gradle / wrapper-upgrade-gradle-plugin Goto Github PK

Given:

• An already existing bump wrapper PR from version 8.4 to 8.5
• A new bump wrapper PR got open from version 8.4 to 8.6

The first PR stay open and will not automatically closed (and the branch deleted).

I guess it would be nice if this is supported 🙃

I would love to see a Github Action for upgrading Gradle Wrapper which is official maintained by Gradle. (like your wrapper-validation-action)
That would make the update process more efficient. :)

Is it possible to somehow make the plugin delete the created branch when the PR gets merged? I have a suspicion that it can only be achieved with a GitHub App.

I've tried this out for updating wrappers in the junit5-samples repo via a separate repo:
https://github.com/junit-team/wrapper-upgrade

However, I'm getting the following error:
https://ge.junit.org/s/ldkbyuhdhqska/console-log

I noticed that this plugin will always running the wrapper tasks, regarding of if there is an upgrade available.
However, the plugin nows already if there is an upgrade available.

Here it checks for the current release. If there is no upgrade available, it just returns *the * version (that is, usedBuildToolVersion).

Then it will only use that version to run the wrapper task. Whether if it is the same version or not.

I guess it makes sense to avoid this. It is an unnecessary waste of resources.
Especially since you also recommend running this periodically in the readme:

In case there is no higher version than the current version, just skip the task execution and thats it 🤷

This is also in the readme:

wrapperUpgrade {
    gradle {
        register("some-gradle-project") {
            repo.set("my-org/some-gradle-project")
            baseBranch.set("release")
        }
        register("some-samples-gradle-project") {
            repo.set("my-org/some-samples-gradle-project")
            dir.set("samples")
        }
    }
}

But register will not work. It seems the plugin is too late to catch it.
However, create will work.

I'm not sure if this needs to be fixed in the plugin itself or in the readme 🤔

I also ask myself, why does this not matter in the Groovy version 🙃

When a project uses a version of Gradle that's newer than the latest stable release, e.g. a release candidate, the plugin currently sends a PR. For example: junit-team/junit5#3359

Instead, it should only update the wrapper if the version used by the project is older than the version it's attempting to upgrade to.

It is good practice to always signoff commits, especially in update bots like this. Dependabot already does it and it would be awesome to add this feature here also. Something like this but replaced with the actual name and email:

...
Signed-off-by: dependabot[bot] <[email protected]>

Note: There is a GitHub bot called DCO that checks PRs to see if the commits are correctly signed-off, that is what made me aware of this

Running all wrapper updates against the JUnit 5 Samples repo yields 9 PRs. An option to create one PR per repo would make that easier to work with.

See for example this PR:
#188

It checks only the DCO but don't execute other tests.

This is because the PR were created by an GH Action using the build in secrets.GITHUB_TOKEN.
See

I guess it make sense that also the bump wrapper PRs run all of the existing tests.

To do this, one option is to provide another secret (from another user) and invite them to this repository as a collaborator with write access. Then using this secret inside the action.
The user will then create the pull requests, instead of the "GitHub Action Bot".

You might want to use your bot-githubaction user for that? 😁

Today, I see PRs such as this one:

gradle/common-custom-user-data-maven-extension#223

The title of this PR, `Bump Maven Wrapper from 3.9.6 to 3.9.6 #223, is confusing since the version numbers are the same. It requires me to perform a deeper investigation to see that the Maven wrapper is updating rather than the Maven version.

It would be nice if instead the generated PR could be clear about what was updated.

Currently, when more than one Wrapper upgrade is performed for the same repository, there will be an equal number of PRs created for that repository.

For example: https://github.com/gradle/develocity-build-config-samples/pulls?q=is%3Apr+is%3Aclosed+%22Bump+Gradle+Wrapper+from+8.6+to+8.7%22

It would be nice if the plugin would batch all upgrades for the same repository and only create a single PR per repository.

When you run gradle tasks, only the aggregated tasks will show up:

This is because you don't set the group and description:

Maybe this is intended 🤷
But I think it make sense that you show all created tasks in the overview 🙃

Good work on this plugin! I'm just taking it for a spin...

When I setup the plugin in a project.

plugins {
    id 'base'
    id 'org.gradle.wrapper-upgrade' version '0.10.1'
}
wrapperUpgrade {
    gradle {
        'spring-boot-api-example' {
            repo = 'tkgregory/spring-boot-api-example'
            baseBranch = 'master'
        }
    }
}

And run on Ubuntu:

WRAPPER_UPGRADE_GIT_TOKEN=<my-secret-here> ./gradlew clean upgradeGradleWrapperAll --info --stacktrace

I get this error:

Starting process 'command 'git''. Working directory: /mnt/c/workspace/gradle-wrapper-update-example/build/git-clones/spring-boot-api-example Command: git push --quiet -u origin wrapperbot/spring-boot-api-example/gradle-wrapper-7.4.2
Successfully started process 'command 'git''
fatal: could not read Username for 'https://github.com/tkgregory/spring-boot-api-example.git': No such device or address

When I run git push myself from the directory and enter username/token combo it works as expected. I think the error is because Git doesn't know the username.

Should there be a way to specify username as well as token? 🤔

We should use the description field of the plugin declaration to specify release notes. Currently, it is always a static string.

The description field is shown on the plugin portal for each published version. Setting the description field to release notes means they can be seen directly in the plugin portal, rather than only on GitHub. This makes release notes and changes much more discoverable for users wanting to update.

An example of this can be seen on the plugin portal page for com.gradle.plugin-publish: https://plugins.gradle.org/plugin/com.gradle.plugin-publish

The Readme states:

create a pull request on Github, it requires a Github access token, passed with WRAPPER_UPGRADE_GIT_TOKEN environment variable.

As users don't want to give the token more permissions as needed it make sense to document which exact permissions are needed for the PAT (personal access token)

It would be very helpful to be able to specify labels, reviewers and assignees for the pull request that gets created by the gradle plugin.

Hello togehter 👋

in your readme you have the section "Task configuration":

IMHO this is a bit of missleading. As consumers don't get in touch with any task here, right?
Instead, they setup the plugin extension.
So it would be rather Extension configuration.
But I think this is also not good.
I thought more into the direction of Configure the plugin or just Configuration...

What do you think? 🤔