-
-
Notifications
You must be signed in to change notification settings - Fork 179
127 lines (101 loc) · 3.92 KB
/
codegen.yml
File metadata and controls
127 lines (101 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Code generation 🤖
on:
workflow_dispatch:
schedule:
- cron: "0 12 * * 1"
permissions: {}
env:
PR_ASSIGNEES: woodruffw
jobs:
refresh-schemas:
name: Refresh JSON schemas 📈
runs-on: ubuntu-latest
# this job does not make sense on forks
if: ${{ github.repository_owner == 'zizmorcore' }}
permissions:
contents: write # for creating branches
pull-requests: write # for opening PRs
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: try to refresh schemas
run: |
make refresh-schemas
- name: create PR
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
draft: true
commit-message: "[BOT] update JSON schemas from SchemaStore"
branch: refresh-schemas
branch-suffix: timestamp
title: "[BOT] update JSON schemas from SchemaStore"
body: |
:robot: :warning: :robot:
This is an automated pull request, updating the embedded JSON
schemas after a SchemaStore change was detected.
Please review manually before merging.
assignees: ${{ env.PR_ASSIGNEES }}
reviewers: ${{ env.PR_ASSIGNEES }}
refresh-context-capabilities:
name: Refresh context capabilities *️⃣
runs-on: ubuntu-latest
# this job does not make sense on forks
if: ${{ github.repository_owner == 'zizmorcore' }}
permissions:
contents: write # for creating branches
pull-requests: write # for opening PRs
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
- name: try to refresh context capabilities
run: |
make webhooks-to-contexts
- name: create PR
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
draft: true
commit-message: "[BOT] update context capabilities"
branch: refresh-context-capabilities
branch-suffix: timestamp
title: "[BOT] update context-capabilities from GitHub webhooks"
body: |
:robot: :warning: :robot:
This is an automated pull request, updating the
context capabilities CSV after a change to GitHub's
webhooks was detected.
Please review manually before merging.
assignees: ${{ env.PR_ASSIGNEES }}
reviewers: ${{ env.PR_ASSIGNEES }}
refresh-codeql-injection-sinks:
name: Refresh CodeQL injection sinks 🚰
runs-on: ubuntu-latest
permissions:
contents: write # for creating branches
pull-requests: write # for opening PRs
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
- name: try to refresh CodeQL injection sinks
run: |
make codeql-injection-sinks
- name: create PR
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
draft: true
commit-message: "[BOT] update CodeQL injection sinks"
branch: refresh-codeql-injection-sinks
branch-suffix: timestamp
title: "[BOT] update CodeQL injection sinks from GitHub"
body: |
:robot: :warning: :robot:
This is an automated pull request, updating the CodeQL
injection sinks after a change to GitHub's CodeQL
models was detected.
Please review manually before merging.
assignees: ${{ env.PR_ASSIGNEES }}
reviewers: ${{ env.PR_ASSIGNEES }}