Dependabot changelogs: trigger CI explicitly (#14027)

* Dependabot changelogs: trigger CI explicitly

* Changelog

* Use merge ref, not head ref

ref ref ref ref ref

* explanatory note
This commit is contained in:
David Robertson 2022-10-03 17:16:45 +01:00 committed by GitHub
parent 4cceb6ba66
commit 2d5ce8c087
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 4 deletions

View file

@ -3,16 +3,13 @@ on:
pull_request:
types:
- opened
- reopened
- reopened # For debugging!
permissions:
# Needed to be able to push the commit. See
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
# for a similar example
contents: write
# The pull_requests "synchronize" event doesn't seem to fire with just `contents: write`, so
# CI doesn't run with the new changelog. Maybe `pull_requests: write` will fix this?
pull-requests: write
jobs:
add-changelog:
@ -31,5 +28,23 @@ jobs:
git commit -m "Changelog"
git push
shell: bash
# We have to explicitly start CI.
#
# By default, workflows can't trigger other workflows when they're just using the
# default `GITHUB_TOKEN` access token. (This is intended to stop you from writing
# recursive workflow loops by accident, because that'll get very expensive very
# quickly.) Instead, you have to manually call out to another workflow, or else
# make your changes (i.e. the `git push` above) using a personal access token.
# See
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
- name: Trigger CI
# Note: we use $GITHUB_REF here to run PR against the merge of this change with
# develop; use github.event.pull_request.head.ref above to commit to the PR
# branch.
run: |
gh workflow run "tests.yml" --ref "$GITHUB_REF"
gh workflow run "release-artifacts.yml" --ref "$GITHUB_REF"
shell: bash
# THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they
# are sufficiently locked down to dependabot only as above.

View file

@ -11,6 +11,7 @@ on:
# we do the full build on tags.
tags: ["v*"]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}

View file

@ -4,6 +4,7 @@ on:
push:
branches: ["develop", "release-*"]
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}

1
changelog.d/14027.misc Normal file
View file

@ -0,0 +1 @@
Prototype a workflow to automatically add changelogs to dependabot PRs.