Step 4, Add branch protections #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Step 4, Add branch protections | |
# This step triggers after we turn on or edit a branch protection rule. | |
# This workflow updates from step 4 to step 5. | |
# This will run every time we turn on or edit a branch protection rule. | |
# Reference: https://docs.github.com/actions/learn-github-actions/events-that-trigger-workflows | |
on: | |
workflow_dispatch: | |
branch_protection_rule: | |
types: | |
- created | |
- edited | |
# Reference: https://docs.github.com/actions/security-guides/automatic-token-authentication | |
permissions: | |
# Need `contents: read` to checkout the repository. | |
# Need `contents: write` to update the step metadata. | |
contents: write | |
jobs: | |
# Get the current step to only run the main job when the learner is on the same step. | |
get_current_step: | |
name: Check current step number | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: get_step | |
run: | | |
echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT | |
outputs: | |
current_step: ${{ steps.get_step.outputs.current_step }} | |
on_update_branch_protection: | |
name: On update branch protection | |
needs: get_current_step | |
# We will only run this action when: | |
# 1. This repository isn't the template repository. | |
# 2. The step is currently 4. | |
# Reference: https://docs.github.com/actions/learn-github-actions/contexts | |
# Reference: https://docs.github.com/actions/learn-github-actions/expressions | |
if: >- | |
${{ !github.event.repository.is_template | |
&& needs.get_current_step.outputs.current_step == 4 }} | |
# We'll run Ubuntu for performance instead of Mac or Windows. | |
runs-on: ubuntu-latest | |
steps: | |
# We'll need to check out the repository so that we can edit the README. | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Let's get all the branches. | |
ref: ci # Important, as normally `branch_protection_rule` event won't grab other branches | |
- name: Merge changes from origin/main into ci | |
run: ./.github/script/merge-branch.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
branch1: origin/main | |
branch2: ci | |
# In README.md, switch step 4 for step 5. | |
- name: Update to step 5 | |
uses: skills/action-update-step@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
from_step: 4 | |
to_step: 5 | |
base_branch_name: ci |