-
Notifications
You must be signed in to change notification settings - Fork 17
43 lines (38 loc) · 1.84 KB
/
update-dependencies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Update dependencies
on:
schedule:
- cron: '0 11 * * 2'
workflow_dispatch:
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write
pull-requests: write
jobs:
update-deps:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: dependency-upload-session
aws-region: ${{ secrets.REGION }}
# This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same.
- name: update dependencies url
run: |
./bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
./bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
- name: create PR
uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6.0.2
with:
# A Personal Access Token instead of the default `GITHUB_TOKEN` is required
# to trigger the checks (e.g., e2e tests) on the created pull request.
# More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
# TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN.
token: ${{ secrets.GITHUB_TOKEN }}
signoff: true
title: 'build(deps): Bump finch dependencies'