Skip to content

Bump tempfile from 3.11.0 to 3.12.0 #2154

Bump tempfile from 3.11.0 to 3.12.0

Bump tempfile from 3.11.0 to 3.12.0 #2154

Workflow file for this run

# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
name: Dependabot workflow
on: [pull_request_target]
jobs:
dependabot:
# smoelius: A comment now removed from ci.yml that I want to retain:
# > Note that `github.event.pull_request.user.login` is the user that opened the pull request,
# > which may be different from the user that triggered the action.
if: ${{ github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
# https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
# https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-using-ssh-deploy-keys
ssh-key: ${{ secrets.SSH_KEY }}
- name: Check updated files
# smoelius: Dependabot should update only manifest and/or lockfiles. Hard error otherwise.
run: |
git diff --name-only ${{ github.event.pull_request.base.sha }} | grep .
! git diff --name-only ${{ github.event.pull_request.base.sha }} | grep -v '^\.github/workflows/\|\(^\|/\)Cargo\.\(lock\|toml\)$'
- name: Update lockfiles
# smoelius: Inline `scripts/update_lockfiles.sh` rather than run it from the PR. Dependabot
# shouldn't change that script, but just in case.
run: find . -name Cargo.toml -exec cargo update --workspace --manifest-path {} \;
- name: Push
run: |
if ! git diff --exit-code; then
git config user.email 'dependabot[bot]@users.noreply.github.com'
git config user.name 'dependabot[bot]'
git commit . -m 'Update lockfiles'
git push
fi
# smoelius: `@dependabot merge` does not work with merge queues. See:
# https://github.com/orgs/community/discussions/46757#discussioncomment-4909000
- uses: actions/github-script@v7
if: ${{ false }}
with:
github-token: ${{ secrets.REPO_TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '@dependabot merge'
})