forked from runfinch/finch
-
Notifications
You must be signed in to change notification settings - Fork 0
43 lines (38 loc) · 1.73 KB
/
update-deps.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Update dependencies
on:
schedule:
- cron: '0 11 * * 2'
workflow_dispatch:
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write
pull-requests: write
jobs:
update-deps:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: dependency-upload-session
aws-region: ${{ secrets.REGION }}
# This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same.
- name: update dependencies url
run: |
./.github/bin/update-lima-dep.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} -a {{ secrets.ARTIFACT_BUCKET_NAME }}
- name: create PR
uses: peter-evans/create-pull-request@v4
with:
# A Personal Access Token instead of the default `GITHUB_TOKEN` is required
# to trigger the checks (e.g., e2e tests) on the created pull request.
# More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
# TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN.
token: ${{ secrets.GITHUB_TOKEN }}
signoff: true
# TODO: Add updated lima version in the title.
title: 'build(deps): Bump lima version'