summary refs log tree commit diff
path: root/.github/workflows/dependabot_changelog.yml
blob: 05bb30e6ad8eb35a89158d58dce0fc8ddccc848b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Write changelog for dependabot PR
on:
  pull_request:
    types:
      - opened
      - reopened  # For debugging!

permissions:
  # Needed to be able to push the commit. See 
  #     https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
  # for a similar example
  contents: write

jobs:
  add-changelog:
    runs-on: 'ubuntu-latest'
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}
      - name: Write, commit and push changelog
        run: |
          echo "${{ github.event.pull_request.title }}." > "changelog.d/${{ github.event.pull_request.number }}".misc
          git add changelog.d
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git config user.name "GitHub Actions"
          git commit -m "Changelog"
          git push
        shell: bash
      # We have to explicitly start CI.
      #
      # By default, workflows can't trigger other workflows when they're just using the
      # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing
      # recursive workflow loops by accident, because that'll get very expensive very
      # quickly.) Instead, you have to manually call out to another workflow, or else
      # make your changes (i.e. the `git push` above) using a personal access token.
      # See
      # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
      - name: Trigger CI
        # Note: we use $GITHUB_REF here to run PR against the merge of this change with
        # develop; use github.event.pull_request.head.ref above to commit to the PR
        # branch.
        run: |
          gh workflow run "tests.yml" --ref "$GITHUB_REF"
          gh workflow run "release-artifacts.yml" --ref "$GITHUB_REF"
        shell: bash

  # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they
  # are sufficiently locked down to dependabot only as above.