Skip to content

Commit

Permalink
ci-dependabot-fixup: fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
ptrus committed Oct 17, 2023
1 parent 9adafaf commit 5484dec
Showing 1 changed file with 36 additions and 14 deletions.
50 changes: 36 additions & 14 deletions .github/workflows/ci-dependabot-fixup.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,19 @@
# This workflow runs on Dependabot PRs that update Go dependencies. The workflow
# runs the gomod-updater tool to propagate the dependency updates to all Go projets
# in the repository. This is needed due to a Dependabot limitation which
# does not support updating multiple go projects in a single PR.
# https://github.com/dependabot/dependabot-core/issues/7547

# NOTE: This name appears in GitHub's Checks API and in workflow's status badge.
name: ci-dependabot-fixup

# Trigger the workflow when:
on:
# When a pull request event occurs for a pull request against one of the
# matched branches.
pull_request:
# We need pull_request_target hook since Dependabot PR's are treated as though they are from a forked repository.
# This means that the CI configuration will be taken from the base branch (main) and not the PR branch
# which makes it safe(r) to give it access to secrets.
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target
pull_request_target:
types: [opened, synchronize, reopened]
branches:
- main
Expand All @@ -24,27 +32,41 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: "0"
# We use a Personal Access Token (PAT) to checkout and later push the commit instead of
# the default $GITHUB_TOKEN. This is because events triggered by $GITHUB_TOKEN will not
# trigger new workflow runs, but we want to re-run the CI after pushing the updated commit.
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
token: ${{ secrets.BOT_GITHUB_TOKEN }}

- name: Ensure Dependebot author
- name: Ensure Dependebot author and Go mod updates
id: check
run: |
# Ensure Dependabot author.
if [ "${{ github.event.pull_request.user.login }}" != "dependabot[bot]" ]; then
echo "This PR was not created by Dependabot. No further action is being taken."
echo "::set-output name=skip::true"
exit 0;
if [ "${{ github.event.pull_request.user.login }}" != "dependabot[bot]" ]
then
echo "This PR was not created by Dependabot. No further action is being taken."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0;
fi
# Ensure only Dependabot commits.
git fetch --no-tags origin +refs/heads/${BASE_BRANCH}:refs/remotes/origin/${BASE_BRANCH}
if git log origin/${BASE_BRANCH}..HEAD --pretty=format:'%an' | grep -v '^dependabot\[bot\]$' | grep -q .
then
echo "This PR has commits not by Dependabot."
echo "::set-output name=skip::true"
echo "skip=true" >> $GITHUB_OUTPUT
exit 0;
fi
echo "All commits are by Dependabot."
# Ensure Go dependency updates.
if ! git diff --name-only origin/${BASE_BRANCH}..HEAD | grep -v -q 'go\.mod$'
then
echo "This PR does not update any Go dependencies."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0;
fi
echo "All commits are by Dependabot and update Go modules."
env:
BASE_BRANCH: ${{ github.base_ref }}

Expand Down Expand Up @@ -72,8 +94,8 @@ jobs:
version=$(echo $title | awk '{print $7}')
# Set the output variables for subsequent steps
echo "::set-output name=repo::$repo"
echo "::set-output name=version::$version"
echo "repo=$repo" >> $GITHUB_OUTPUT
echo "version=$version" >> $GITHUB_OUTPUT
- name: Run gomod updater
if: steps.check.outputs.skip != 'true'
Expand All @@ -85,9 +107,9 @@ jobs:
if: steps.check.outputs.skip != 'true'
env:
CI_COMMIT_MESSAGE: Dependabot dependencies fixup 👷
CI_COMMIT_AUTHOR: Dependabot Corrector
CI_COMMIT_AUTHOR: oasisprotocol-bot
run: |
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
git config --global user.email "ptrus@users.noreply.github.com"
git config --global user.email "oasisprotocol-bot@users.noreply.github.com"
git commit -a -m "${{ env.CI_COMMIT_MESSAGE }}"
git push

0 comments on commit 5484dec

Please sign in to comment.