Skip to content

[Snyk] Upgrade yaml from 2.4.0 to 2.4.3 #14

[Snyk] Upgrade yaml from 2.4.0 to 2.4.3

[Snyk] Upgrade yaml from 2.4.0 to 2.4.3 #14

name: pull-request-target
on:
pull_request_target:
types: [opened, edited, synchronize, labeled, closed]
branches:
- "*"
concurrency:
# Generally we use `github.ref`, but in pull_request_target, that's always `main`.
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
requireScope: false
# The standard ones plus
# - "internal" for code quality / ergonomics improvements
# - "devops" for developer ergonomics
# - "web" for playground / website (but not docs)
# - "tweak" for tiny changes
types: |
feat
fix
docs
style
refactor
perf
test
build
ci
chore
revert
internal
devops
web
tweak
backport:
# Backport to `web` branch on `pr-backport-web`
name: Backport to `web` branch
runs-on: ubuntu-latest
# Confirm that it's merged and has a label to ensure nothing is backported without oversight
if: |
github.event.pull_request.merged
&& (
github.event.action == 'closed'
|| (
github.event.action == 'labeled'
&& contains(github.event.label.name, 'pr-backport-web')
)
)
steps:
- uses: tibdex/backport@v2
with:
# This is a personal access token from the @prql-bot
github_token: ${{ secrets.PRQL_BOT_GITHUB_TOKEN }}
# Docs are at https://github.com/tibdex/backport/blob/main/action.yml
# We only use `web` atm
label_pattern: "^pr-backport-(?<base>([^ ]+))$"
title_template: "chore: Backport #<%= number%> to `web`"
automerge:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
# Check it's not coming from a fork — both to save running and
# in case someone spoofed an `actor` name.
if: ${{ !github.event.pull_request.head.repo.fork }}
steps:
# Get number of commits in the PR
- id: commit-count
run: >
echo "commit-count=$(curl -s -H 'Authorization: token ${{ github.token
}}' https://api.github.com/repos/prql/prql/pulls/${{
github.event.pull_request.number }}/commits | jq 'length')"
>>"$GITHUB_OUTPUT"
- if:
# - It's dependabot
# - or there's only one commit — so nothing has made further changes and
# - or it's prql-bot
# - or it's a pre-commit-ci update
github.actor == 'dependabot[bot]' ||
(steps.commit-count.outputs.commit-count == '1' && (github.actor ==
'prql-bot' || github.actor == 'pre-commit-ci[bot]'))
run:
gh pr merge --auto --squash --delete-branch ${{
github.event.pull_request.html_url }}
env:
GITHUB_TOKEN: ${{ secrets.PRQL_BOT_GITHUB_TOKEN }}