diff --git a/.github/workflows/devbox-update.yaml b/.github/workflows/devbox-update.yaml index 4e77320cb..30a9dad95 100644 --- a/.github/workflows/devbox-update.yaml +++ b/.github/workflows/devbox-update.yaml @@ -10,6 +10,7 @@ on: permissions: contents: write + pull-requests: write jobs: devbox-update: @@ -60,26 +61,34 @@ jobs: echo "message=${MESSAGE}" >>"${GITHUB_OUTPUT}" - - uses: actions/create-github-app-token@v1 + - name: Get app token to create PR with + # if: steps.devbox-versions-changed.outputs.number_changed > 0 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ secrets.GHA_PR_APP_ID }} private-key: ${{ secrets.GHA_PR_APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - - name: Create PR + - name: Create PR using app token # if: steps.devbox-versions-changed.outputs.number_changed > 0 + id: create-pr env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} run: | pr_url="$(gh pr create --base "${{ github.ref_name }}" --head "${DESTINATION_BRANCH}" \ --title "${{ steps.commit-changes.outputs.message }}" \ --body "This PR was automatically created by the scheduled devbox update workflow.")" + gh pr merge --auto --squash "${pr_url}" + echo "pr_url=${pr_url}" >>"${GITHUB_OUTPUT}" - gh pr merge --auto --squash "$pr_url" - + - name: Approve PR using workflow token + # if: steps.devbox-versions-changed.outputs.number_changed > 0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ]; then - gh pr review --approve "$pr_url" + gh pr review --approve "${{ steps.create-pr.outputs.pr_url }}" else echo "PR already approved, skipping additional approvals to minimize emails/notification noise." fi