1
0

dependabot_changelog.yml 2.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. name: Write changelog for dependabot PR
  2. on:
  3. pull_request:
  4. types:
  5. - opened
  6. - reopened # For debugging!
  7. permissions:
  8. # Needed to be able to push the commit. See
  9. # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
  10. # for a similar example
  11. contents: write
  12. jobs:
  13. add-changelog:
  14. runs-on: 'ubuntu-latest'
  15. if: ${{ github.actor == 'dependabot[bot]' }}
  16. steps:
  17. - uses: actions/checkout@v3
  18. with:
  19. ref: ${{ github.event.pull_request.head.ref }}
  20. - name: Write, commit and push changelog
  21. env:
  22. PR_TITLE: ${{ github.event.pull_request.title }}
  23. PR_NUMBER: ${{ github.event.pull_request.number }}
  24. run: |
  25. echo "${PR_TITLE}." > "changelog.d/${PR_NUMBER}".misc
  26. git add changelog.d
  27. git config user.email "github-actions[bot]@users.noreply.github.com"
  28. git config user.name "GitHub Actions"
  29. git commit -m "Changelog"
  30. git push
  31. shell: bash
  32. # The `git push` above does not trigger CI on the dependabot PR.
  33. #
  34. # By default, workflows can't trigger other workflows when they're just using the
  35. # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing
  36. # recursive workflow loops by accident, because that'll get very expensive very
  37. # quickly.) Instead, you have to manually call out to another workflow, or else
  38. # make your changes (i.e. the `git push` above) using a personal access token.
  39. # See
  40. # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
  41. #
  42. # I have tried and failed to find a way to trigger CI on the "merge ref" of the PR.
  43. # See git commit history for previous attempts. If anyone desperately wants to try
  44. # again in the future, make a matrix-bot account and use its access token to git push.
  45. # THIS WORKFLOW HAS WRITE PERMISSIONS---do not add other jobs here unless they
  46. # are sufficiently locked down to dependabot only as above.