Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
dependabot-action/.github/workflows/dependabot-build.yml
View runs Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
67 lines (59 sloc)
2.66 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Compile dependabot updates | |
on: | |
pull_request: | |
permissions: | |
pull-requests: write | |
contents: write | |
jobs: | |
fetch-dependabot-metadata: | |
runs-on: ubuntu-latest | |
# We only want to check the metadata on pull_request events from Dependabot itself, | |
# any subsequent pushes to the PR should just skip this step so we don't go into | |
# a loop on commits created by the `build-dependabot-changes` job | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
# Map the step output to a job output for subsequent jobs | |
outputs: | |
dependency-type: ${{ steps.dependabot-metadata.outputs.dependency-type }} | |
package-ecosystem: ${{ steps.dependabot-metadata.outputs.package-ecosystem }} | |
steps: | |
- name: Fetch dependabot metadata | |
id: dependabot-metadata | |
uses: dependabot/fetch-metadata@v1.3.0 | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
build-dependabot-changes: | |
runs-on: ubuntu-latest | |
needs: [fetch-dependabot-metadata] | |
# We only need to build the dist/ folder if the PR relates to Docker or a production npm dependency, otherwise we don't expect changes. | |
if: needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' ) | |
steps: | |
# Check out using a PAT so any pushed changes will trigger checkruns | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ secrets.DEPENDABOT_AUTOBUILD }} | |
- name: Read .nvmrc | |
id: nvm | |
run: echo ::set-output name=NVMRC::$(cat .nvmrc) | |
- name: Setup Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ steps.nvm.outputs.NVMRC }} | |
- name: Install npm dependencies | |
run: npm clean-install | |
# If we're reacting to a Docker PR, we have on extra step to refresh and check in the container manifest, | |
# this **must** happen before rebuilding dist/ so it uses the new version of the manifest | |
- name: Rebuild docker/containers.json | |
if: needs.fetch-dependabot-metadata.output.package-ecosystem == 'docker' | |
run: | | |
npm run update-container-manifest | |
git add docker/containers.json | |
- name: Rebuild the dist/ directory | |
run: npm run package | |
- name: Check in any change to dist/ | |
run: | | |
git add dist/ | |
git config user.name github-actions | |
git config user.email github-actions@github.com | |
git commit -m "[dependabot skip] Update dist/ with build changes" || exit 0 | |
git push |