From 8da5f7c1e7e69662a2edc90271e17f841e0f1e01 Mon Sep 17 00:00:00 2001 From: "braden@vals.ai" Date: Thu, 30 Apr 2026 18:47:21 +0000 Subject: [PATCH] chore: add reusable submodule update workflow and slack notifications Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> --- .github/workflows/update-lockfile.yaml | 14 ++++ .github/workflows/update-submodules.yaml | 86 ++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 .github/workflows/update-submodules.yaml diff --git a/.github/workflows/update-lockfile.yaml b/.github/workflows/update-lockfile.yaml index ab9fc0f..1a68f59 100644 --- a/.github/workflows/update-lockfile.yaml +++ b/.github/workflows/update-lockfile.yaml @@ -5,6 +5,8 @@ on: secrets: GH_PAT: required: true + SLACK_WEBHOOK_URL: + required: false jobs: update: @@ -23,6 +25,7 @@ jobs: run: uv lock --upgrade-package create-benchmark-service - uses: peter-evans/create-pull-request@v8 + id: cpr with: token: ${{ secrets.GH_PAT }} commit-message: 'chore: update create-benchmark-service lockfile' @@ -32,3 +35,14 @@ jobs: Tests, lint, and typecheck must pass before merge. branch: chore/update-cbs-lockfile delete-branch: true + + - name: Notify Slack + if: steps.cpr.outputs.pull-request-url && secrets.SLACK_WEBHOOK_URL + run: | + curl -sf -X POST "$SLACK_WEBHOOK_URL" \ + -H 'Content-Type: application/json' \ + -d "{\"text\":\"📦 Lockfile update PR ($REPO): $PR_URL\"}" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PR_URL: ${{ steps.cpr.outputs.pull-request-url }} + REPO: ${{ github.repository }} diff --git a/.github/workflows/update-submodules.yaml b/.github/workflows/update-submodules.yaml new file mode 100644 index 0000000..3376c67 --- /dev/null +++ b/.github/workflows/update-submodules.yaml @@ -0,0 +1,86 @@ +name: update-submodules (reusable) + +on: + workflow_call: + inputs: + has_https_submodules: + description: 'Set to true if the repo has HTTPS submodule URLs that need PAT rewriting' + required: false + default: false + type: boolean + commit_message: + description: 'Commit message for the submodule update' + required: true + type: string + pr_title: + description: 'Title for the submodule update PR' + required: true + type: string + pr_branch: + description: 'Branch name for the submodule update PR' + required: true + type: string + secrets: + GH_PAT: + required: true + SUBMODULES_SSH_KEY: + required: true + SLACK_WEBHOOK_URL: + required: false + +jobs: + update: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + token: ${{ secrets.GH_PAT }} + submodules: false + + - name: Configure SSH for submodule repos + env: + SUBMODULES_SSH_KEY: ${{ secrets.SUBMODULES_SSH_KEY }} + run: | + mkdir -p ~/.ssh + ssh-keyscan github.com >> ~/.ssh/known_hosts + printf '%s\n' "$SUBMODULES_SSH_KEY" > ~/.ssh/submodules_key + chmod 600 ~/.ssh/submodules_key + git config --global core.sshCommand 'ssh -i ~/.ssh/submodules_key -o IdentitiesOnly=yes' + + - name: Rewrite HTTPS submodule URLs to use PAT + if: inputs.has_https_submodules + env: + GH_PAT: ${{ secrets.GH_PAT }} + run: | + git config --global url."https://x-access-token:${GH_PAT}@github.com/".insteadOf "https://github.com/" + + - name: Initialise submodules + run: git submodule update --init + + - name: Advance each submodule to latest remote HEAD + run: git submodule update --remote + + - name: Open PR if submodules changed + id: cpr + uses: peter-evans/create-pull-request@v8 + with: + token: ${{ secrets.GH_PAT }} + commit-message: ${{ inputs.commit_message }} + title: ${{ inputs.pr_title }} + body: | + Automated submodule bump. CI must pass before merge. + + Updated by the `update-submodules` workflow. + branch: ${{ inputs.pr_branch }} + delete-branch: true + + - name: Notify Slack + if: steps.cpr.outputs.pull-request-url && secrets.SLACK_WEBHOOK_URL + run: | + curl -sf -X POST "$SLACK_WEBHOOK_URL" \ + -H 'Content-Type: application/json' \ + -d "{\"text\":\"📦 Submodule update PR ($REPO): $PR_URL\"}" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + PR_URL: ${{ steps.cpr.outputs.pull-request-url }} + REPO: ${{ github.repository }}