diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..e21694780 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + groups: + eslint: + patterns: + - "eslint*" + esbuild: + patterns: + - "esbuild*" + stylelint: + patterns: + - "stylelint*" + patternfly: + patterns: + - "@patternfly*" diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 000000000..1db2e423f --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,39 @@ +name: Dependabot update node-modules +on: pull_request + +permissions: + pull-requests: write + +jobs: + dependabot: + # 22.04's podman has issues with piping and causes tar errors + runs-on: ubuntu-20.04 + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Clone repository + uses: actions/checkout@v3 + + - name: Run npm-update bot + run: | + test/common/make-bots + git config --global user.name "GitHub Workflow" + git config --global user.email "cockpituous@cockpit-project.org" + mkdir -p ~/.config/cockpit-dev + echo ${{ github.token }} >> ~/.config/cockpit-dev/github-token + eval $(ssh-agent) + ssh-add - <<< '${{ secrets.NODE_CACHE_DEPLOY_KEY }}' + ./tools/node-modules install + ./tools/node-modules push + git add node_modules + ssh-add -D + ssh-agent -k + + - name: Force push the change to trigger testing workflows + run: | + sleep 1 # make sure the timestamp changes + git commit --amend --no-edit + eval $(ssh-agent) + ssh-add - <<< '${{ secrets.COCKPIT_DEPLOY_KEY }}' + git push --force 'git@github.com:${{ github.repository }}' HEAD + ssh-add -D + ssh-agent -k