-
Notifications
You must be signed in to change notification settings - Fork 1
47 lines (45 loc) · 1.8 KB
/
Copy pathgenerate.yml
File metadata and controls
47 lines (45 loc) · 1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Generate
on:
workflow_dispatch:
schedule:
- cron: '27 14 * * *'
concurrency:
# Pushing new changes to a branch will cancel any in-progress CI runs
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Restrict jobs in this workflow to have no permissions by default; permissions
# should be granted per job as needed using a dedicated `permissions` block
permissions: {}
jobs:
update:
permissions:
contents: write # to fetch and commit code
pull-requests: write # to create pull requests
actions: write # to manually dispatch checks on the pull request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: '.python-version'
- run: pipx install poetry~=2.0
- run: poetry install
- run: poetry run scripts/download_sa_advisories.py
- run: poetry run scripts/precache_nodes.py
- run: rm -rf advisories/
- run: poetry run scripts/generate_osv_advisories.py
- run: |
echo "🤖 beep boop - looks like there's some changes to the advisories!" > pr-body
echo "" >> pr-body
poetry run scripts/list_changed_advisories.py >> pr-body
- uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
with:
token: ${{ secrets.GENERATOR_GH_TOKEN }}
title: 'feat: update advisories'
body-path: pr-body
branch: 'bot/update-advisories'
author: |
github-actions <41898282+github-actions[bot]@users.noreply.github.com>
commit-message: 'feat: update advisories'