Skip to content

chore(deps): update all dependencies #123

chore(deps): update all dependencies

chore(deps): update all dependencies #123

# If Renovate is not the author of the PR that triggers this workflow, it will do nothing.
# If Renovate is the author of the PR that triggers this workflow, but the workflow event is anything but "opened", it will do nothing.
# If Renovate is the author of the PR that triggers this workflow, and the workflow event is "opened", it will:
# 1. Autoformat using pre-commit and, if necessary, push an additional commit to the PR with the autoformat fixes.
# 2. Change the branch protection rules to turn off require codeowner approval due to github apps not being able to be codeowners or added to teams.
# 3. narwhal-bot approves the PR.
# 4. narwhal-bot merges the PR.
# 5. PR is added to merge queue.
# 6. tests are ran.
# a. If tests pass, PR is merged.
# i. If PR is merged, it is closed and branch is deleted.
# b. If tests fail, PR stays open and it is removed from merge queue.
# 7. Branch protection is always set back to the original state.
#
# See ADR #0008.
name: auto-test
on:
pull_request:
# WARNING: DO NOT ADD MORE EVENT TYPES HERE! Because this workflow will push a new commit to the PR in the Autoformat step, adding more event types may cause an infinite loop.
types:
- opened
permissions:
id-token: write
contents: write
defaults:
run:
# We need -e -o pipefail for consistency with GitHub Actions' default behavior
shell: bash -e -o pipefail {0}
jobs:
renovate-test:
if: github.event.client_payload.github.actor == 'renovate[bot]' || github.actor == 'renovate[bot]'
uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/renovate-test.yml@main
secrets:
APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}