Skip to content

update_cli_permissions #8

update_cli_permissions

update_cli_permissions #8

#/
# @license Apache-2.0
#
# Copyright (c) 2023 The Stdlib Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#/
# Workflow name:
name: update_cli_permissions
# Workflow triggers:
on:
schedule:
# Run the workflow once a week (Sunday at midnight):
- cron: '0 0 * * 0'
# Allow the workflow to be manually run:
workflow_dispatch:
# Global permissions:
permissions:
# Allow read-only access to the repository contents:
contents: read
# Workflow jobs:
jobs:
# Define a job for making CLI scripts executable:
update:
# Define a display name:
name: 'Update CLI Permissions'
# Ensure the job does not run on forks:
if: github.repository == 'stdlib-js/stdlib'
# Define the type of virtual host machine:
runs-on: ubuntu-latest
# Define the sequence of job steps...
steps:
# Checkout the repository:
- name: 'Checkout repository'
# Pin action to full length commit SHA
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# Specify whether to remove untracked files before checking out the repository:
clean: true
# Limit clone depth to the most recent commit:
fetch-depth: 1
# Specify whether to download Git-LFS files:
lfs: false
# Avoid storing GitHub token in local Git configuration:
persist-credentials: false
timeout-minutes: 10
# Make CLI scripts executable:
- name: 'Make CLI scripts executable'
run: |
files=$(find lib/node_modules/@stdlib -type d -name 'bin' -exec find {} -type f -name 'cli' \;)
for file in $files; do
chmod +x "$file"
done
# Disable Git hooks:
- name: 'Disable Git hooks'
run: |
rm -rf .git/hooks
# Import GPG key to sign commits:
- name: 'Import GPG key to sign commits'
# Pin action to full length commit SHA
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
with:
gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
# Create a pull request with the updated files:
- name: 'Create pull request'
id: cpr
# Pin action to full length commit SHA
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
with:
title: 'fix: make CLI scripts executable'
commit-message: 'fix: make CLI scripts executable'
committer: 'stdlib-bot <[email protected]>'
signoff: true
body: |
This PR changes the permissions of project `cli` scripts to be executable.
token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
labels: |
automated-pr
team-reviewers: |
reviewers
branch: update-cli-permissions
delete-branch: true