Skip to content

Update dependencies #31

Update dependencies

Update dependencies #31

name: Update dependencies
on:
schedule:
- cron: '0 11 * * 2'
workflow_dispatch:
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write
pull-requests: write
jobs:
update-deps:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: dependency-upload-session
aws-region: ${{ secrets.REGION }}
# This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same.
- name: update dependencies url
run: |
./bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
./bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
- name: create PR
uses: peter-evans/create-pull-request@v5
with:
# A Personal Access Token instead of the default `GITHUB_TOKEN` is required
# to trigger the checks (e.g., e2e tests) on the created pull request.
# More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
# TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN.
token: ${{ secrets.GITHUB_TOKEN }}
signoff: true
title: 'build(deps): Bump finch dependencies'