Bump ctrlc from 3.4.7 to 3.5.0 #62
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # smoelius: This workflow is largely based on: | |
| # https://docs.github.com/en/actions/managing-issues-and-pull-requests/adding-labels-to-issues#creating-the-workflow | |
| name: Check release necessity | |
| on: [pull_request] | |
| jobs: | |
| check-release-necessity: | |
| # smoelius: Note that `github.event.pull_request.user.login` is the user that opened the pull | |
| # request, which may be different from the user that triggered the action. | |
| if: ${{ github.actor == 'dependabot[bot]' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| fetch-depth: 0 | |
| - name: Check updated files | |
| # smoelius: Dependabot should update only manifest and/or lockfiles. Hard error otherwise. | |
| run: | | |
| git diff --name-only ${{ github.event.pull_request.base.sha }} | grep . | |
| ! git diff --name-only ${{ github.event.pull_request.base.sha }} | grep -v '^\.github/workflows/\|\(^\|/\)Cargo\.\(lock\|toml\)$' | |
| - name: Add `requires release` label | |
| run: | | |
| PACKAGE="$(expr '${{ github.event.pull_request.title }}' : '^Bump \([^ ]*\) from [^ ]* to [^ ]*$')" | |
| OLD_VERSION="$(expr '${{ github.event.pull_request.title }}' : '^Bump [^ ]* from \([^ ]*\) to [^ ]*$')" | |
| NEW_VERSION="$(expr '${{ github.event.pull_request.title }}' : '^Bump [^ ]* from [^ ]* to \([^ ]*\)$')" | |
| # smoelius: If `PACKAGE` contains a '/' character, it cannot be a Cargo package. | |
| if echo "$PACKAGE" | grep '/'; then | |
| exit | |
| fi | |
| test -n "$PACKAGE" | |
| test -n "$OLD_VERSION" | |
| test -n "$NEW_VERSION" | |
| git reset --hard HEAD~1 | |
| if ! cargo update "$PACKAGE@$OLD_VERSION" --precise "$NEW_VERSION"; then | |
| gh pr edit '${{ github.event.pull_request.number }}' --add-label 'requires release' | |
| fi | |
| env: | |
| # smoelius: The `DEPENDABOT_REPO_TOKEN` requires SSO authorization and the following | |
| # scopes: `public_repo`, `read:org`, and `read:discussion`. | |
| GH_TOKEN: ${{ secrets.DEPENDABOT_REPO_TOKEN }} | |
| GH_REPO: ${{ github.repository }} |