ai-toolkit/.github/workflows/update-claude-code-action.yml at next · Uniswap/ai-toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: Update claude-code-action SHA
on:
  schedule:
    - cron: "0 9 * * 1" # Every Monday at 9:00 AM UTC
  workflow_dispatch:
    inputs:
      force:
        description: "Force update even if SHA appears current"
        type: boolean
        default: false
jobs:
  update-sha:
    name: Check and update anthropics/claude-code-action
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - uses: bullfrogsec/bullfrog@1831f79cce8ad602eef14d2163873f27081ebfb3 # v0.8.4
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Get latest claude-code-action release
        id: latest
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          echo "::group::Fetching latest release from anthropics/claude-code-action"
          RELEASE=$(gh api repos/anthropics/claude-code-action/releases/latest)
          LATEST_TAG=$(echo "$RELEASE" | jq -r '.tag_name')
          RELEASE_URL=$(echo "$RELEASE" | jq -r '.html_url')
          RELEASE_NOTES=$(echo "$RELEASE" | jq -r '.body // "No release notes provided."')
          echo "Latest release tag: $LATEST_TAG"
          echo "Release URL: $RELEASE_URL"
          echo "$RELEASE_NOTES" > /tmp/release_notes.md
          REF_DATA=$(gh api "repos/anthropics/claude-code-action/git/ref/tags/${LATEST_TAG}")
          OBJ_TYPE=$(echo "$REF_DATA" | jq -r '.object.type')
          OBJ_SHA=$(echo "$REF_DATA" | jq -r '.object.sha')
          if [ "$OBJ_TYPE" = "tag" ]; then
            COMMIT_SHA=$(gh api "repos/anthropics/claude-code-action/git/tags/${OBJ_SHA}" | jq -r '.object.sha')
          else
            COMMIT_SHA="$OBJ_SHA"
          fi
          echo "Resolved commit SHA: $COMMIT_SHA"
          echo "::endgroup::"
          echo "latest_tag=$LATEST_TAG"         >> "$GITHUB_OUTPUT"
          echo "latest_sha=$COMMIT_SHA"          >> "$GITHUB_OUTPUT"
          echo "release_url=$RELEASE_URL"        >> "$GITHUB_OUTPUT"
      - name: Find current pinned SHA
        id: current
        run: |
          UNIQUE_SHAS=$(
            grep -rEoh 'anthropics/claude-code-action@([a-f0-9A-F]+)' .github/workflows/ 2>/dev/null \
            | sed 's/.*@//' \
            | sort -u
          )
          SHA_COUNT=$(echo "$UNIQUE_SHAS" | grep -c . || true)
          if [ "$SHA_COUNT" -eq 0 ]; then
            echo "No pinned SHA found for anthropics/claude-code-action in .github/workflows/"
            echo "current_shas=" >> "$GITHUB_OUTPUT"
          elif [ "$SHA_COUNT" -eq 1 ]; then
            echo "Current pinned SHA: $UNIQUE_SHAS"
            echo "current_shas=$UNIQUE_SHAS" >> "$GITHUB_OUTPUT"
          else
            echo "WARNING: Found $SHA_COUNT distinct pinned SHAs — not all files are on the same version:"
            echo "$UNIQUE_SHAS"
            echo "current_shas=$(echo "$UNIQUE_SHAS" | tr '\n' ',' | sed 's/,$//')" >> "$GITHUB_OUTPUT"
          fi
      - name: Determine if update is needed
        id: check
        env:
          LATEST: ${{ steps.latest.outputs.latest_sha }}
          CURRENT_SHAS: ${{ steps.current.outputs.current_shas }}
          FORCE: ${{ github.event.inputs.force }}
        run: |
          if [ -z "$CURRENT_SHAS" ]; then
            echo "No existing SHA pin found — nothing to update."
            echo "needs_update=false" >> "$GITHUB_OUTPUT"
            exit 0
          fi
          # Check if all current SHAs match the latest (single value, equals latest)
          if echo "$CURRENT_SHAS" | grep -q ','; then
            echo "Multiple distinct SHAs found — update needed to unify all pins."
            echo "needs_update=true" >> "$GITHUB_OUTPUT"
          elif [ "$CURRENT_SHAS" = "$LATEST" ] && [ "$FORCE" != "true" ]; then
            echo "Already up-to-date (SHA: $CURRENT_SHAS). Skipping."
            echo "needs_update=false" >> "$GITHUB_OUTPUT"
          else
            echo "Update available: $CURRENT_SHAS → $LATEST"
            echo "needs_update=true" >> "$GITHUB_OUTPUT"
          fi
      - name: Build PR description
        id: body
        if: steps.check.outputs.needs_update == 'true'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CURRENT_SHAS: ${{ steps.current.outputs.current_shas }}
          LATEST: ${{ steps.latest.outputs.latest_sha }}
          LATEST_TAG: ${{ steps.latest.outputs.latest_tag }}
          RELEASE_URL: ${{ steps.latest.outputs.release_url }}
          GITHUB_SERVER_URL_VAL: ${{ github.server_url }}
          GITHUB_REPOSITORY_VAL: ${{ github.repository }}
        run: |
          # Use first SHA for comparison link (best effort when multiple exist)
          FIRST_SHA=$(echo "$CURRENT_SHAS" | tr ',' '\n' | head -1)
          COMPARE_URL="https://github.com/anthropics/claude-code-action/compare/${FIRST_SHA:0:7}...${LATEST_TAG}"
          CHANGED_FILES=$(
            grep -rl "anthropics/claude-code-action@" .github/workflows/ 2>/dev/null \
            | sed 's|^|  - `|; s|$|`|'
          )
          cat > /tmp/pr_body.md << EOF
## Update \`anthropics/claude-code-action\` SHA

