ci: update renovate window #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If Renovate is not the author of the PR that triggers this workflow, it will do nothing. | |
| # If Renovate is the author of the PR that triggers this workflow, but the workflow event is anything but "opened", it will do nothing. | |
| # If Renovate is the author of the PR that triggers this workflow, and the workflow event is "opened", it will: | |
| # 1. Autoformat using pre-commit and, if necessary, push an additional commit to the PR with the autoformat fixes. | |
| # 2. Change the branch protection rules to turn off require codeowner approval due to github apps not being able to be codeowners or added to teams. | |
| # 3. narwhal-bot approves the PR. | |
| # 4. narwhal-bot merges the PR. | |
| # 5. PR is added to merge queue. | |
| # 6. tests are ran. | |
| # a. If tests pass, PR is merged. | |
| # i. If PR is merged, it is closed and branch is deleted. | |
| # b. If tests fail, PR stays open and it is removed from merge queue. | |
| # 7. Branch protection is always set back to the original state. | |
| # | |
| # See ADR #0008. | |
| name: auto-test | |
| on: | |
| pull_request: | |
| # WARNING: DO NOT ADD MORE EVENT TYPES HERE! Because this workflow will push a new commit to the PR in the Autoformat step, adding more event types may cause an infinite loop. | |
| types: | |
| - opened | |
| permissions: | |
| id-token: write | |
| contents: write | |
| defaults: | |
| run: | |
| # We need -e -o pipefail for consistency with GitHub Actions' default behavior | |
| shell: bash -e -o pipefail {0} | |
| jobs: | |
| renovate-test: | |
| if: github.event.client_payload.github.actor == 'renovate[bot]' || github.actor == 'renovate[bot]' | |
| uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/renovate-test.yml@main | |
| secrets: | |
| APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }} | |
| APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }} | |
| AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }} | |
| AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }} |