Code generation 🤖 #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code generation 🤖 | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 12 * * 1" | |
| permissions: {} | |
| env: | |
| PR_ASSIGNEES: woodruffw | |
| jobs: | |
| refresh-schemas: | |
| name: Refresh JSON schemas 📈 | |
| runs-on: ubuntu-latest | |
| # this job does not make sense on forks | |
| if: ${{ github.repository_owner == 'zizmorcore' }} | |
| permissions: | |
| contents: write # for creating branches | |
| pull-requests: write # for opening PRs | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: try to refresh schemas | |
| run: | | |
| make refresh-schemas | |
| - name: create PR | |
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 | |
| with: | |
| draft: true | |
| commit-message: "[BOT] update JSON schemas from SchemaStore" | |
| branch: refresh-schemas | |
| branch-suffix: timestamp | |
| title: "[BOT] update JSON schemas from SchemaStore" | |
| body: | | |
| :robot: :warning: :robot: | |
| This is an automated pull request, updating the embedded JSON | |
| schemas after a SchemaStore change was detected. | |
| Please review manually before merging. | |
| assignees: ${{ env.PR_ASSIGNEES }} | |
| reviewers: ${{ env.PR_ASSIGNEES }} | |
| refresh-context-capabilities: | |
| name: Refresh context capabilities *️⃣ | |
| runs-on: ubuntu-latest | |
| # this job does not make sense on forks | |
| if: ${{ github.repository_owner == 'zizmorcore' }} | |
| permissions: | |
| contents: write # for creating branches | |
| pull-requests: write # for opening PRs | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 | |
| - name: try to refresh context capabilities | |
| run: | | |
| make webhooks-to-contexts | |
| - name: create PR | |
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 | |
| with: | |
| draft: true | |
| commit-message: "[BOT] update context capabilities" | |
| branch: refresh-context-capabilities | |
| branch-suffix: timestamp | |
| title: "[BOT] update context-capabilities from GitHub webhooks" | |
| body: | | |
| :robot: :warning: :robot: | |
| This is an automated pull request, updating the | |
| context capabilities CSV after a change to GitHub's | |
| webhooks was detected. | |
| Please review manually before merging. | |
| assignees: ${{ env.PR_ASSIGNEES }} | |
| reviewers: ${{ env.PR_ASSIGNEES }} | |
| refresh-codeql-injection-sinks: | |
| name: Refresh CodeQL injection sinks 🚰 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # for creating branches | |
| pull-requests: write # for opening PRs | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 | |
| - name: try to refresh CodeQL injection sinks | |
| run: | | |
| make codeql-injection-sinks | |
| - name: create PR | |
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 | |
| with: | |
| draft: true | |
| commit-message: "[BOT] update CodeQL injection sinks" | |
| branch: refresh-codeql-injection-sinks | |
| branch-suffix: timestamp | |
| title: "[BOT] update CodeQL injection sinks from GitHub" | |
| body: | | |
| :robot: :warning: :robot: | |
| This is an automated pull request, updating the CodeQL | |
| injection sinks after a change to GitHub's CodeQL | |
| models was detected. | |
| Please review manually before merging. | |
| assignees: ${{ env.PR_ASSIGNEES }} | |
| reviewers: ${{ env.PR_ASSIGNEES }} |