|
16 | 16 | actions: read |
17 | 17 | security-events: read |
18 | 18 | vulnerability-alerts: read |
19 | | - env: |
20 | | - GH_TOKEN: ${{ github.token }} |
21 | | - steps: |
22 | | - - name: Checkout |
23 | | - uses: actions/checkout@v6 |
24 | | - with: |
25 | | - ref: main |
26 | | - |
27 | | - - name: Set up Go |
28 | | - uses: ./.github/actions/setup-go |
29 | | - with: |
30 | | - go-version-file: "go.mod" |
31 | | - |
32 | | - - name: Bump Dependencies |
33 | | - run: make dependabot |
34 | | - continue-on-error: true |
35 | | - |
36 | | - - name: Notify Failure |
37 | | - if: failure() |
38 | | - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 |
39 | | - with: |
40 | | - method: chat.postMessage |
41 | | - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} |
42 | | - payload: | |
43 | | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} |
44 | | - text: "Failed to check for vulnerabilities in `chainlink-common`: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run>" |
45 | | -
|
46 | | - - if: failure() |
47 | | - run: exit 1 |
48 | | - |
49 | | - - name: Create Pull Request |
50 | | - id: pr |
51 | | - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 |
52 | | - with: |
53 | | - branch: bot/dependabump |
54 | | - commit-message: "bump dependencies" |
55 | | - title: "dependabump" |
56 | | - body: "Upgrading vulnerable dependencies." |
57 | | - sign-commits: true |
58 | | - continue-on-error: true |
59 | | - |
60 | | - - name: Notify PR Failure |
61 | | - if: failure() |
62 | | - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 |
63 | | - with: |
64 | | - method: chat.postMessage |
65 | | - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} |
66 | | - payload: | |
67 | | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} |
68 | | - text: "Vulnerabilities detected in `chainlink-common`, but failed to create PR: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run>" |
69 | | -
|
70 | | - - if: failure() |
71 | | - run: exit 1 |
72 | | - |
73 | | - - name: Notify PR Created |
74 | | - if: steps.pr.outputs.pull-request-operation == 'created' || steps.pr.outputs.pull-request-operation == 'updated' |
75 | | - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 |
76 | | - with: |
77 | | - method: chat.postMessage |
78 | | - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} |
79 | | - payload: | |
80 | | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} |
81 | | - text: "Vulnerabilities detected in `chainlink-common` - upgrading dependencies: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run> - <${{steps.pr.outputs.pull-request-url}}|PR> :review-time:" |
| 19 | + uses: smartcontractkit/.github/.github/workflows/dependabump.yml@CRE-4302-dependabump |
| 20 | + secrets: |
| 21 | + SLACK_TOKEN: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} |
| 22 | + SLACK_CHANNEL_ID: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID }} |
0 commit comments