From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Tue, 24 Mar 2020 20:33:36 +0000 (+0100)
Subject: SONAR-13155 schedule listing of available dependency upgrades
X-Git-Tag: 8.3.0.34182~84
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=24dc7b5f14dd547b87c8dbe277692ec04167001a;p=sonarqube.git

SONAR-13155 schedule listing of available dependency upgrades
---

diff --git a/.github/workflows/suggest-dependency-upgrades.yml b/.github/workflows/suggest-dependency-upgrades.yml
new file mode 100644
index 00000000000..99937a62c3d
--- /dev/null
+++ b/.github/workflows/suggest-dependency-upgrades.yml
@@ -0,0 +1,37 @@
+name: Suggest dependency upgrades
+on:
+# use push to test the bot
+#  push:
+#    branches-ignore:
+#      - 'bot/upgrade_plugins**'
+  schedule:
+    # at 5:00 every Monday
+    - cron:  '0 5 * * MON'
+
+jobs:
+  suggest-upgrades-job:
+    # prevent job to run on public repository sonarsource/sonarqube (on which GitHub Actions are disabled)
+    if: github.repository == 'sonarsource/sonar-enterprise'
+    runs-on: ubuntu-latest
+    name: List available upgrades
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 1
+          ref: master
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache Gradle Wrapper
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradlew-${{ hashFiles('**/*.zip') }}
+          restore-keys: ${{ runner.os }}-gradlew
+      - name: Find upgrades
+        env:
+          ARTIFACTORY_PRIVATE_USERNAME: ${{ secrets.REPOX_LOGIN }}
+          ARTIFACTORY_PRIVATE_PASSWORD: ${{ secrets.REPOX_API_KEY }}
+        run: |
+          ./gradlew dependencyUpdates yarn_audit -Drevision=release