This automated PR pins all usages of \`anthropics/claude-code-action\` to the latest release.

| | |
|---|---|
| **Previous SHA(s)** | \`${CURRENT_SHAS}\` |
| **New SHA** | [\`${LATEST:0:7}\`](https://github.com/anthropics/claude-code-action/commit/${LATEST}) |
| **New Release** | [\`${LATEST_TAG}\`](${RELEASE_URL}) |
| **Diff** | [Compare changes](${COMPARE_URL}) |

### Files updated
${CHANGED_FILES}

---

### Release notes for \`${LATEST_TAG}\`

$(cat /tmp/release_notes.md)

---

> _This PR was created automatically by the [update-claude-code-action](${GITHUB_SERVER_URL_VAL}/${GITHUB_REPOSITORY_VAL}/actions/workflows/update-claude-code-action.yml) workflow._
EOF
      - name: Update SHA in workflow files
        if: steps.check.outputs.needs_update == 'true'
        env:
          LATEST: ${{ steps.latest.outputs.latest_sha }}
          LATEST_TAG: ${{ steps.latest.outputs.latest_tag }}
        run: |
          find .github/workflows/ \( -name "*.yml" -o -name "*.yaml" \) | while read -r file; do
            if grep -qE "anthropics/claude-code-action@[a-f0-9A-F]+" "$file"; then
              sed -i -E \
                "s|anthropics/claude-code-action@[a-f0-9A-F]+([[:space:]]*#.*)?|anthropics/claude-code-action@${LATEST} # ${LATEST_TAG}|g" \
                "$file"
              echo "  Updated: $file"
            fi
          done
      - name: Create Pull Request
        if: steps.check.outputs.needs_update == 'true'
        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          branch: "chore/update-claude-code-action-${{ steps.latest.outputs.latest_tag }}"
          delete-branch: true
          commit-message: |
            chore: update claude-code-action to ${{ steps.latest.outputs.latest_tag }}

            Bumps anthropics/claude-code-action to ${{ steps.latest.outputs.latest_sha }}
          title: "chore: update `anthropics/claude-code-action` to `${{ steps.latest.outputs.latest_tag }}`"
          body-path: /tmp/pr_body.md
          labels: |
            dependencies
            automated