From 76749e4ee434f87f8db93a22ed59f50fa58816de Mon Sep 17 00:00:00 2001
From: Simon Marquis <simon.marquis@adevinta.com>
Date: Mon, 29 Jan 2024 16:56:17 +0000
Subject: [PATCH] feat(dependabot): add DependencyGuard baseline on PRs (#924)

---
 .../workflows/dependabot-dependency-guard.yml | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/dependabot-dependency-guard.yml

diff --git a/.github/workflows/dependabot-dependency-guard.yml b/.github/workflows/dependabot-dependency-guard.yml
new file mode 100644
index 000000000..213449607
--- /dev/null
+++ b/.github/workflows/dependabot-dependency-guard.yml
@@ -0,0 +1,36 @@
+name: 🤖 Dependabot Dependency Guard baseline
+on:
+  pull_request:
+    paths:
+      - '**.gradle.kts'
+      - 'gradle/libs.versions.toml'
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  baseline:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]' && startsWith(github.head_ref, 'dependabot/gradle/')
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.PAT_SPARK }}
+      - uses: ./.github/actions/setup-java
+      - uses: ./.github/actions/setup-gradle
+      - uses: ./.github/actions/setup-gradle-properties
+      - run: ./gradlew dependencyGuardBaseline
+      - run: |
+          if ! git diff --quiet --exit-code -- ':(glob)**/dependencies/*.txt';
+          then
+            git config --global user.name "dependabot[bot]"
+            git config --global user.email "49699333+dependabot[bot]@users.noreply.github.com"
+            git commit -m "🤖 Update dependencies baseline" -m "[dependabot skip]" -- ':(glob)**/dependencies/*.txt'
+            git show
+            git push
+            echo "::notice::UPDATED"
+          else
+            echo "::notice::UP-TO-DATE"
+          fi