Skip to content
Update Gem Version Artifacts

Update Gem Version Artifacts #41

Sign in to view logs

Update Gem Version Artifacts

Update Gem Version Artifacts #41

Workflow file for this run

.github/workflows/update-gem-version-artifacts.yaml at 548e72b
name: Update Gem Version Artifacts
on:
workflow_run:
workflows: ["Dependabot PR Check"]
types:
- completed
jobs:
update-dependencies:
runs-on: ubuntu-latest
if: >-
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.actor.login == 'dependabot[bot]'
# The 'permissions' here apply to the GITHUB_TOKEN, but we'll actually be pushing with the PAT
permissions:
contents: write
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout Git Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.workflow_run.head_branch }}
# Use the PAT for checkout to ensure proper permissions
token: ${{ secrets.PAT_FOR_PUSHING_AND_TRIGGERING_CI }}
- name: Set up Ruby
uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
with:
ruby-version: "3.4"
bundler-cache: true
cache-version: 2
- name: Update RBS collection
run: bundle exec rbs collection update
- name: Update gem version constraints
run: |
bundle config --local deployment false
script/update_gem_constraints
- name: Commit and push if changed
run: |
if [[ -n "$(git status --porcelain)" ]]; then
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add rbs_collection.lock.yaml Gemfile Gemfile.lock *.gemspec
git commit -m "Update gem version artifacts."
# Push using the PAT
git remote set-url origin "https://x-access-token:${{ secrets.PAT_FOR_PUSHING_AND_TRIGGERING_CI }}@github.com/${{ github.repository }}.git"
git push origin HEAD:${{ github.event.workflow_run.head_branch }}
fi