From 77cf189e2cc970dbe88b02a8cf5974346bea2dbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20L=C3=A4ubrich?= <laeubi@laeubi-soft.de>
Date: Fri, 16 Aug 2024 20:32:46 +0200
Subject: [PATCH] Create a shared workflow that allows updating bundle
 dependencies

---
 .github/workflows/README.MD         |   5 ++
 .github/workflows/updateBundles.yml | 114 ++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+)
 create mode 100644 .github/workflows/updateBundles.yml

diff --git a/.github/workflows/README.MD b/.github/workflows/README.MD
index 84a3180f9f6..6795e8ab609 100644
--- a/.github/workflows/README.MD
+++ b/.github/workflows/README.MD
@@ -30,3 +30,8 @@ If a gist-url is given it requires the follwoing secret:
 ## mavenBuild.yml
 
 A unified maven matrix build that covers the usual workflow for a build verification of a platform repository.
+
+## updateBundles.yml
+
+Workflow that can be used as a timed action to check if any bundles need to update their versions due to changed dependencies.
+If a new dependency version is detected, the manifest is adjusted and a PR is created.
\ No newline at end of file
diff --git a/.github/workflows/updateBundles.yml b/.github/workflows/updateBundles.yml
new file mode 100644
index 00000000000..9d94841ea87
--- /dev/null
+++ b/.github/workflows/updateBundles.yml
@@ -0,0 +1,114 @@
+name: Update Bundle Dependencies
+on:
+  workflow_call:
+    inputs:
+      author:
+        description: Defines the committer / author that should be used for the commit
+        required: true
+        type: string
+      bundle-folders:
+        description: Defines the folders that should be scanned for bundles, must be a valid argument to the 'ls' command, defaults to 'bundles/*/'
+        required: false
+        default: 'bundles/*/'
+        type: string
+      maven-goals:
+        description: maven goals to use, defaults to 'clean verify'
+        required: false
+        default: 'clean verify'
+        type: string
+      submodules:
+        description: |
+          Whether to checkout submodules: `true` to checkout submodules or `recursive` to recursively checkout submodules.
+          When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are converted to HTTPS.
+          The value is just passed as it is to the github/actions/checkout action: https://github.com/actions/checkout#usage
+        type: string
+        required: false
+        default: 'false'
+      mavenVersion: 
+        description: 'The version of Maven set up'
+        type: string
+        required: false
+        default: '3.9.7'
+    secrets:
+      token:
+        description: Personal Access Token to use for creating pull-requests
+        required: true
+
+jobs:
+  list-bundles:
+    runs-on: ubuntu-latest
+    outputs:
+      bundles: ${{ steps.list-bundles.outputs.bundles }}
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        fetch-depth: 0
+        ref: master
+        submodules: ${{ inputs.submodules }}
+    - name: List all bundles
+      id: list-bundles
+      env:
+          FOLDER_PATTERN: ${{ inputs.bundle-folders }}
+      run: |
+          directories=($(ls -d $FOLDER_PATTERN))
+          directories=("${directories[@]%/}")
+          json_array=()
+          for dir in "${directories[@]}"; do
+            if [ -e ${dir}/META-INF/MANIFEST.MF ]
+            then
+              json_array+=("\"$dir\"")
+            fi
+          done
+          json_elements=$(IFS=,; echo "${json_array[*]}")
+          json_output="{ \"bundles\": [$json_elements] }"
+          echo "bundles=$json_output" | tee -a "$GITHUB_OUTPUT"
+
+  update-bundles:
+    runs-on: ubuntu-latest
+    if: always()
+    needs: list-bundles
+    strategy:
+      matrix: ${{ fromJson(needs.list-bundles.outputs.bundles) }}
+      max-parallel: 2
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+          ref: master
+      - name: Set up Maven
+        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
+        with:
+          maven-version: ${{ inputs.mavenVersion }}
+      - name: Set up JDK
+        uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: maven
+      - name: Update Bundle ${{ matrix.bundles }} 
+        working-directory: ${{ matrix.bundles }} 
+        run: >-
+          mvn -B -ntp org.eclipse.tycho.extras:tycho-version-bump-plugin:4.0.9-SNAPSHOT:update-manifest
+          -Dtycho.version=4.0.9-SNAPSHOT
+      - name: Build and Check for Version Bumps in ${{ matrix.bundles }}
+        working-directory: ${{ matrix.bundles }} 
+        continue-on-error: true
+        run: >-
+          mvn -B -ntp -DskipTests -Dtycho.apitools.failOnVersion org.eclipse.tycho:tycho-versions-plugin:4.0.9-SNAPSHOT:bump-versions
+          -Dtycho.version=4.0.9-SNAPSHOT
+          ${{ inputs.maven-goals }}
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        with:
+          commit-message: Bump Dependencies of ${{ matrix.bundles }}
+          branch: update-mf/${{ matrix.bundles }}
+          title: Bundle Dependencies Version Bumps for ${{ matrix.bundles }}
+          body: Please review the changes and merge if appropriate, or cherry pick individual updates.
+          delete-branch: true
+          draft: false
+          token: ${{ secrets.token }}
+          committer: ${{ inputs.author }}
+          author: ${{ inputs.author }}
+          add-paths: |
+            **/*.MF