Merge pull request #465 from asciidoctor/dependabot/github_actions/up… #2357
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Check for Dependencies Updates" | |
| on: | |
| ## Check for dependencies update daily, at 00:00 UTC | |
| schedule: | |
| - cron: '0 0 * * *' | |
| ## Check for updatecli configuration with the "diff" command when new code is pushed | |
| push: | |
| pull_request: | |
| ## When run manually for validation purpose, or "retrying a failed build" | |
| workflow_dispatch: | |
| jobs: | |
| updatecli: | |
| if: github.repository_owner == 'asciidoctor' || github.event_name != 'schedule' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Extract the repo and owner values to feed to updatecli through env. variables | |
| - id: get-repo-infos | |
| name: Get Repository Informations | |
| run: | | |
| owner=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) | |
| repo=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) | |
| echo "owner=$owner" >> $GITHUB_OUTPUT | |
| echo "repo=$repo" >> $GITHUB_OUTPUT | |
| - name: Setup Updatecli | |
| uses: updatecli/[email protected] | |
| ## Ensure that the updatecli configurations are valid without waiting for the daily execution from the workflow "Updatecli" | |
| - name: Diff | |
| ## Check the updatecli syntax on each code change | |
| if: github.event_name != 'schedule' | |
| run: updatecli diff --config ./updatecli/updatecli.d --values ./updatecli/values.yaml | |
| env: | |
| ## Use GITHUB_TOKEN for diff as any external contributor will have one allowed to read GitHub API | |
| UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPO_NAME: ${{steps.get-repo-infos.outputs.repo}} | |
| REPO_OWNER: ${{steps.get-repo-infos.outputs.owner}} | |
| ## When on principal branch, generate a temporary token to allow starting/modifying workflows | |
| # Not using a PAT to avoid depending on a GitHub account | |
| - uses: tibdex/[email protected] | |
| id: generate_token | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| app_id: ${{ secrets.UPDATECLIBOT_APP_ID }} | |
| private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} | |
| - name: Apply | |
| if: github.ref == 'refs/heads/main' | |
| run: updatecli apply --config ./updatecli/updatecli.d --values ./updatecli/values.yaml | |
| env: | |
| ## Use generated token to allow writes on the GitHub API / starting fresh PRs workflows | |
| UPDATECLI_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| REPO_NAME: ${{steps.get-repo-infos.outputs.repo}} | |
| REPO_OWNER: ${{steps.get-repo-infos.outputs.owner}} | |
| ... |