security: dependabot alert triage (#2768) #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 🦋 Changesets PR | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "packages/**" | |
| - ".changeset/**" | |
| - "package.json" | |
| - "pnpm-lock.yaml" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| release-pr: | |
| name: Create Release PR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| if: github.repository == 'triggerdotdev/trigger.dev' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup node | |
| uses: buildjet/setup-node@v4 | |
| with: | |
| node-version: 20.19.0 | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Create release PR | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| version: pnpm run changeset:version | |
| commit: "chore: release" | |
| title: "chore: release" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update PR title with version | |
| if: steps.changesets.outputs.published != 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| PR_NUMBER=$(gh pr list --head changeset-release/main --json number --jq '.[0].number') | |
| if [ -n "$PR_NUMBER" ]; then | |
| git fetch origin changeset-release/main | |
| # we arbitrarily reference the version of the cli package here; it is the same for all package releases | |
| VERSION=$(git show origin/changeset-release/main:packages/cli-v3/package.json | jq -r '.version') | |
| gh pr edit "$PR_NUMBER" --title "chore: release v$VERSION" | |
| fi | |
| update-lockfile: | |
| name: Update lockfile on release PR | |
| runs-on: ubuntu-latest | |
| needs: release-pr | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout release branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: changeset-release/main | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.23.0 | |
| - name: Setup node | |
| uses: buildjet/setup-node@v4 | |
| with: | |
| node-version: 20.19.0 | |
| - name: Install and update lockfile | |
| run: pnpm install --no-frozen-lockfile | |
| - name: Commit and push lockfile | |
| run: | | |
| set -e | |
| if git diff --quiet pnpm-lock.yaml; then | |
| echo "No lockfile changes" | |
| else | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add pnpm-lock.yaml | |
| git commit -m "chore: update lockfile for release" | |
| git push origin changeset-release/main | |
| fi |