[Dependencies]: Bump actions/dependency-review-action #600
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "PR: Create" | |
on: | |
push: | |
branches-ignore: | |
- master | |
- main | |
- "release/**" | |
- "hotfix/**" | |
- "feature/**" | |
permissions: | |
contents: read | |
pull-requests: write | |
concurrency: | |
group: ${{github.workflow}}-${{github.ref}} | |
cancel-in-progress: true | |
env: | |
HEAD_REF: ${{github.head_ref}} | |
BASE_REF: ${{github.base_ref}} | |
REPO: ${{github.repository}} | |
REPO_OWNER: ${{github.repository_owner}} | |
jobs: | |
info: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Initialise Workspace" | |
if: startsWith(runner.name, 'buildagent-') | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Info" | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('Branch: ${{env.HEAD_REF}}'); | |
core.info('Base Branch: ${{env.BASE_REF}}'); | |
core.info('Repo: ${{env.REPO}}'); | |
core.info('Owner: ${{env.REPO_OWNER}}'); | |
pull-request: | |
runs-on: ubuntu-latest | |
env: | |
CREATE_DRAFT: true | |
REPO_STATUS: private | |
steps: | |
- name: "Initialise Workspace" | |
if: startsWith(runner.name, 'buildagent-') | |
shell: bash | |
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE" | |
- name: "Harden Security" | |
uses: step-security/[email protected] | |
with: | |
egress-policy: audit | |
disable-sudo: true | |
allowed-endpoints: > | |
api.github.com:443 | |
api.osv.dev:443 | |
api.securityscorecards.dev:443 | |
codeload.github.com:443 | |
fulcio.sigstore.dev:443 | |
github.com:443 | |
oss-fuzz-build-logs.storage.googleapis.com:443 | |
rekor.sigstore.dev:443 | |
tuf-repo-cdn.sigstore.dev:443 | |
www.bestpractices.dev:443 | |
- name: "Checkout source" | |
uses: actions/[email protected] | |
with: | |
fetch-depth: 1 | |
fetch-tags: true | |
- name: "Find PR For branch" | |
uses: juliangruber/[email protected] | |
id: findPr | |
with: | |
branch: ${{github.ref_name}} | |
- name: "Existing PR Information" | |
if: steps.findPr.outputs.number != '' | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('Pull request already exists with id: ${{steps.findPr.outputs.number}}'); | |
core.info('URL: https://github.com/${{env.REPO}}/pull/${{steps.findPr.outputs.number}}'); | |
- name: "Read PR Template" | |
if: steps.findPr.outputs.number == '' | |
id: pr-template | |
uses: juliangruber/[email protected] | |
with: | |
path: ./.github/PULL_REQUEST_TEMPLATE.md | |
- name: "Get last commit info" | |
if: steps.findPr.outputs.number == '' | |
shell: bash | |
run: echo "COMMIT_MSG=$(git log -1 --pretty=%B)" >> "$GITHUB_ENV" | |
- name: "Check Repo Visibility" | |
if: steps.findPr.outputs.number == '' | |
uses: credfeto/[email protected] | |
id: visibility | |
with: | |
repository: ${{env.REPO}} | |
token: ${{secrets.SOURCE_PUSH_TOKEN}} | |
- name: "Override DRAFT Flag" | |
if: |- | |
steps.findPr.outputs.number == '' | |
&& env.REPO_OWNER != 'funfair-tech' | |
&& env.REPO_STATUS == 'private' | |
shell: bash | |
run: echo "CREATE_DRAFT=false" >> "$GITHUB_ENV" | |
- name: "Status" | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('Repo: ${{env.REPO}}'); | |
core.info('Owner: ${{env.REPO_OWNER}}'); | |
core.info('Repo Status: ${{env.REPO_STATUS}}'); | |
core.info('PR OK: ${{steps.findPr.outputs.number == ''}}'); | |
core.info('Owner OK: ${{env.REPO_OWNER != 'funfair-tech'}}'); | |
core.info('Status OK: ${{env.REPO_STATUS == 'private'}}'); | |
- name: "Create Pull Request" | |
if: steps.findPr.outputs.number == '' | |
id: open-pr | |
uses: repo-sync/[email protected] | |
with: | |
source_branch: "" # If blank, default: triggered branch | |
destination_branch: "main" # If blank, default: master | |
pr_assignee: ${{github.actor}} # Comma-separated list (no spaces) | |
pr_label: "auto-pr" # Comma-separated list (no spaces) | |
pr_draft: ${{env.CREATE_DRAFT}} # Creates pull request as draft | |
pr_title: ${{env.COMMIT_MSG}} | |
pr_body: ${{steps.pr-template.outputs.content}} | |
github_token: ${{github.token}} | |
- name: "New PR Details" | |
if: steps.findPr.outputs.number == '' | |
uses: actions/[email protected] | |
with: | |
script: | | |
core.info('URL: ${{steps.open-pr.outputs.pr_url}}'); | |
core.info('PR: ${{steps.open-pr.outputs.pr_number}}'); | |
core.info('CF: ${{steps.open-pr.outputs.has_changed_files}}'); | |
- name: "Sync Labels" | |
if: steps.findPr.outputs.number == '' | |
uses: actions/labeler@v5 | |
with: | |
repo-token: ${{secrets.SOURCE_PUSH_TOKEN}} | |
configuration-path: .github/labeler.yml | |
sync-labels: true | |
pr-number: ${{steps.open-pr.outputs.pr_number}} |