name: Write changelog for dependabot PR on: pull_request: types: - opened - reopened # For debugging! permissions: # Needed to be able to push the commit. See # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request # for a similar example contents: write # We need `actions-write` in order to create a `workflow_dispatch` event. See # https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event actions: write jobs: add-changelog: runs-on: 'ubuntu-latest' if: ${{ github.actor == 'dependabot[bot]' }} steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.ref }} - name: Write, commit and push changelog run: | echo "${{ github.event.pull_request.title }}." > "changelog.d/${{ github.event.pull_request.number }}".misc git add changelog.d git config user.email "github-actions[bot]@users.noreply.github.com" git config user.name "GitHub Actions" git commit -m "Changelog" git push shell: bash # We have to explicitly start CI. # # By default, workflows can't trigger other workflows when they're just using the # default `GITHUB_TOKEN` access token. (This is intended to stop you from writing # recursive workflow loops by accident, because that'll get very expensive very # quickly.) Instead, you have to manually call out to another workflow, or else # make your changes (i.e. the `git push` above) using a personal access token. # See # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow - name: Trigger CI # Note: we use $GITHUB_REF here to run PR against the merge of this change with # develop; use github.event.pull_request.head.ref above to commit to the PR # branch. run: | gh workflow run "tests.yml" --ref "$GITHUB_REF" gh workflow run "release-artifacts.yml" --ref "$GITHUB_REF" shell: bash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they # are sufficiently locked down to dependabot only as above.