Add a script to filter dependabot dependencies

The new script filters dependabot's configuration to ignore direct dependencies which are tracked by parent Submariner projects. The reasoning is that such dependencies end up aligned during the release process anyway, so there isn't much point in processing PRs across all the projects to bump dependencies which will catch up later anyway. Signed-off-by: Stephen Kitt <[email protected]>
submariner-io · Jun 20, 2023 · 37375d2 · 37375d2
1 parent 4bc4c64
commit 37375d2
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/scripts/shared/filter_dependabot.sh b/scripts/shared/filter_dependabot.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+declare -a seendeps
+
+function depseen() {
+    local dep
+    for dep in "${seendeps[@]}"; do
+	if [ "$dep" = "$1" ]; then
+	    return 0
+	fi
+    done
+    return 1
+}
+
+base="$(pwd)"
+conffile="${base}/.github/dependabot.yml"
+
+for dir in $(yq '(.updates[] | select(.package-ecosystem == "gomod")).directory' "$conffile"); do
+
+    (cd "${base}${dir}" || exit
+
+     # Remove the existing ignores
+     yq -i '(.updates[] | select(.package-ecosystem == "gomod") | select(.directory == "'"$dir"'")).ignore = []' "$conffile"
+
+     # Restore the submariner-io exclusion
+     yq -i '(.updates[] | select(.package-ecosystem == "gomod") | select(.directory == "'"$dir"'")).ignore[0].dependency-name = "github.com/submariner-io/*"' "$conffile"
+     yq -i '(.updates[] | select(.package-ecosystem == "gomod") | select(.directory == "'"$dir"'")).ignore[0] head_comment = "Our own dependencies are handled during releases"' "$conffile"
+
+     # Ignore all parent dependencies
+     for parent in $(GOWORK=off go list -m -mod=mod -json all | jq -r 'select(.Path | contains("/submariner-io/")) | select(.Main != true) .Path | gsub("github.com/submariner-io/"; "")'); do
+	 first=true
+	 for dep in $(GOWORK=off go list -m -mod=mod -json all | jq -r 'select(.Path | contains("/submariner-io") | not) | select(.Indirect != true) | select(.Main != true) .Path'); do
+	     if ! depseen "$dep"; then
+		 if grep -q "$dep" "$base/../$parent/go.mod"; then
+		     yq -i -P '(.updates[] | select(.package-ecosystem == "gomod") | select(.directory == "'"$dir"'")).ignore += { "dependency-name": "'"$dep"'" }' "$conffile"
+		     if $first; then
+			 yq -i -P 'with(.updates[] | select(.package-ecosystem == "gomod") | select(.directory == "'"$dir"'"); .ignore[.ignore | length - 1] head_comment = "Managed in '"$parent"'")' "$conffile"
+			 first=false
+		     fi
+		     seendeps+=("$dep")
+		 fi
+	     fi
+	 done
+     done)
+
+done