Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

WIP prototyping an action to add changelogs for dependabot 2 #13995

Closed
wants to merge 17 commits into from
Closed

WIP prototyping an action to add changelogs for dependabot 2 #13995

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
873a8e3
WIP prototyping an action to add changelogs for dependabot
Sep 30, 2022
4392431
fix syntax
Sep 30, 2022
ceae7af
name and fix syntax?
Sep 30, 2022
0d1e86d
Don't run existing CI to save runners while prototyping
Sep 30, 2022
88b3a55
how do heredoc
Sep 30, 2022
d4be7d8
the next step
Sep 30, 2022
ceb91cf
asdsadas
Sep 30, 2022
c1157f5
commiter name and email
Sep 30, 2022
3d87628
okay fine i'll set config
Sep 30, 2022
2eb15fe
checkout branch?
Sep 30, 2022
cf4b01e
Changelog
github-actions[bot] Sep 30, 2022
0ef011a
check username is enforced
Sep 30, 2022
c3ef074
Let's test this with opening a new PR
Sep 30, 2022
32fc46b
fix? and reopens too
Sep 30, 2022
66a8cbb
Changelog
github-actions[bot] Sep 30, 2022
c044f2f
extra fullstop
Sep 30, 2022
d7ba161
Make workflow something that dependabot can run?
Sep 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions .github/workflows/dependabot_changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Write changelog for dependabot PR
on:
# /!\ pull_request_target is a security concern as it grants a read-write GITHUB_TOKEN
# within this workflow. We mitigate the risk by:
# - ensuring this workflow does nothing when NOT triggered by dependabot
# - downscoping permissions to the bare minimum.
# See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# and in particular the section "Responding to events" for advice. (That page
# recommends an untrusted/trusted workflow pair, but that is overkill for this
# workflow.)
pull_request_target:
types:
- opened

permissions:
# The list of permission scopes is defined here:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
# and here:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
# The best reference I could find for their meanings is:
# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps
actions: none
checks: none
contents: write
deployments: none
id-token: none
issues: none
discussions: none
packages: none
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none

jobs:
add-changelog:
runs-on: 'ubuntu-latest'
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Write, commit and push changelog
run: |
echo "${{ github.event.pull_request.title }}." > "changelog.d/${{ github.event.pull_request.number }}".docker
git add changelog.d
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "GitHub Actions"
git commit -m "Changelog"
git push
shell: bash
180 changes: 0 additions & 180 deletions .github/workflows/release-artifacts.yml
View file
Open in desktop

This file was deleted.

Loading