mirror of
https://github.com/dependabot/fetch-metadata.git
synced 2026-03-12 18:07:12 -04:00
9243bcbec4
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases)
- [Commits](b62528385c...0d49dd7211)
---
updated-dependencies:
- dependency-name: tibdex/github-app-token
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
66 lines
2.5 KiB
YAML
66 lines
2.5 KiB
YAML
name: Compile dependabot updates
|
|
|
|
on:
|
|
pull_request:
|
|
|
|
jobs:
|
|
fetch-dependabot-metadata:
|
|
runs-on: ubuntu-latest
|
|
|
|
# We only want to check the metadata on pull_request events from Dependabot itself,
|
|
# any subsequent pushes to the PR should just skip this step so we don't go into
|
|
# a loop on commits created by the `build-dependabot-changes` job
|
|
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
|
|
# Map the step output to a job output for subsequent jobs
|
|
outputs:
|
|
dependency-type: ${{ steps.dependabot-metadata.outputs.dependency-type }}
|
|
package-ecosystem: ${{ steps.dependabot-metadata.outputs.package-ecosystem }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
|
|
- name: Fetch dependabot metadata
|
|
id: dependabot-metadata
|
|
uses: ./
|
|
|
|
build-dependabot-changes:
|
|
runs-on: ubuntu-latest
|
|
needs: [fetch-dependabot-metadata]
|
|
|
|
# We only need to build the dist/ folder if the PR relates a production NPM dependency, otherwise we don't expect changes.
|
|
if: needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production'
|
|
steps:
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: tibdex/github-app-token@0d49dd721133f900ebd5e0dff2810704e8defbc6 # v1.8.2
|
|
with:
|
|
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
|
|
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
|
|
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
# Check out using an app token so any pushed changes will trigger checkruns
|
|
token: ${{ steps.generate_token.outputs.token }}
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version-file: .nvmrc
|
|
|
|
- name: Install NPM dependencies
|
|
run: npm ci
|
|
|
|
- name: Rebuild the dist/ directory
|
|
run: npm run build
|
|
|
|
- name: Check in any change to dist/
|
|
run: |
|
|
git add dist/
|
|
# Specifying the full email allows the avatar to show up: https://github.com/orgs/community/discussions/26560
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git commit -m "[dependabot skip] Update dist/ with build changes" || exit 0
|
|
git push
|