Update Deps #100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow for updating Javascript dependencies with npm. | |
| # Major version updates are handled separately, by Dependabot. | |
| --- | |
| name: Update Deps | |
| on: | |
| workflow_dispatch: | |
| # Run every Monday at 0235 UTC | |
| schedule: | |
| - cron: '35 2 * * 1' | |
| jobs: | |
| workflow-auto-updates: | |
| name: Update dependencies | |
| runs-on: ubuntu-latest | |
| env: | |
| UPDATE_BRANCH_NAME: workflow-auto-updates | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| # This GPG key is for the `phylum-bot` account and used in order to ensure commits are signed/verified | |
| - name: Import GPG key for bot account | |
| uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 | |
| with: | |
| gpg_private_key: ${{ secrets.PHYLUM_BOT_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PHYLUM_BOT_GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Update Docusaurus Javascript dependencies | |
| working-directory: ./site | |
| run: npm update --save | |
| - name: Commit changes | |
| id: commit | |
| # There may not be any updates to commit/push | |
| continue-on-error: true | |
| # NOTE: The git user name and email used for commits is already configured, | |
| # by the crazy-max/ghaction-import-gpg action. | |
| run: | | |
| git commit -a -m "build: bump static site Javascript dependencies" | |
| git push --force origin HEAD:${{ env.UPDATE_BRANCH_NAME }} | |
| - name: Create Pull Request | |
| id: pr | |
| if: ${{ steps.commit.outcome == 'success' }} | |
| # The PR may already exist (e.g., created in previous week and not merged yet) so we | |
| # allow it here and check in the next step so workflow failures will be extraordinary | |
| continue-on-error: true | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.GH_RELEASE_PAT }} | |
| script: | | |
| const response = await github.rest.pulls.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| head: "${{ env.UPDATE_BRANCH_NAME }}", | |
| base: context.ref, | |
| title: "build: bump static site Javascript dependencies", | |
| body: "Bump dependencies in `site/package-lock.json` for all SemVer-compatible updates.", | |
| }); | |
| console.log(response); | |
| - name: Verify PR exists | |
| if: ${{ steps.pr.outcome == 'failure' }} | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: gh pr view ${{ env.UPDATE_BRANCH_NAME }} |