1818 steps :
1919 # Security hardening for GitHub Actions runner
2020 - name : Harden Runner
21- uses : step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
21+ uses : step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
2222 with :
2323 egress-policy : audit
2424
@@ -36,44 +36,45 @@ jobs:
3636
3737 # Install dependencies (needed for ts-proto plugin)
3838 - name : Install Dependencies
39- uses : bahmutov/npm-install@3e063b974f0d209807684aa23e534b3dde517fd9 # v1.11.2
40- with :
41- useLockFile : false
39+ run : yarn install --frozen-lockfile --non-interactive
4240
4341 # Setup Buf CLI - will pull proto from buf.build/permifyco/permify
4442 - name : Setup Buf
45- uses : bufbuild/buf-action@8f4a1456a0ab6a1eb80ba68e53832e6fcfacc16c # v1.3.0
46- with :
47- setup_only : true
48- github_token : ${{ secrets.GITHUB_TOKEN }}
43+ run : |
44+ BUF_VERSION="1.57.0"
45+ curl -sSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" -o "${RUNNER_TEMP}/buf"
46+ chmod +x "${RUNNER_TEMP}/buf"
47+ echo "${RUNNER_TEMP}" >> "${GITHUB_PATH}"
4948
5049# Generate TypeScript code from Buf Schema Registry
5150 - name : Generate Code with Buf
5251 run : yarn buf:generate
5352
54- # Check if there are any changes
55- - name : Check for changes
56- id : verify-changes
53+ - name : Commit changes
54+ id : commitchanges
55+ run : |
56+ echo "commit changes"
57+ scripts/commit-changes.sh "proto-update/permify-latest"
58+ shell : bash
59+
60+ # Push branch and open or update the PR only if there are changes
61+ - name : Push changes and open PR
62+ if : steps.commitchanges.outputs.changes_made == '1'
63+ env :
64+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
5765 run : |
58- if git diff --quiet; then
59- echo "has_changes=false" >> $GITHUB_OUTPUT
60- echo "No changes detected"
66+ BRANCH_NAME="${{ steps.commitchanges.outputs.branch_name }}"
67+ PR_TITLE="chore(proto): update generated SDK with latest Permify definitions"
68+ PR_BODY="Automatically created PR with the latest generated SDK from Permify proto definitions."
69+
70+ echo "${BRANCH_NAME}"
71+ git push "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}" "${BRANCH_NAME}"
72+
73+ PR_NUMBER="$(gh pr list --head "${BRANCH_NAME}" --base main --state open --json number --jq '.[0].number')"
74+
75+ if [ -n "${PR_NUMBER}" ]; then
76+ gh pr edit "${PR_NUMBER}" --title "${PR_TITLE}" --body "${PR_BODY}"
6177 else
62- echo "has_changes=true" >> $GITHUB_OUTPUT
63- echo "Changes detected, will create PR"
78+ gh pr create --base main --head "${BRANCH_NAME}" --title "${PR_TITLE}" --body "${PR_BODY}" --label dependencies --label automated
6479 fi
65-
66- # Create Pull Request only if there are changes
67- - name : Create Pull Request
68- if : steps.verify-changes.outputs.has_changes == 'true'
69- uses : peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
70- with :
71- token : ${{ secrets.GITHUB_TOKEN }}
72- commit-message : " chore(proto): update generated SDK with latest Permify definitions"
73- title : " chore(proto): update generated SDK with latest Permify definitions"
74- branch : proto-update/permify-latest
75- delete-branch : true
76- base : main
77- labels : |
78- dependencies
79- automated
80+ shell : bash
0 commit comments