chore(renovate): major Update dependency ubuntu to v24 #242
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tests this action success by the application already being installed on the repository | |
| name: Test | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: The name of the branch to checkout for the action | |
| required: true | |
| default: main | |
| # One build per branch, cancel out of date builds only on pull requests | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }} | |
| jobs: | |
| # Not currently used | |
| # test-installed-repo: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout specified branch | |
| # if: github.event_name == 'workflow_dispatch' | |
| # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| # with: | |
| # ref: ${{ github.event.inputs.branch }} | |
| # - name: Checkout | |
| # if: github.event_name != 'workflow_dispatch' | |
| # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| # - name: Use action | |
| # id: use_action | |
| # uses: ./ | |
| # with: | |
| # application_id: ${{ secrets.GHA_APPLICATION_ID }} | |
| # application_private_key: ${{ secrets.GHA_APPLICATION_PRIVATE_KEY }} | |
| # - name: Use token to read details | |
| # uses: actions/github-script@v7 # v6 | |
| # with: | |
| # github-token: ${{ steps.use_action.outputs.token }} | |
| # script: | | |
| # const repo = github.rest.repos.get({ | |
| # owner: context.repo.owner, | |
| # repo: context.repo.repo, | |
| # }) | |
| # console.log(JSON.stringify(repo, null, 2)); | |
| # - name: Use token to checkout repository | |
| # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| # with: | |
| # token: ${{ steps.use_action.outputs.token }} | |
| # repository: sammcj/demo-gha-install-token | |
| test-mocha: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Run tests | |
| continue-on-error: true | |
| run: | | |
| npm ci | |
| echo "::add-mask::${{ secrets.GHA_APPLICATION_PRIVATE_KEY }}" | |
| echo "::add-mask::${{ secrets.GHA_APPLICATION_ID }}" | |
| GITHUB_APPLICATION_PRIVATE_KEY="${{ secrets.GHA_APPLICATION_PRIVATE_KEY }}" | |
| GITHUB_APPLICATION_ID="${{ secrets.GHA_APPLICATION_ID }}" | |
| GITHUB_REPOSITORY_OWNER=sammcj | |
| npm run test | |
| test-installed-limited: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| packages: write | |
| deployments: write | |
| outputs: | |
| expires_at: ${{ steps.use_action.outputs.expires_at }} | |
| permissions_requested: ${{ steps.use_action.outputs.permissions_requested }} | |
| permissions_granted: ${{ steps.use_action.outputs.permissions_granted }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Use action | |
| id: use_action | |
| uses: ./ | |
| with: | |
| application_id: ${{ secrets.GHA_APPLICATION_ID }} | |
| application_private_key: ${{ secrets.GHA_APPLICATION_PRIVATE_KEY }} | |
| organization: CattleDip | |
| permissions: "pages:read,checks:read,issues:read,actions:read,contents:read,metadata:read,packages:write,statuses:read,deployments:write,discussions:read,environments:read,merge_queues:read,pull_requests:read,administration:read,repository_hooks:read,organization_administration:read" | |
| - name: Use token to read details | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 | |
| with: | |
| github-token: ${{ steps.use_action.outputs.token }} | |
| script: | | |
| const repo = github.rest.repos.get({ | |
| owner: 'CattleDip', | |
| repo: 'demo-gha-install-token', | |
| branch: 'main', | |
| }) | |
| console.log(JSON.stringify(repo, null, 2)); | |
| - name: Check permissions | |
| shell: bash | |
| run: | | |
| EXPIRES_AT="${{ steps.use_action.outputs.expires_at }}" | |
| PERMISSIONS_REQUESTED="${{ steps.use_action.outputs.permissions_requested }}" | |
| PERMISSIONS_GRANTED="${{ steps.use_action.outputs.permissions_granted }}" | |
| if [[ -z "$EXPIRES_AT" ]]; then | |
| echo "🚨 No token was generated! 🚨" >> "$GITHUB_STEP_SUMMARY" | |
| exit 1 | |
| fi | |
| if [[ -z "$PERMISSIONS_REQUESTED" ]]; then | |
| echo "🚨 No permissions were requested! 🚨" >> "$GITHUB_STEP_SUMMARY" | |
| exit 1 | |
| fi | |
| if [[ -z "$PERMISSIONS_GRANTED" ]]; then | |
| echo "🚨 No permissions were granted! 🚨" >> "$GITHUB_STEP_SUMMARY" | |
| exit 1 | |
| fi | |
| if [[ "$PERMISSIONS_REQUESTED" != "$PERMISSIONS_GRANTED" ]]; then | |
| echo "🚨 Permissions requested and granted do not match! 🚨" >> "$GITHUB_STEP_SUMMARY" | |
| exit 1 | |
| fi | |
| echo "Permissions requested and granted match 🎉" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Permissions requested: `$PERMISSIONS_REQUESTED`" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Permissions granted: `$PERMISSIONS_GRANTED`" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Use token to checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| token: ${{ steps.use_action.outputs.token }} | |
| repository: CattleDip/demo-gha-install-token | |
| test-installed-org: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| packages: read | |
| deployments: read | |
| steps: | |
| - name: Checkout specified branch | |
| if: github.event_name == 'workflow_dispatch' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| ref: ${{ github.event.inputs.branch }} | |
| - name: Checkout | |
| if: github.event_name != 'workflow_dispatch' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - name: Use action | |
| id: use_action | |
| uses: ./ | |
| with: | |
| application_id: ${{ secrets.GHA_APPLICATION_ID }} | |
| application_private_key: ${{ secrets.GHA_APPLICATION_PRIVATE_KEY }} | |
| organization: CattleDip | |
| - name: Use token to read details | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 | |
| with: | |
| github-token: ${{ steps.use_action.outputs.token }} | |
| script: | | |
| const repo = github.rest.repos.get({ | |
| owner: 'CattleDip', | |
| repo: 'demo-gha-install-token', | |
| }) | |
| console.log(JSON.stringify(repo, null, 2)); | |
| - name: Use token to checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| token: ${{ steps.use_action.outputs.token }} | |
| repository: CattleDip/demo-gha-install-token | |
| # If all tests pass AND we are on main, run the bump and release | |
| release: | |
| runs-on: ubuntu-latest | |
| if: success() && github.ref == 'refs/heads/main' | |
| needs: | |
| # - test-installed-repo | |
| - test-installed-limited #TODO: get working | |
| - test-installed-org | |
| permissions: | |
| contents: write | |
| packages: write | |
| deployments: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: "npm" | |
| - run: | | |
| npm ci | |
| npm run build | |
| - name: Bump version and push tag | |
| id: tag_version | |
| if: github.ref == 'refs/heads/main' | |
| uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| release_branches: main | |
| pre_release_branches: dev | |
| fetch_all_tags: true | |
| default_bump: minor | |
| - name: Create a GitHub release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1 | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| tag: ${{ steps.tag_version.outputs.new_tag }} | |
| name: Release ${{ steps.tag_version.outputs.new_tag }} | |
| body: ${{ steps.tag_version.outputs.changelog }} | |
| generateReleaseNotes: true | |
| allowUpdates: true | |
| makeLatest: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |