dependabot_update.yml

# This workflow runs `lerna bootstrap` after dependabot updates a package-lock file.
# Without it, package-locks become cluttered with incorrect dependencies that
# normally would be removed by lerna. It wouldn't be necessary if we weren't using
# lerna bootstrap.

name: Clean up after dependabot

# Triggered when a PR is (re)opened or synchronized
on:
  pull_request:
    paths:
      - 'plugins/**'

permissions:
  pull-requests: write # This action modifies PRs
  contents: write # This action adds commits to PRs

jobs:
  update:
    runs-on: ubuntu-latest
    # Only run on dependabot PRs
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      # Check out the dependabot PR so commits are added there
      - name: Checkout PR
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh pr checkout ${{ github.event.pull_request.number }}

      # Execute code
      - name: Code exec
        run: bash ./test.sh