Models:
Philip Bordner
philipB/
ehrql
0
Downloads: 1
[e988c2]: / .github / workflows / update-pledge.yml

Download this file

49 lines (41 with data), 1.7 kB 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---

name: "Create PR to update `bin/pledge`"



on:

  workflow_dispatch:

  schedule:

    - cron:  "33 2 * * *"



jobs:

  create_pr_to_update_pledge:

    runs-on: ubuntu-latest



    steps:

      - uses: actions/checkout@v4

      - uses: opensafely-core/setup-action@v1

        with:

          install-just: true

          python-version: "3.11"



      - name: "Ensure `bin/pledge` is at latest version"

        run: just update-pledge



      - name: Generate app token

        uses: actions/create-github-app-token@v1

        id: generate-token

        with:

          app-id: 1031449  # opensafely-core Create PR app

          private-key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}



      - name: "Create a Pull Request if there are any changes"

        id: create_pr

        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8

        with:

          add-paths: bin/*

          branch: bot/update-pledge

          base: main

          author: "opensafely-github-bot <opensafely-github-bot@users.noreply.github.com>"

          committer: "opensafely-github-bot <opensafely-github-bot@users.noreply.github.com>"

          commit-message: "fix: Update `bin/pledge`"

          title: "Update `bin/pledge`"

          token: ${{ steps.generate-token.outputs.token }}



      # The PR will still require manual approval, this just reduces it to a one-click process

      - name: Enable automerge

        if: steps.create_pr.outputs.pull-request-operation == 'created'

        run: gh pr merge --auto --squash ${{ steps.create_pr.outputs.pull-request-number }}

        env:

          GH_TOKEN: ${{ steps.generate-token.outputs.token }}