Skip to content

Bump nanoid from 3.3.7 to 3.3.8 in /axolotl-web #508

Bump nanoid from 3.3.7 to 3.3.8 in /axolotl-web

Bump nanoid from 3.3.7 to 3.3.8 in /axolotl-web #508

Workflow file for this run

name: Dependabot post-run
on: pull_request
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
flatpak-sources-update:
name: Update Flatpak sources
# Avoid infinit loops of this workflow pushing and triggering another workflow
# We do want to run the other workflows to build and test but do not want to run this one again.
# https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#prevent-infinite-loop-when-using-a-personal-access-token
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Using an SSH deploy key to allow running workflows triggered by push event
# https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
# NOTE for actions triggered by dependabot, only the dependabot secrets are available
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events
ssh-key: "${{ secrets.DEPENDABOT_SSH_KEY }}"
# Fetch whole history as we want to commit and push
fetch-depth: 0
- name: Download flatpak-builder-tools
run: |
curl -L https://github.com/flatpak/flatpak-builder-tools/archive/refs/heads/master.tar.gz | tar xz
mv flatpak-builder-tools-master flatpak-builder-tools
- name: Install flatpak-builder-tools dependencies
run: |
sudo apt install -y pipx python3 python3-aiohttp python3-toml python3-yaml
- name: Update NodeJS sources
working-directory: flatpak-builder-tools/node
run: |
pipx install .
flatpak-node-generator yarn ${{ github.workspace }}/axolotl-web/yarn.lock -o ${{ github.workspace }}/flatpak/node-sources.json
- name: Update Cargo sources
working-directory: flatpak-builder-tools/cargo
run: python3 flatpak-cargo-generator.py ${{ github.workspace }}/Cargo.lock -o ${{ github.workspace }}/flatpak/cargo-sources.json
- uses: stefanzweifel/git-auto-commit-action@v5
with:
# Ignore other changes like the cloned flatpak-builder-tools repo
file_pattern: "flatpak/*-sources.json"
# Do not block dependabot from updating this PR: https://github.com/dependabot/dependabot-core/issues/1758
commit_message: "[dependabot skip] Update Flatpak sources"
commit_author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
# Do not overwrite in case our version is outdated
push_options: "--force-with-lease"
auto-approve:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Auto approve Dependabot PRs
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
auto-merge:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
# NOTE Auto-merge is blocked until branch protection rules are fulfilled
- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}