lix-community/nix-security-tracker
0
0
Fork 0
Code Issues 94 Pull requests 9 Projects Releases Packages Wiki Activity

ci: auto-update pins for staging #311

Merged
fricklerhandwerk merged 14 commits from auto-npins-update into main 2024-11-01 12:00:42 +00:00
Conversation 5 Commits 14 Files changed 4 +62 -1
fricklerhandwerk commented 2024-10-31 19:26:43 +00:00 (Migrated from github.com)
Copy link

we can extend this easily to also update the development pins. I suggest we keep them in sync, so there's no room for divergence, because breaking builds will hold up everything anyway, so we may just fix them for all outputs at once.

we can extend this easily to also update the development pins. I suggest we keep them in sync, so there's no room for divergence, because breaking builds will hold up everything anyway, so we may just fix them for all outputs at once.
RaitoBezarius (Migrated from github.com) reviewed 2024-10-31 19:26:43 +00:00
RaitoBezarius (Migrated from github.com) approved these changes 2024-10-31 19:36:25 +00:00
RaitoBezarius (Migrated from github.com) left a comment
Copy link

LGTM.

LGTM.
fricklerhandwerk commented 2024-11-01 01:38:26 +00:00 (Migrated from github.com)
Copy link

Sorry for the horrendous amount of notification spam. This should work now, with all the org and repo permission set correctly. The last test run of the trigger only stopped at the missing workflow_dispatch on builds.yaml, which needs to be in the PR branch itself: https://github.com/Nix-Security-WG/nix-security-tracker/pull/316#issuecomment-2451127815

Sorry for the horrendous amount of notification spam. This should work now, with all the org and repo permission set correctly. The last test run of the trigger only stopped at the missing `workflow_dispatch` on `builds.yaml`, which needs to be in the PR branch itself: https://github.com/Nix-Security-WG/nix-security-tracker/pull/316#issuecomment-2451127815
fricklerhandwerk (Migrated from github.com) reviewed 2024-11-01 09:24:45 +00:00
.github/workflows/bump.yaml
@ -0,0 +7,4 @@
# allow manual trigger
workflow_dispatch:
permissions:
fricklerhandwerk (Migrated from github.com) commented 2024-11-01 09:24:45 +00:00
Copy link
# NOTE: for this to work you need to set "Workflow permissions" to "Read and write permissions"
# and check "Allow GitHub Actions to create and approve pull requests" in the org settings:
# https://github.com/organizations/<owner>/settings/actions
#
# only then the checkbox "Allow GitHub Actions to create and approve pull requests" is available in the repo settings:
# https://github.com/<owner>/<repo>/settings/actions
#
# in the repo settings, set "Read repository contents and packages permissions"
# and check  "Allow GitHub Actions to create and approve pull requests".
#
# otherwise you'll get an opaque 403 on the pull-request workflow
permissions:
```suggestion # NOTE: for this to work you need to set "Workflow permissions" to "Read and write permissions" # and check "Allow GitHub Actions to create and approve pull requests" in the org settings: # https://github.com/organizations/<owner>/settings/actions # # only then the checkbox "Allow GitHub Actions to create and approve pull requests" is available in the repo settings: # https://github.com/<owner>/<repo>/settings/actions # # in the repo settings, set "Read repository contents and packages permissions" # and check "Allow GitHub Actions to create and approve pull requests". # # otherwise you'll get an opaque 403 on the pull-request workflow permissions: ```
fricklerhandwerk (Migrated from github.com) reviewed 2024-11-01 09:32:58 +00:00
.github/workflows/bump.yaml
@ -0,0 +27,4 @@
title: "chore: weekly npins update"
body: |
Automatic npins update performed by GitHub Actions
branch: npins-auto-update
fricklerhandwerk (Migrated from github.com) commented 2024-11-01 09:32:58 +00:00
Copy link
          # NOTE: in this repo we disabled creating additional branches.
          # in order for this to work, the rules must have an exception for this special branch.
          branch: npins-auto-update
```suggestion # NOTE: in this repo we disabled creating additional branches. # in order for this to work, the rules must have an exception for this special branch. branch: npins-auto-update ```
Sign in to join this conversation.
Reviewers
No reviewers
RaitoBezarius
Labels
Clear labels   
automation

   
backend

something the web server needs to provide the frontend with

  
bug

Something isn't working

  
contributor experience

   
data

something about quality or quantity of ingested data

  
deployment

   
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
nice to have

Nice to have, but not necessary for the time being

  
notifications

   
package maintainer

user story for package maintainers

  
performance

   
skin

Anything related to the visual presentation

  
tech debt

Activities that reduce tech debt

  
user story

description or implementation of a workflow

No labels
automation
backend
bug
contributor experience
data
deployment
documentation
duplicate
good first issue
help wanted
nice to have
notifications
package maintainer
performance
skin
tech debt
user story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#311
No description provided.
Delete branch "auto-npins-update"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?