mirror of
https://github.com/apache/superset.git
synced 2026-07-06 14:55:32 +00:00
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
61 lines
2.6 KiB
YAML
61 lines
2.6 KiB
YAML
name: Sync requirements for Python dependency PRs
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: read
|
|
|
|
jobs:
|
|
sync-python-dep-requirements:
|
|
# This action is limited for (1) PRs authored by Dependabot and (2) upstream repo due to write back to remote
|
|
if: github.repository == 'apache/superset' && github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.head.repo.fork == false
|
|
runs-on: ubuntu-26.04
|
|
steps:
|
|
- name: Fetch Dependabot metadata
|
|
id: dependabot-metadata
|
|
shell: bash
|
|
env:
|
|
BRANCH_NAME: ${{ github.head_ref }}
|
|
run: |
|
|
# Get current branch name, extract the package ecosystem and return as GHA step output
|
|
packageEcosystem=$(echo "$BRANCH_NAME" | cut -d'/' -f2)
|
|
echo "package-ecosystem=$packageEcosystem" >> $GITHUB_OUTPUT
|
|
|
|
# zizmor: ignore[artipacked] - required persisted credentials to push synced requirement changes back to remote
|
|
- name: Checkout source code
|
|
if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }}
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
persist-credentials: true
|
|
|
|
# Authenticate the Docker daemon so the python:slim pull in
|
|
# uv-pip-compile.sh uses our (much higher) authenticated rate limit
|
|
# instead of the shared-runner anonymous one.
|
|
- name: Login to Docker Hub
|
|
if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }}
|
|
continue-on-error: true
|
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Sync requirements in containerized environment
|
|
if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }}
|
|
run: ./scripts/uv-pip-compile.sh
|
|
|
|
- name: Push changes to remote PRs
|
|
if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }}
|
|
run: |
|
|
git config user.name 'github-actions[bot]'
|
|
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
|
|
git add requirements
|
|
git diff --cached --quiet && exit 0
|
|
git commit --signoff --message "build(deps): sync pinned requirements for Dependabot pip PRs"
|
|
git push origin "HEAD:refs/heads/${GITHUB_EVENT_PULL_REQUEST_HEAD_REF}"
|
|
env:
|
|
GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }}
|