-no-files-found: error | |
# Perform the actual upgrade of the relevant packages | |
- name: Install ncu tool | |
run: npm -g install lerna npm-check-updates | |
- name: Run "ncu" for service spec packages | |
run: lerna exec --parallel ncu -- --upgrade --filter='@aws-cdk/aws-service-spec,@aws-cdk/service-spec-importers,@aws-cdk/service-spec-types' --target=latest | |
# This will ensure the current lockfile is up-to-date with the dependency specifications | |
- name: Install latest version & update lockfile | |
run: yarn upgrade @aws-cdk/aws-service-spec @aws-cdk/service-spec-importers @aws-cdk/service-spec-types | |
# Now that we have updated the database, upload the new candidate db | |
- name: Upload head database | |
uses: actions/upload-artifact@v4 | |
with: | |
name: db.head.json.gz | |
path: node_modules/@aws-cdk/aws-service-spec/db.json.gz | |
if-no-files-found: error | |
# Build @aws-cdk/spec2cdk and run L1 gen script to generate base files for new modules | |
- name: Build @aws-cdk/spec2cdk | |
run: lerna run build --stream --no-progress --skip-nx-cache --scope @aws-cdk/spec2cdk | |
- name: Generate L1s | |
working-directory: packages/aws-cdk-lib | |
run: yarn gen | |
# Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request | |
# Creating a pull request requires write permissions and it's best to keep write privileges isolated. | |
- name: Create Patch | |
run: |- | |
git add . | |
git diff --patch --staged > ${{ runner.temp }}/update-spec.patch | |
- name: Upload Patch | |
uses: actions/upload-artifact@v4 | |
with: | |
name: update-spec.patch | |
path: ${{ runner.temp }}/update-spec.patch | |
diff-db: | |
needs: update-spec | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: none | |
pull-requests: write | |
env: | |
CI: "true" | |
steps: | |
- name: Download base database | |
uses: actions/download-artifact@v4 | |
with: | |
name: db.base.json.gz | |
path: base | |
- name: Download head database | |
uses: actions/download-artifact@v4 | |
with: | |
name: db.head.json.gz | |
path: head | |
- name: Diff databases | |
id: diff-db | |
run: npx --yes --package=@aws-cdk/service-spec-importers@latest -c 'diff-db base/db.json.gz head/db.json.gz' > DIFF || echo "diff-result=true" >> $GITHUB_OUTPUT | |
continue-on-error: true | |
- name: Create PR body file | |
run: |- | |
echo 'Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`' >> PR.md | |
- name: Add model changelog to PR body file | |
if: steps.diff-db.outputs.diff-result | |
run: |- | |
echo '' >> PR.md | |
echo '**L1 CloudFormation resource definition changes:**' >> PR.md | |
echo '```' >> PR.md | |
cat DIFF >> PR.md | |
echo '```' >> PR.md | |
- name: Upload PR body file | |
uses: actions/upload-artifact@v4 | |
with: | |
name: PR.md | |
path: PR.md | |
pr: | |
name: Create Pull Request | |
needs: | |
- update-spec | |
- diff-db | |
permissions: | |
contents: write | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v4 | |
- name: Download patch | |
uses: actions/download-artifact@v4 | |
with: | |
name: update-spec.patch | |
path: ${{ runner.temp }} | |
- name: Apply patch | |
run: '[ -s ${{ runner.temp }}/update-spec.patch ] && git apply ${{ runner.temp }}/update-spec.patch || echo "Empty patch. Skipping."' | |
- name: Download PR body file | |
uses: actions/download-artifact@v4 | |
with: | |
name: PR.md | |
path: ${{ runner.temp }} | |
- name: Make Pull Request | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
# Git commit details | |
branch: automation/spec-update | |
author: aws-cdk-automation <[email protected]> | |
commit-message: |- | |
feat: update L1 CloudFormation resource definitions | |
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` | |
# Pull Request details | |
title: "feat: update L1 CloudFormation resource definitions" | |
body-path: ${{ runner.temp }}/PR.md | |
labels: contribution/core,dependencies,auto-approve,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test | |
team-reviewers: aws-cdk-team | |
# Github prevents further Github actions to be run if the default Github token is used. | |
# Instead use a privileged token here, so further GH actions can be triggered on this PR. | |
token: ${{ secrets.PROJEN_GITHUB_TOKEN }} |