Pre-commit updater #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-commit updater | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # min hour dom month dow | |
| - cron: '0 5 * * 3' | |
| env: | |
| python_version: '3.13' | |
| jobs: | |
| updater: | |
| name: Update | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| files.pythonhosted.org:443 | |
| pypi.org:443 | |
| github.com:443 | |
| api.github.com:443 | |
| *.githubusercontent.com:443 | |
| ghcr.io | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: main | |
| - name: Set up Python | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| cache: pip | |
| - name: Install pre-commit | |
| run: python -m pip install pre-commit | |
| - name: Update pre-commit hooks | |
| run: pre-commit autoupdate --freeze | |
| - name: Run pre-commit hooks | |
| run: pre-commit run --all-files | |
| - name: Create GitHub App Token | |
| uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 | |
| id: generate-token | |
| with: | |
| app-id: ${{ secrets.GAPHOR_UPDATER_APP_ID }} | |
| private-key: ${{ secrets.GAPHOR_UPDATER_APP_PRIVATE_KEY }} | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| commit-message: Update pre-commit hooks | |
| branch: pre-commit-update | |
| delete-branch: true | |
| title: 'Update pre-commit hooks' | |
| body: | | |
| This PR was automatically created to make the following update: | |
| - Update pre-commit hooks | |
| labels: | | |
| skip-changelog |