diff --git a/.github/workflows/lock-file-maintenance.md b/.github/workflows/lock-file-maintenance.md index bd414c5..d975912 100644 --- a/.github/workflows/lock-file-maintenance.md +++ b/.github/workflows/lock-file-maintenance.md @@ -2,27 +2,6 @@ This action is used to maintain lock files in a repository. It will ensure that lock files are up-to-date with their corresponding manifest files. -# Inputs - -The action has the following inputs: - -### Required inputs - -#### target-repo - -Specify the target repository this action should run on. This is used to prevent actions from running on repositories other than the target repository. For example, specifying a `target-repo` of `anolilab/workflows` will prevent the action from running on forks of `anolilab/workflows`. - -- This `input` is required. (`type:string`) - -### Optional inputs - -#### node-version - -This is used to ensure that the correct version of node.js is used when running the action. - -- This `input` is optional. (`type:string`, `default:18.x`) - - > For protected branches, the action will need to be able to commit and push to the repository. > > By creating a new [Personal Access Token (PAT)](https://github.com/settings/tokens/new), storing the token as a secret in your repository and then passing the new token to the Action step. @@ -40,18 +19,53 @@ on: # yamllint disable-line rule:truthy pull_request: branches: - "dependabot/**" + workflow_dispatch: # yamllint disable-line rule:empty-values permissions: contents: "read" # for checkout jobs: - stale-issues: - uses: "anolilab/workflows/.github/workflows/lock-file-maintenance.yml@main" + lock-file: + name: "Lock File Maintenance" + if: "github.repository == visulima/visulima" + runs-on: "ubuntu-latest" permissions: - contents: "write" # commit and push - id-token: "write" # for checkout - with: - target-repo: "visulima/visulima" - secrets: - LOCK_MAINTENANCE_GITHUB_TOKEN: ${{ secrets.LOCK_MAINTENANCE_GITHUB_TOKEN }} + contents: "write" + + steps: + - name: "Harden Runner" + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 + with: + egress-policy: "audit" + + - name: "Git checkout" + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 + with: + token: "${{ secrets.LOCK_MAINTENANCE_GITHUB_TOKEN }}" + env: + GIT_COMMITTER_NAME: "GitHub Actions Shell" + GIT_AUTHOR_NAME: "GitHub Actions Shell" + EMAIL: "github-actions[bot]@users.noreply.github.com" + + - name: "Setup resources and environment" + id: "setup" + uses: "anolilab/workflows/step/setup@main" + with: + node-version: "18.x" + cache-prefix: "lock-file" + install-packages: "false" + + - name: "Update lock file" + if: "success()" + run: "pnpm install --lockfile-only" + + - name: "Commit lock file" + if: "success()" + uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1 + with: + file_pattern: "pnpm-lock.yaml" + commit_message: "chore: updated lock file [ci skip]" + commit_user_name: "github-actions-shell" + commit_user_email: "github-actions[bot]@users.noreply.github.com" + commit_author: "github-actions-shell " ``` diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml deleted file mode 100644 index 359205c..0000000 --- a/.github/workflows/lock-file-maintenance.yml +++ /dev/null @@ -1,68 +0,0 @@ -# https://help.github.com/en/categories/automating-your-workflow-with-github-actions - -name: "Lock File Maintenance" - -on: # yamllint disable-line rule:truthy - workflow_call: - secrets: - LOCK_MAINTENANCE_GITHUB_TOKEN: - description: 'A token passed from the caller workflow' - required: true - inputs: - target-repo: - description: "The repo to run this action on. This is to prevent actions from running on forks unless intended." - required: true - type: "string" - node-version: - description: "The node.js version to use" - required: false - type: "string" - default: "18.x" - -permissions: - contents: "read" # for checkout - -jobs: - lock-file: - name: "Lock File Maintenance" - if: "github.repository == inputs.target-repo" - runs-on: "ubuntu-latest" - permissions: - contents: "write" - - steps: - - name: "Harden Runner" - uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 - with: - egress-policy: "audit" - - - name: "Git checkout" - uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 - with: - token: "${{ secrets.LOCK_MAINTENANCE_GITHUB_TOKEN }}" - env: - GIT_COMMITTER_NAME: "GitHub Actions Shell" - GIT_AUTHOR_NAME: "GitHub Actions Shell" - EMAIL: "github-actions[bot]@users.noreply.github.com" - - - name: "Setup resources and environment" - id: "setup" - uses: "anolilab/workflows/step/setup@main" - with: - node-version: "${{ inputs.node-version }}" - cache-prefix: "lock-file" - install-packages: "false" - - - name: "Update lock file" - if: "success()" - run: "pnpm install --lockfile-only" - - - name: "Commit lock file" - if: "success()" - uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1 - with: - file_pattern: "pnpm-lock.yaml" - commit_message: "chore: updated lock file [ci skip]" - commit_user_name: "github-actions-shell" - commit_user_email: "github-actions[bot]@users.noreply.github.com" - commit_author: "github-actions-shell "