action.yml

name: 'relock-conda'
description: 'GitHub action to relock conda environments using conda-lock'
author: Matthew R. Becker and the regro-cf-autotick-bot team
branding:
  icon: 'rotate-cw'
  color: 'green'

inputs:
  environment-file:
    description: 'the environment to (re)lock'
    required: false
    default: environment.yml
  lock-file:
    description: 'the lock file to update'
    required: true
    default: 'conda-lock.yml'
  ignored-packages:
    description: 'comma- or newline-separated list of packages whose version changes are ignored when relocking'
    required: true
    default: ''
  include-only-packages:
    description: >
      comma-or newline-separated list of packages to exclusively include when relocking, all others will be ignored,
      ignored-packages is applied to this list
    required: true
    default: ''
  relock-all-packages:
    description: 'whether to relock on an update to any package in the environment, not just those in the environment file'
    required: true
    default: false
  github-token:
    description: 'GitHub personal access token to use for making PRs'
    required: true
  action:
    description: >
      the action to take if the lock file is updated: `pr` will make a PR; `file` will leave the updated lock file
      in the current working directory; `commit` will commit the updated lock file and push the changes
    required: true
    default: 'pr'
  automerge:
    description: 'whether to automatically merge the PR'
    required: true
    default: false
  base-branch:
    description: >
      the base branch for PRs (See
      [this documentation](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#events-which-checkout-a-commit)
      for more details.)
  head-branch:
    description: 'the head branch for PRs'
    required: true
    default: 'relock-conda'
  skip-if-pr-exists:
    description: 'whether to skip relocking if a PR already exists'
    required: true
    default: false
  draft:
    description: 'whether to open the PR as a draft'
    required: true
    default: false
  git-user-name:
    description: >
      the name to use for git commits; the default of '' attempts to infer the name
      from the login associated with the GitHub token via the API. if this fails,
      we use the value `github.actor` from the context.
    required: false
    default: ''
  git-user-email:
    description: >
      the email to use for git commits; the default of '' attempts to infer the email
      from the login associated with the GitHub token via the API. if this fails,
      we use '${git-user-name}@users.noreply.github.com'.
    required: false
    default: ''

outputs:
  pull-request-number:
    description: "the number of the PR that was opened"
    value: ${{ steps.pr.outputs.pull-request-number }}
  relocked:
    description: "whether the environment was relocked"
    value: ${{ steps.set-output.outputs.relocked }}
  summary:
    description: "the summary of the relock operation"
    value: ${{ steps.relock.outputs.summary }}

runs:
  using: "composite"
  steps:
    # https://stackoverflow.com/a/73828715/1745538
    - name: skip if PR already exists
      id: check
      shell: bash -leo pipefail {0}
      run: |
        # skip if PR already exists
        if [[ "${EVENT_NAME}" == "issue_comment" ]]; then
          if [[ "${HAS_RELOCK_SLUG}" == "false" || "${COMMENT_IS_PR}" == "false" ]]; then
            res="true"
          else
            res="false"
          fi
        else
          if [[ "${INPUT_ACTION}" != "pr" ]]; then
              res="false"
          else
            prs=$(gh pr list \
                --repo "$GITHUB_REPOSITORY" \
                --head '${{ inputs.head-branch }}' \
                --json title \
                --jq 'map(select(.title == "relock w/ conda-lock")) | length')

            if [[ ${prs} !=  "0" && ${SKIP_IF_PR_EXISTS} == "true" ]]; then
                res="true"
            else
                res="false"
            fi
          fi
        fi
        echo "skip=${res}" >> "$GITHUB_OUTPUT"
      env:
        GH_TOKEN: ${{ inputs.github-token }}
        SKIP_IF_PR_EXISTS: ${{ inputs.skip-if-pr-exists }}
        INPUT_ACTION: ${{ inputs.action }}
        EVENT_NAME: ${{ github.event_name }}
        HAS_RELOCK_SLUG: ${{ startsWith(github.event.comment.body, '/relock-conda') }}
        COMMENT_IS_PR: ${{ github.event.issue.pull_request != null }}

    - name: react to issue comment
      if: >-
        steps.check.outputs.skip != 'true'
        && github.event_name == 'issue_comment'
        && startsWith(github.event.comment.body, '/relock-conda')
      shell: bash -leo pipefail {0}
      run: |
        # react to issue comment
        gh api \
          --method POST \
          -H "Accept: application/vnd.github+json" \
          -H "X-GitHub-Api-Version: 2022-11-28" \
          '/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions' \
          -f "content=rocket"
      env:
        GH_TOKEN: ${{ inputs.github-token }}

    - name: setup conda-lock
      if: ${{ steps.check.outputs.skip != 'true' }}
      uses: mamba-org/setup-micromamba@068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29 # v1
      with:
        environment-name: relock-env
        create-args: >-
          python
          click
          ruamel.yaml
          conda
          conda-lock
          pygithub
        condarc: |
          channels:
            - conda-forge

    - name: checkout PR if running on an issue
      if: >-
        steps.check.outputs.skip != 'true'
        && github.event_name == 'issue_comment'
        && startsWith(github.event.comment.body, '/relock-conda')
      shell: bash -leo pipefail {0}
      run: |
        # checkout PR if running on an issue
        gh pr checkout --repo "$GITHUB_REPOSITORY" '${{ github.event.issue.number }}'
      env:
        GH_TOKEN: ${{ inputs.github-token }}

