Skip to content
Update Gem Version Artifacts

Fix update-gem-version-artifacts.yaml to push using the PAT properly. #17

Sign in to view logs

Fix update-gem-version-artifacts.yaml to push using the PAT properly.

Fix update-gem-version-artifacts.yaml to push using the PAT properly. #17

Workflow file for this run

.github/workflows/update-gem-version-artifacts.yaml at e493892
name: Update Gem Version Artifacts
on:
pull_request:
types: [opened, synchronize]
jobs:
update-dependencies:
# Only run on Dependabot PRs
if: ${{ github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
# The 'permissions' here apply to the GITHUB_TOKEN, but we'll actually be pushing with the PAT
permissions:
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout Git Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.head_ref }}
# Use the PAT for checkout to ensure proper permissions
token: ${{ secrets.PAT_FOR_PUSHING_AND_TRIGGERING_CI }}
- name: Set up Ruby
uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
with:
ruby-version: "3.4"
bundler-cache: true
- name: Update RBS collection
run: bundle exec rbs collection update
- name: Update gem version constraints
run: script/update_gem_constraints
- name: Commit and push if changed
run: |
if [[ -n "$(git status --porcelain)" ]]; then
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add rbs_collection.lock.yaml Gemfile Gemfile.lock *.gemspec
git commit -m "Update gem version artifacts."
# Push using the PAT
git remote set-url origin "https://x-access-token:${{ secrets.PAT_FOR_PUSHING_AND_TRIGGERING_CI }}@github.com/${{ github.repository }}.git"
git push origin HEAD:${{ github.head_ref }}
fi