Skip to content

Commit changes back to the branch if dependabot config doesn't match #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cmmarslender wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

Commit changes back to the branch if dependabot config doesn't match #185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
839e94d
Commit changes back to the branch if dependabot config doesn't match
cmmarslender Sep 6, 2024
6ffa331
Checkout the source ref before committing
cmmarslender Sep 6, 2024
251475a
Fetch from origin first
cmmarslender Sep 6, 2024
e1e4f95
Add secret checking
cmmarslender Sep 6, 2024
d2ffdac
Use branch from env variable
cmmarslender Sep 6, 2024
48da565
Fix other head_ref
cmmarslender Sep 6, 2024
1bbf139
Fix quotes/shellcheck
cmmarslender Sep 6, 2024
150ddc3
Remove a section to test auto commit
cmmarslender Sep 6, 2024
21a3a64
Updating dependabot configuration
ChiaAutomation Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 36 additions & 5 deletions .github/workflows/check-dependabot-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,40 @@ jobs:
timeout-minutes: 5

steps:
- name: Checkout Code
uses: actions/checkout@v4
- uses: Chia-Network/actions/git-mark-workspace-safe@main

- name: Check dependabot config generation is up to date
run: |
./update-dependabot-config.sh
- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SECRET

if [ -n "$REPO_COMMIT" ]; then HAS_SECRET='true' ; fi
echo HAS_SECRET=${HAS_SECRET} >> "$GITHUB_OUTPUT"
env:
REPO_COMMIT: "${{ secrets.REPO_COMMIT }}"

- name: Set token based on HAS_SECRET
run: echo "TOKEN=$([[ '${{ env.HAS_SECRET }}' == 'true' ]] && echo '${{ secrets.REPO_COMMIT }}' || echo '${{ github.token }}')" >> "$GITHUB_ENV"

- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ env.TOKEN }}

- uses: Chia-Network/actions/commit-sign/gpg@main
if: steps.check_secrets.outputs.HAS_SECRET
with:
gpg_private_key: ${{ secrets.CHIA_AUTOMATION_PRIVATE_GPG_KEY }}
passphrase: ${{ secrets.CHIA_AUTOMATION_PRIVATE_GPG_PASSPHRASE }}

- name: Check dependabot config generation is up to date
run: |
./update-dependabot-config.sh

- name: Commit any changes back to the repo
if: always() && steps.check_secrets.outputs.HAS_SECRET
env:
BRANCH: ${{ github.head_ref }}
run: |
( git fetch origin && git checkout "$BRANCH" && git commit -am "Updating dependabot configuration" && git push origin "$BRANCH" ) || true
11 changes: 9 additions & 2 deletions commit-sign/gpg/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,15 @@ runs:
steps:
- name: Install dependencies
run: |
( command -v apk && apk add git gpg gpg-agent ) || true
( command -v apt-get && apt-get update && apt-get install -y git gpg gpg-agent ) || true
# If running as root, then dont use sudo
if [ "$(id -u)" -eq 0 ]; then
SUDO=""
else
SUDO=$(command -v sudo || echo "")
fi

( command -v apk && ${SUDO} apk add git gpg gpg-agent ) || true
( command -v apt-get && ${SUDO} apt-get update && ${SUDO} apt-get install -y git gpg gpg-agent ) || true
shell: sh
- name: Call upstream import gpg action
uses: crazy-max/ghaction-import-gpg@v6
Expand Down