Use the bank module to keep track of scope value owners #2416
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'changelog' | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- ready_for_review | |
- labeled | |
- unlabeled | |
permissions: | |
contents: write | |
jobs: | |
changelog: | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'dependencies') | |
env: | |
# Getting the title directly in the run script opens an injection vulnerability. | |
# Using an env var for it (like this) prevents that vulnerability. | |
PR_TITLE: ${{ github.event.pull_request.title }} | |
PR_NUM: ${{ github.event.number }} | |
PR_BASE: ${{ github.event.pull_request.head.ref }} | |
PR_TARGET: ${{ github.event.pull_request.base.ref }} | |
steps: | |
- name: Checkout PR Branch | |
uses: actions/checkout@v4 | |
with: | |
# Depending on your needs, you can use a token that will re-trigger workflows | |
# See https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs | |
token: ${{ secrets.BOT_CPR_PAT }} | |
- name: Fetch Target Branch | |
run: git fetch origin "${PR_TARGET}:${PR_TARGET}" --depth 1 | |
- name: Generate entry | |
run: | | |
./.changelog/dependabot-changelog.sh \ | |
--verbose \ | |
--pr "$PR_NUM" \ | |
--title "$PR_TITLE" \ | |
--head-branch "$PR_BASE" \ | |
--target-branch "$PR_TARGET" | |
# All commits must be signed, import key and sign commit of updated change log. | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
# Use a key associated with the provenanceio-bot github account. | |
gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.BOT_GPG_PRIVATE_KEY_PW }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
# This step is required for committing the changes to your branch. | |
# See https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs | |
- uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_user_name: "Provenance-io Bot" | |
commit_user_email: "[email protected]" | |
commit_options: "-S" | |
commit_message: "Updated Changelog" |