Auto updating dependencies in Gitlab

If you have a downstream repo which shares a dependency with an upstream repo, it can be annoying to keep them in sync manually. for each new tag/version created, you will have to manually edit the downstream job.

This is a quick script outlining how to automatically bump dependencies between these kind of repos on gitlab

Firstly in the upstream repo, ensure version is writen to some artifact. An artifact can persist between jobs. for example:


          stages:
            - job_one

          my_job:
            script:
              - echo "tag=${date + %s}" >> output.sh
            stage: job_one
            artifacts:
                paths:
                  - output.sh
        

Next, define a job which will trigger the downstream parent project.


          stages:
            - job_two
          
          update_dep:
            stage: job_two
            trigger:
              project: parent/project
        

In the downstream project, add a stage, update dependency. This will perform the act of editing the dependency file, adding to vc, pushing to the repo and opening an MR.


        stages:
            - update-dep
        
        update-dep:
          stage: update-dep
          before_script: 
            - source output.sh
          script:
            - echo "bumping dep with $tag"
            - git config --global user.email "gitlab-ci-user@mydomain.com"
            - git config --global user.nane "CI USER"
            # - the script to change your dep here
            - git add .
            - git commit -m "AUTO UPDATE DEP $tag"
            - git push https://oauth2:$ACCESS_TOKEN@mygitlabinstance.com/project/repo.git
            # make post request using gitlab api, using token for auth:
            - curl --request POST --header "PRIVATE-TOKEN: $ACCESS_TOKEN" --header 
           

For this you will need to create and set an access token with write and api access permissions.

Ensure to add the "needs" field which will take the artifact from the upstream job


          needs:
            # the project that created the artifact:
            - project: child_project/repo
            - job: update_dep
            - ref: main
            - artifacts: true
          only:
            - pipelines