@@ -14,6 +14,13 @@ name: Refresh Lockfiles
1414
1515on :
1616 workflow_call :
17+ secrets :
18+ AUTH_APP_ID :
19+ required : true
20+ AUTH_APP_PRIVATE_KEY :
21+ required : true
22+
23+ permissions : {}
1724
1825jobs :
1926 get_python_matrix :
2431 outputs :
2532 matrix : ${{ steps.get_py.outputs.matrix }}
2633 steps :
27- - uses : actions/checkout@v6
34+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
35+ with :
36+ persist-credentials : false
37+
2838 - id : get_py
2939 run : echo "MATRIX=$(ls -1 requirements/py*.yml | xargs -n1 basename | sed 's/....$//' | jq -cnR '[inputs]')" >> ${GITHUB_OUTPUT}
3040
@@ -40,17 +50,24 @@ jobs:
4050 python : ${{ fromJSON(needs.get_python_matrix.outputs.MATRIX) }}
4151
4252 steps :
43- - uses : actions/checkout@v6
53+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
54+ with :
55+ persist-credentials : false
56+
4457 - name : install requirements
4558 run : |
4659 source $CONDA/bin/activate base
4760 conda update -n base --all
61+
4862 - name : generate lockfile
63+ env :
64+ MATRIX_PYTHON : ${{ matrix.python }}
4965 run : |
50- pipx run conda-lock -k explicit -p linux-64 -f requirements/${{matrix.python}}.yml
51- mv conda-linux-64.lock ${{matrix.python}}-linux-64.lock
66+ pipx run conda-lock -k explicit -p linux-64 -f requirements/${MATRIX_PYTHON}.yml
67+ mv conda-linux-64.lock ${MATRIX_PYTHON}-linux-64.lock
68+
5269 - name : output lockfile
53- uses : actions/upload-artifact@v7
70+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
5471 with :
5572 name : lock-artifacts-${{matrix.python}}
5673 path : ${{matrix.python}}-linux-64.lock
@@ -64,19 +81,24 @@ jobs:
6481 needs : gen_lockfiles
6582
6683 steps :
67- - uses : actions/checkout@v6
84+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
85+ with :
86+ persist-credentials : false
87+
6888 - name : get artifacts
69- uses : actions/download-artifact@v8
89+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
7090 with :
7191 path : ${{ github.workspace }}/requirements/locks
7292 merge-multiple : true
7393
7494 - name : " Generate token"
75- uses : actions/create-github-app-token@v3
95+ uses : actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1
7696 id : generate-token
7797 with :
7898 app-id : ${{ secrets.AUTH_APP_ID }}
7999 private-key : ${{ secrets.AUTH_APP_PRIVATE_KEY }}
100+ permission-contents : write
101+ permission-pull-requests : write
80102
81103 - name : Create Pull Request
82104 id : cpr
@@ -98,11 +120,16 @@ jobs:
98120
99121 - name : Check Pull Request
100122 if : steps.cpr.outputs.pull-request-number != ''
123+ env :
124+ CPR_PR_NUMBER : ${{ steps.cpr.outputs.pull-request-number }}
125+ CPR_PR_URL : ${{ steps.cpr.outputs.pull-request-url }}
126+ CPR_PR_OPERATION : ${{ steps.cpr.outputs.pull-request-operation }}
127+ CPR_PR_HEAD_SHA : ${{ steps.cpr.outputs.pull-request-head-sha }}
101128 run : |
102129 echo "### :rocket: Pull-Request Summary" >> ${GITHUB_STEP_SUMMARY}
103130 echo "" >> ${GITHUB_STEP_SUMMARY}
104131 echo "The following lock-files pull-request has been auto-generated:"
105- echo "- **PR** #${{ steps.cpr.outputs.pull-request-number } }" >> ${GITHUB_STEP_SUMMARY}
106- echo "- **URL** ${{ steps.cpr.outputs.pull-request-url } }" >> ${GITHUB_STEP_SUMMARY}
107- echo "- **Operation** [${{ steps.cpr.outputs.pull-request-operation } }]" >> ${GITHUB_STEP_SUMMARY}
108- echo "- **SHA** ${{ steps.cpr.outputs.pull-request-head-sha } }" >> ${GITHUB_STEP_SUMMARY}
132+ echo "- **PR** #${CPR_PR_NUMBER }" >> ${GITHUB_STEP_SUMMARY}
133+ echo "- **URL** ${CPR_PR_URL }" >> ${GITHUB_STEP_SUMMARY}
134+ echo "- **Operation** [${CPR_PR_OPERATION }]" >> ${GITHUB_STEP_SUMMARY}
135+ echo "- **SHA** ${CPR_PR_HEAD_SHA }" >> ${GITHUB_STEP_SUMMARY}
0 commit comments