chore(deps): update all dependencies #1360
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # ack workflow runs on any change made to a pull-request and aims to verify | |
| # that is following our practices. Initial version is checking correct label | |
| # presence. | |
| name: ack | |
| on: | |
| issues: | |
| types: [opened, reopened] | |
| merge_group: | |
| pull_request_target: | |
| types: [opened, labeled, unlabeled, synchronize] | |
| workflow_call: # allows reuse of this workflow from other devtools repos | |
| secrets: | |
| BOT_PAT: | |
| required: false | |
| jobs: | |
| ack: | |
| runs-on: ubuntu-24.04 | |
| environment: ack | |
| env: | |
| BOT_PAT: ${{ secrets.BOT_PAT || secrets.ANSIBUDDY_BOT_PAT }} | |
| permissions: | |
| checks: write | |
| contents: write # needed to update release | |
| pull-requests: write # pr approval and merge | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Dump GitHub context | |
| run: | | |
| cat <<'EOF_GITHUB_CONTEXT' | |
| ${{ toJson(github) }} | |
| EOF_GITHUB_CONTEXT | |
| - uses: release-drafter/release-drafter/autolabeler@v7 | |
| - name: Verify PR label action | |
| if: github.event_name != 'merge_group' | |
| uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5 | |
| with: | |
| # minimum (not exactly): Renovate/Dependabot add labels like `dependencies` alongside chore | |
| mode: minimum | |
| count: 1 | |
| add_comment: true | |
| message: > | |
| Label error. Requires {{errorString}} {{count}} of: {{ provided }}. | |
| Found: {{ applied }}. Follow https://www.conventionalcommits.org to | |
| get auto-labeling to work correctly. | |
| exit_type: failure | |
| # see conventional commits prefixes: https://www.conventionalcommits.org | |
| labels: | | |
| breaking | |
| chore | |
| feat | |
| fix | |
| - name: Update release notes if this is already merged | |
| if: github.event.pull_request.merged == true | |
| uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Add issue or pull-request to 'devtools' project | |
| # Workaround for running this step only if BOT_PAT secret is found | |
| # also this action would not work on merge_group events. | |
| if: env.BOT_PAT != null && github.event_name != 'merge_group' | |
| # Continuing on errors to avoid failures for duplicate content in the project board. | |
| # Occurs when PRs are created from draft on the board, which is standard behavior | |
| # from external orgs (e.g. from ansible-automation-platform org). | |
| # See https://github.com/actions/add-to-project/issues/389 | |
| continue-on-error: true | |
| uses: actions/add-to-project@main | |
| with: | |
| project-url: https://github.com/orgs/ansible/projects/86 | |
| # Do not use secrets.GITHUB_TOKEN here because it does not have | |
| # access to projects. Only personal access tokens (PAT) can be used. | |
| github-token: ${{ env.BOT_PAT }} | |
| # labeled: skip-changelog | |
| # label-operator: NOT | |
| # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request | |
| - name: Enable auto-merge and approve PRs from safe bots | |
| # do not use github.actor as this can be someone else than the PR author | |
| if: > | |
| env.BOT_PAT != null && | |
| github.event_name != 'merge_group' && ( | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| github.event.pull_request.user.login == 'pre-commit-ci[bot]' || | |
| github.event.pull_request.user.login == 'renovate[bot]' | |
| ) | |
| run: | | |
| set -e | |
| gh pr merge --auto --squash "$PR_URL" | |
| gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ env.BOT_PAT }} |