Skip to content

Commit d55201b

Browse files
housemehouseme
committed
improve action yml
1 parent 0e593ee commit d55201b

File tree

1 file changed

+16
-9
lines changed

1 file changed

+16
-9
lines changed

.github/workflows/update-sources.yml

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,21 +16,22 @@ name: Update Sources
1616

1717
on:
1818
schedule:
19-
- cron: '0 */2 * * *' # every 2 hours
19+
- cron: '0 0 * * *' # Daily at midnight
2020
workflow_dispatch: # Manual trigger
21-
repository_dispatch:
22-
types: [ release ]
23-
24-
permissions:
25-
contents: write
26-
pull-requests: write
2721

2822
jobs:
2923
update-sources:
3024
runs-on: ubuntu-latest
25+
permissions:
26+
contents: write
27+
pull-requests: write
28+
3129
steps:
3230
- name: Checkout repository
3331
uses: actions/checkout@v6
32+
with:
33+
# Step 1: Disable automatic credential persistence
34+
persist-credentials: false
3435

3536
- name: Install Nix
3637
uses: cachix/install-nix-action@v25
@@ -71,10 +72,10 @@ jobs:
7172
for system in "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"; do
7273
FILE_NAME=$(jq -r --arg sys "$system" '.files[$sys].name' sources.json.new)
7374
URL="https://github.com/$REPO/releases/download/$VERSION/$FILE_NAME"
74-
75+
7576
echo "Fetching hash for $URL..."
7677
HASH=$(nix-prefetch-url --type sha256 "$URL")
77-
78+
7879
jq --arg sys "$system" --arg hash "$HASH" '.files[$sys].sha256 = $hash' sources.json.new > sources.json.tmp
7980
mv sources.json.tmp sources.json.new
8081
done
@@ -83,12 +84,18 @@ jobs:
8384
echo "updated=true" >> $GITHUB_OUTPUT
8485
echo "version=$VERSION" >> $GITHUB_OUTPUT
8586
87+
- name: Clean up Git credentials
88+
# Step 2: Explicitly remove any lingering Authorization headers in git config
89+
run: git config --local --unset-all http.https://github.com/.extraheader || true
90+
8691
- name: Create Pull Request
8792
if: steps.update_script.outputs.updated == 'true'
8893
uses: peter-evans/create-pull-request@v6
8994
with:
9095
token: ${{ secrets.GITHUB_TOKEN }}
9196
commit-message: "chore: update sources.json to ${{ steps.update_script.outputs.version }}"
97+
committer: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
98+
author: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
9299
branch: "automation/update-sources-${{ steps.update_script.outputs.version }}"
93100
delete-branch: true
94101
title: "chore: update rustfs to ${{ steps.update_script.outputs.version }}"

0 commit comments

Comments
 (0)