Run Dependabot #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Dependabot | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| run-dependabot: | |
| permissions: | |
| # Important not to give Dependabot write access in case it runs arbitrary | |
| # code as some ecosystems do. | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download CLI | |
| env: | |
| # To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz" | |
| tar xzvf *.tar.gz >/dev/null 2>&1 | |
| ./dependabot --version | |
| - name: Run Dependabot | |
| env: | |
| LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| ./dependabot update -f .github/dependabot/go.yml --timeout 20m > result.jsonl | |
| - name: Upload result | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependabot-result | |
| path: result.jsonl | |
| create-prs: | |
| permissions: | |
| # This job creates PRs, so it needs write access. | |
| contents: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| needs: run-dependabot | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download result | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dependabot-result | |
| - name: Create PRs | |
| env: | |
| # To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. | |
| GH_TOKEN: ${{ github.token }} | |
| run: bash create.sh result.jsonl |