Bump vite from 5.4.5 to 5.4.6 in /axolotl-web #192
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot post-run | |
| on: pull_request | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| flatpak-sources-update: | |
| name: Update Flatpak sources | |
| # Avoid infinit loops of this workflow pushing and triggering another workflow | |
| # We do want to run the other workflows to build and test but do not want to run this one again. | |
| # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#prevent-infinite-loop-when-using-a-personal-access-token | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Using an SSH deploy key to allow running workflows triggered by push event | |
| # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs | |
| # NOTE for actions triggered by dependabot, only the dependabot secrets are available | |
| # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events | |
| ssh-key: "${{ secrets.DEPENDABOT_SSH_KEY }}" | |
| # Fetch whole history as we want to commit and push | |
| fetch-depth: 0 | |
| - name: Download flatpak-builder-tools | |
| run: | | |
| curl -L https://github.com/flatpak/flatpak-builder-tools/archive/refs/heads/master.tar.gz | tar xz | |
| mv flatpak-builder-tools-master flatpak-builder-tools | |
| - name: Install flatpak-builder-tools dependencies | |
| run: | | |
| sudo apt install -y pipx python3 python3-aiohttp python3-toml python3-yaml | |
| - name: Update NodeJS sources | |
| working-directory: flatpak-builder-tools/node | |
| run: | | |
| pipx install . | |
| flatpak-node-generator yarn ${{ github.workspace }}/axolotl-web/yarn.lock -o ${{ github.workspace }}/flatpak/node-sources.json | |
| - name: Update Cargo sources | |
| working-directory: flatpak-builder-tools/cargo | |
| run: python3 flatpak-cargo-generator.py ${{ github.workspace }}/Cargo.lock -o ${{ github.workspace }}/flatpak/cargo-sources.json | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| # Ignore other changes like the cloned flatpak-builder-tools repo | |
| file_pattern: "flatpak/*-sources.json" | |
| # Do not block dependabot from updating this PR: https://github.com/dependabot/dependabot-core/issues/1758 | |
| commit_message: "[dependabot skip] Update Flatpak sources" | |
| commit_author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>" | |
| # Do not overwrite in case our version is outdated | |
| push_options: "--force-with-lease" | |
| auto-approve: | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Auto approve Dependabot PRs | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| auto-merge: | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| # NOTE Auto-merge is blocked until branch protection rules are fulfilled | |
| - name: Enable auto-merge for Dependabot PRs | |
| run: gh pr merge --auto --merge "$PR_URL" | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN}} |