MatrixSynapse/.github/workflows/dependabot_changelog.yml

56 lines
2.3 KiB
YAML

name: Write changelog for dependabot PR
on:
pull_request:
types:
- opened
- reopened # For debugging!
permissions:
# Needed to be able to push the commit. See
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
# for a similar example
contents: write
# We need `actions-write` in order to create a `workflow_dispatch` event. See
# https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event
actions: write
jobs:
add-changelog:
runs-on: 'ubuntu-latest'
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Write, commit and push changelog
run: |
echo "${{ github.event.pull_request.title }}." > "changelog.d/${{ github.event.pull_request.number }}".misc
git add changelog.d
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "GitHub Actions"
git commit -m "Changelog"
git push
shell: bash
# We have to explicitly start CI.
#
# By default, workflows can't trigger other workflows when they're just using the
# default `GITHUB_TOKEN` access token. (This is intended to stop you from writing
# recursive workflow loops by accident, because that'll get very expensive very
# quickly.) Instead, you have to manually call out to another workflow, or else
# make your changes (i.e. the `git push` above) using a personal access token.
# See
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
- name: Trigger CI
# Note: we use $GITHUB_REF here to run PR against the merge of this change with
# develop; use github.event.pull_request.head.ref above to commit to the PR
# branch.
run: |
gh workflow run "tests.yml" --ref "$GITHUB_REF"
gh workflow run "release-artifacts.yml" --ref "$GITHUB_REF"
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they
# are sufficiently locked down to dependabot only as above.