-
Notifications
You must be signed in to change notification settings - Fork 117
51 lines (46 loc) · 2.1 KB
/
build-dependabot-pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# This workflow runs with a READ-ONLY GITHUB_TOKEN
# https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
# This action will run a `mvn license:aggregate-add-third-party` without write access to the repository
# The completion of this workflow triggers the `Update Dependabot Maven PR`
# workflow which has a read-write GITHUB_TOKEN, extracting the changes to
# license files and pushing these to back to the Dependabot PR branch.
name: Build Dependabot Maven PR
on:
push:
branches:
- "dependabot/maven**"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup java
uses: actions/setup-java@v1
with:
java-version: 21
- run: mvn --no-transfer-progress -B --file data-plane/pom.xml -Dlicense.outputDirectory=. license:aggregate-add-third-party
- run: mkdir ./dependabot-pr
- name: Save branch ref
run: echo ${{ github.ref }} | sed 's/refs\/heads\///' > ./dependabot-pr/BRANCH_REF
- name: Configure git
run: |
git config --local user.email "[email protected]"
git config --local user.name "Knative Automation"
# NOTE: Prefixing/appending commit messages with `[dependabot skip]` allows
# dependabot to rebase/update the pull request, force-pushing over any changes
- name: Commit and copy license changes
run: |
if [[ $(git status | grep 'data-plane/THIRD-PARTY.txt') ]]; then
git add data-plane/THIRD-PARTY.txt
git commit --signoff -m "[dependabot skip] Update data-plane/THIRD-PARTY.txt"
git format-patch -n HEAD^ --binary --stdout > ./dependabot-pr/changes.patch
else
echo "Licenses were not changed"
fi
# NOTE: Use actions/upload-artifact instead of actions/cache as the
# workflow triggered on the default branch doesn't have access to caches
# created on feature branches
- uses: actions/upload-artifact@v2
with:
name: dependabot-pr
path: dependabot-pr/