Also consider oasis_encryption_envelope for TXs #10312
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. | |
name: ci-renovate | |
# Trigger the workflow when: | |
on: | |
# When a pull request event occurs for a pull request against one of the | |
# matched branches. | |
pull_request: | |
branches: [master] | |
jobs: | |
add-changelog: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: add-changelog | |
# Trigger job only for dependency update bot. | |
if: github.actor == 'renovate[bot]' | |
runs-on: ubuntu-latest | |
# Permissions needed to update PR. | |
permissions: | |
# Enable creating, updating files | |
contents: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# Needed for correct git commit --amend. | |
fetch-depth: 0 | |
# Checkout pull request HEAD commit instead of merge commit. | |
ref: ${{ github.event.pull_request.head.sha }} | |
# We use a Personal Access Token (PAT) to checkout and later push the commit instead of | |
# the default $GITHUB_TOKEN. This is because events triggered by $GITHUB_TOKEN will not | |
# trigger new workflow runs, but we want to re-run the CI after pushing the updated commit. | |
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow | |
token: ${{ secrets.BOT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} | |
- name: Create and commit Change Log fragment if it does not exist | |
env: | |
# There's no support for escaping this for use in a shell command. | |
# GitHub's recommendation is to pass it through the environment. | |
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
FILE_NAME: .changelog/${{ github.event.pull_request.number }}.internal.md | |
HEAD_REF: ${{ github.head_ref }} | |
run: | | |
if [[ ! -f "$FILE_NAME" ]]; then | |
echo "Update dependencies" > "$FILE_NAME" | |
# Set git user email and name to match author of the last commit. | |
git config --local user.email "$(git log --pretty='%ae' -1)" | |
git config --local user.name "$(git log --pretty=format:'%an' -1)" | |
git add "$FILE_NAME" | |
git commit --amend --no-edit | |
git push --force-with-lease origin "HEAD:refs/heads/$HEAD_REF" | |
echo "FILE_EXISTS=false" >> $GITHUB_OUTPUT | |
fi |