mirror of https://github.com/apache/superset.git
53 lines
1.9 KiB
YAML
53 lines
1.9 KiB
YAML
name: Update Lockfiles for Dependabot Monorepo PRs
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- 'superset-frontend/packages/**/package.json'
|
|
- 'superset-frontend/plugins/**/package.json'
|
|
types: [opened, synchronize, reopened]
|
|
issue_comment:
|
|
types: [created]
|
|
|
|
# cancel previous workflow jobs for PRs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
update-lock-file:
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
if: >
|
|
(github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]') ||
|
|
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot trigger-dependabot-lockfile') && github.event.issue.pull_request)
|
|
defaults:
|
|
run:
|
|
working-directory: superset-frontend
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref || github.head_ref }} # Checkout the branch that made the PR or the comment's PR branch
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '18'
|
|
|
|
- name: Install Dependencies and Update Lock File
|
|
run: |
|
|
npm install
|
|
|
|
- name: Commit and Push Changes
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
git config user.name "GitHub-Actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
git add package-lock.json
|
|
# Push the changes back to the branch if they exist, and pass if there are no changes
|
|
git diff --staged --quiet || (git commit -m "Update lock file for Dependabot PR" -a && git push https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} ${{ github.event.pull_request.head.ref || github.head_ref }})
|