    - name: relock
      id: relock
      if: ${{ steps.check.outputs.skip != 'true' }}
      shell: bash -leo pipefail {0}
      run: |
        # relock
        echo "::group::relock"
        python ${{ github.action_path }}/relock.py \
          --environment-file='${{ inputs.environment-file }}' \
          --lock-file='${{ inputs.lock-file }}' \
          --ignored-packages='${{ inputs.ignored-packages }}' \
          --relock-all-packages='${{ inputs.relock-all-packages }}' \
          --include-only-packages='${{ inputs.include-only-packages }}' \
          > ${{ github.action_path }}/summary.txt
        {
          echo 'summary<<EOF'
          cat ${{ github.action_path }}/summary.txt
          echo EOF
        } >> "$GITHUB_OUTPUT"
        rm ${{ github.action_path }}/summary.txt
        echo "::endgroup::"

    - name: commit changes
      if: >-
        steps.check.outputs.skip != 'true'
        && steps.relock.outputs.env_relocked == 'true'
        && (
          inputs.action == 'commit'
          || (
            github.event_name == 'issue_comment'
            && startsWith(github.event.comment.body, '/relock-conda')
          )
        )
      shell: bash -leo pipefail {0}
      run: |
        if [[ '${{ inputs.git-user-name }}' == '' ]]; then
          login=$(gh api user --jq '.name' || echo '')
          if [[ "${login}" == *"status\":\"4"* ]]; then
            login=''
          fi
          if [[ "${login}" == "" || "${login}" == "null" ]]; then
            login='${{ github.actor }}'
          fi
        else
          login='${{ inputs.git-user-name }}'
        fi

        if [[ '${{ inputs.git-user-email }}' == '' ]]; then
          email=$(gh api user --jq '.email' || echo '')
          if [[ "${email}" == *"status\":\"4"* ]]; then
            email=''
          fi
          if [[ "${email}" == "" || "${email}" == "null" ]]; then
            email=${login}@users.noreply.github.com
          fi
        else
          email='${{ inputs.git-user-email }}'
        fi

        echo "login: ${login}"
        echo "email: ${email}"

        git config set user.email ${email}
        git config set user.name ${login}

        if [[ '${{ github.event_name }}' == 'issue_comment' ]]; then
          branch=$(gh pr view --json headRefName --jq '.headRefName')
          repo=$(gh pr view --json headRepository --jq '.headRepository.name')
          owner=$(gh pr view --json headRepositoryOwner --jq '.headRepositoryOwner.login')
        else
          branch=$(git rev-parse --abbrev-ref HEAD)
          repo=$(basename -s .git `git config --get remote.origin.url`)
          owner=$(dirname `git config --get remote.origin.url` | rev | cut -d'/' -f1 | rev)
        fi
        git add '${{ inputs.lock-file }}'
        git commit -m 'relock w/ conda-lock'
        git push https://x-access-token:${GH_TOKEN}@github.com/${owner}/${repo}.git ${branch}:${branch}
      env:
        GH_TOKEN: ${{ inputs.github-token }}

    - name: open PR
      id: pr
      if: >-
        steps.check.outputs.skip != 'true'
        && steps.relock.outputs.env_relocked == 'true'
        && inputs.action == 'pr'
        && github.event_name != 'issue_comment'
      uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f
      with:
        commit-message: relock w/ conda-lock
        title: relock w/ conda-lock
        body: "This pull request relocks the dependencies with conda-lock.


          ${{ steps.relock.outputs.summary }}"
        branch: ${{ inputs.head-branch }}
        delete-branch: true
        token: ${{ inputs.github-token }}
        labels: dependencies
        base: ${{ inputs.base-branch }}
        draft: ${{ inputs.draft }}

    - name: comment on issue
      if: >-
        steps.check.outputs.skip != 'true'
        && steps.relock.outputs.env_relocked == 'true'
        && (
          inputs.action == 'commit'
          || (
            github.event_name == 'issue_comment'
            && startsWith(github.event.comment.body, '/relock-conda')
          )
        )
      shell: bash -leo pipefail {0}
      run: |
        # comment on issue
        gh pr comment --repo "$GITHUB_REPOSITORY" --body "I've relocked the dependencies with conda-lock!


          ${{ steps.relock.outputs.summary }}" '${{ github.event.issue.number }}'
      env:
        GH_TOKEN: ${{ inputs.github-token }}

    - name: automerge
      if: >-
        steps.check.outputs.skip != 'true'
        && inputs.automerge == 'true'
        && steps.relock.outputs.env_relocked == 'true'
        && steps.pr.outputs.pull-request-number != ''
        && inputs.action == 'pr'
        && github.event_name != 'issue_comment'
      shell: bash -leo pipefail {0}
      run: |
        # automerge
        gh pr merge --merge --auto '${{ steps.pr.outputs.pull-request-number }}'
      env:
        GH_TOKEN: ${{ inputs.github-token }}

    - name: set outputs
      id: set-output
      if: always()
      shell: bash -leo pipefail {0}
      run: |
        # set outputs
        res=""

        # if we skipped, we did not relock
        if [[ "${res}" == "" && '${{ steps.check.outputs.skip }}' == 'true' ]]; then
          res="false"
        fi

        # if the env was relocked, then we look at PR vs file
        if [[ "${res}" == "" && '${{ steps.relock.outputs.env_relocked }}' == 'true' ]]; then
          # for a PR, we need to know if it was opened
          if [[ '${{ inputs.action }}' == 'pr' ]]; then
            if [[ '${{ steps.pr.outputs.pull-request-number }}' != '' ]]; then
              res="true"
            else
              res="false"
            fi
          else
            # if not a PR, then we updated the file
            res="true"
          fi
        fi

        # if we get here, default to false
        if [[ "${res}" == "" ]]; then
          res="false"
        fi

        echo "relocked=${res}" >> "$GITHUB_OUTPUT"