Skip to content

Commit

Permalink
ci: use token to get push permission in dependabot-post workflow (#102)
Browse files Browse the repository at this point in the history
  • Loading branch information
hallettj authored Mar 8, 2024
1 parent 179b5cc commit 3725b3c
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions .github/workflows/dependabot-post.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# npm dependencies change. This workflow runs on dependabot branches, and runs
# a script that makes the necessary update after each dependabot push.
name: Dependabot-post

on:
push:
branches:
Expand All @@ -11,6 +12,7 @@ jobs:
update_npm_deps_hash:
name: Update NPM dependencies hash
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
steps:
- name: Check Out Code
uses: actions/checkout@v3
Expand All @@ -26,8 +28,11 @@ jobs:

- name: Set up Git Config
run: |
git config user.name 'GitHub Actions Bot'
git config user.email '<>'
git config user.name "${GITHUB_ACTOR}"
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# NOTE: Prefixing/appending commit messages with `[dependabot skip]`
# allows dependabot to rebase/update the pull request, force-pushing
Expand Down

0 comments on commit 3725b3c

Please sign in to comment.