|
| 1 | +# Reusable pipeline shared by every run kind, called from scala-steward.yml. |
| 2 | +# All the kind-specific behaviour is gated on inputs.kind so the logic lives in |
| 3 | +# one place; scala-steward.yml decides the kind and selects which caller job |
| 4 | +# runs. |
| 5 | +# LIVE - workflow_dispatch / schedule / push to main: real run, GitHub App |
| 6 | +# auth, opens dependency-update PRs. |
| 7 | +# DRY_RUN - pull_request: exercise the full update-detection pipeline with |
| 8 | +# updates.limit = 0 (no PRs) using the read-only github.token. |
| 9 | +on: |
| 10 | + workflow_call: |
| 11 | + inputs: |
| 12 | + kind: |
| 13 | + description: "LIVE | DRY_RUN" |
| 14 | + required: true |
| 15 | + type: string |
| 16 | +jobs: |
| 17 | + run: |
| 18 | + runs-on: ubuntu-24.04 |
| 19 | + name: Launch Scala Steward |
| 20 | + steps: |
| 21 | + # DRY_RUN passes repo-config to the action, which reads it from the |
| 22 | + # workspace, so the repo must be checked out. LIVE needs no checkout: |
| 23 | + # Scala Steward clones the target repo itself. |
| 24 | + - uses: actions/checkout@v7 |
| 25 | + if: inputs.kind == 'DRY_RUN' |
| 26 | + - uses: coursier/cache-action@v8 |
| 27 | + - uses: coursier/setup-action@v3 |
| 28 | + with: |
| 29 | + jvm: temurin:11 |
| 30 | + # Pin to the sbt 1.x runner: the latest runner is sbt 2.x, which |
| 31 | + # requires JDK 17+. Kept in sync with sbt releases by Renovate. |
| 32 | + apps: sbt:1.12.13 |
| 33 | + # Two separate invocations rather than one with expression-computed |
| 34 | + # inputs: the auth differs structurally (GitHub App vs github.token), and |
| 35 | + # passing blank github-app-* inputs risks the action treating App auth as |
| 36 | + # requested. The version pins are shared verbatim between them. |
| 37 | + - name: Launch Scala Steward |
| 38 | + if: inputs.kind == 'LIVE' |
| 39 | + uses: scala-steward-org/scala-steward-action@v2.92.0 |
| 40 | + with: |
| 41 | + # Pin Scala Steward itself. The action otherwise downloads the latest |
| 42 | + # published version on every run; 0.39.1 dropped the Java 11 build and |
| 43 | + # requires Java 17+, which breaks the temurin:11 runner above. Renovate |
| 44 | + # tracks this pin; a bump past 0.39.0 fails on first run until the |
| 45 | + # runner is moved to JDK 17. |
| 46 | + scala-steward-version: 0.39.0 |
| 47 | + # Pin the sbt and scalafmt versions Scala Steward runs against to the |
| 48 | + # ones used in this repository. Kept in sync by Renovate. |
| 49 | + sbt-version: 1.12.13 |
| 50 | + scalafmt-version: 3.11.3 |
| 51 | + github-app-id: ${{ secrets.SCALA_STEWARD_APP_ID }} |
| 52 | + github-app-installation-id: ${{ secrets.SCALA_STEWARD_APP_INSTALLATION_ID }} |
| 53 | + github-app-key: ${{ secrets.SCALA_STEWARD_APP_PRIVATE_KEY }} |
| 54 | + github-app-auth-only: true |
| 55 | + - name: Launch Scala Steward (dry run) |
| 56 | + if: inputs.kind == 'DRY_RUN' |
| 57 | + uses: scala-steward-org/scala-steward-action@v2.92.0 |
| 58 | + with: |
| 59 | + # Kept in sync with the LIVE invocation above (Renovate). |
| 60 | + scala-steward-version: 0.39.0 |
| 61 | + sbt-version: 1.12.13 |
| 62 | + scalafmt-version: 3.11.3 |
| 63 | + # No github-app-* inputs: the action falls back to the default |
| 64 | + # read-only github.token (so this also works on fork PRs). The |
| 65 | + # default repo config forces updates.limit = 0, so no PRs are opened |
| 66 | + # even before auth would matter. |
| 67 | + repo-config: .github/scala-steward-dry-run.conf |
0 commit comments