chore: bump the npm-development group across 1 directory with 30 updates #680
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot Changeset | |
| on: pull_request_target | |
| permissions: {} | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.number }}' | |
| cancel-in-progress: true | |
| jobs: | |
| generate: | |
| name: Generate | |
| # IMPORTANT: | |
| # NEVER REMOVE THIS CONDITION! | |
| # We're using `pull_request_target` in order to have write access to the base repository | |
| # so we'll be able to commit the changeset file. | |
| # Removing the user check could give privileged access to a potential attacker. | |
| if: | | |
| github.event.pull_request.user.login == 'dependabot[bot]' && | |
| ! contains(github.event.pull_request.title, 'development group') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.head_ref }} | |
| - name: Install Dependencies | |
| uses: ./.github/actions/install | |
| - name: Configure git user | |
| run: | | |
| git config user.name 'github-actions[bot]' | |
| git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
| - name: Generate changeset | |
| run: node .github/scripts/generate-dependabot-changeset.ts |