Adding security check and updater pipeline

2026-03-18 13:47:01 -07:00
parent 9f055f6fa3
commit cb55297bb5
4 changed files with 712 additions and 1 deletions
--- a/scripts/create_mr.sh
+++ b/scripts/create_mr.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+BRANCH="dependency-updates-$(date +%Y%m%d)"
+SUMMARY_FILE="/tmp/update_summary.md"
+
+# configure git
+git config user.email "ci@gitlab.com"
+git config user.name "GitLab CI"
+
+# create and push the update branch
+git checkout -b "$BRANCH"
+git add pyproject.toml poetry.lock
+git commit -m "chore: update dependencies $(date +%Y-%m-%d)"
+git push "https://oauth2:${GITLAB_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git" "$BRANCH"
+
+# build MR description from summary file
+DESCRIPTION=$(cat "$SUMMARY_FILE")
+
+# create MR via GitLab API
+curl --fail --silent --show-error \
+    --request POST \
+    --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" \
+    --header "Content-Type: application/json" \
+    --data "{
+        \"source_branch\": \"${BRANCH}\",
+        \"target_branch\": \"main\",
+        \"title\": \"chore: dependency updates $(date +%Y-%m-%d)\",
+        \"description\": $(echo "$DESCRIPTION" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))'),
+        \"labels\": \"dependencies\",
+        \"remove_source_branch\": true
+    }" \
+    "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests"
+
+echo "Merge request created for branch: $BRANCH"