From da03697d4c38da124f3d6cb91fc1d15c44660e3d Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:21:06 +0100 Subject: [PATCH 1/7] Fix upgrade-main.yml GitHub action --- .github/workflows/upgrade-main.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 5d59d107..997df01e 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -22,11 +22,6 @@ jobs: run: yarn install --check-files --frozen-lockfile - name: Upgrade dependencies run: npx projen upgrade - - name: Set git identity & add files to commit - run: | - git config --local user.email svc-api-experience-integrations-escalation@mongodb.com - git config --local user.name svc-apix-bot - git add . - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e with: From 5555fc72b32f04ccb906e2f6757e1dcd0c443745 Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 16:30:21 +0100 Subject: [PATCH 2/7] permissions inside --- .github/workflows/upgrade-main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 997df01e..d3521e87 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -4,13 +4,13 @@ on: workflow_dispatch: {} schedule: - cron: 0 9 * * 2 # every Tuesday at 9am -permissions: - contents: write - pull-requests: write jobs: upgrade: name: Upgrade runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 From 74dc018b009a69b61cb8d2feec9eb637e58a8f28 Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:24:07 +0100 Subject: [PATCH 3/7] don't use content: write --- .github/workflows/upgrade-main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index d3521e87..c2ab57bb 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -9,7 +9,6 @@ jobs: name: Upgrade runs-on: ubuntu-latest permissions: - contents: write pull-requests: write steps: - name: Checkout From ba3ae3ce7109cb7646c9785544d52c814b786953 Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:31:55 +0100 Subject: [PATCH 4/7] restore previous version --- .github/workflows/upgrade-main.yml | 40 ++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index c2ab57bb..2ea303ee 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -4,12 +4,15 @@ on: workflow_dispatch: {} schedule: - cron: 0 9 * * 2 # every Tuesday at 9am +permissions: + contents: write + pull-requests: write jobs: upgrade: name: Upgrade runs-on: ubuntu-latest - permissions: - pull-requests: write + outputs: + patch_created: ${{ steps.create_patch.outputs.patch_created }} steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 @@ -21,6 +24,36 @@ jobs: run: yarn install --check-files --frozen-lockfile - name: Upgrade dependencies run: npx projen upgrade + - name: Find mutations + id: create_patch + run: |- + git add . + git diff --staged --patch --exit-code > .repo.patch || echo "patch_created=true" >> "${GITHUB_OUTPUT}" + - name: Upload patch + if: steps.create_patch.outputs.patch_created + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + with: + name: .repo.patch + path: .repo.patch + pr: + name: Create Pull Request + needs: upgrade + runs-on: ubuntu-latest + if: ${{ needs.upgrade.outputs.patch_created }} + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + - name: Download patch + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: .repo.patch + path: ${{ runner.temp }} + - name: Apply patch + run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."' + - name: Set git identity + run: |- + git config user.name "svc-apix-bot" + git config user.email "svc-api-experience-integrations-escalation@mongodb.com" - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e with: @@ -30,3 +63,6 @@ jobs: delete-branch: true branch: upgrade-dependencies body: "Upgrades project dependencies. See details in [workflow run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" + author: svc-apix-bot + committer: svc-apix-bot + signoff: true From 73210200ce0da95bd27ede69b9fcbcb00e89c07a Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 18:14:48 +0100 Subject: [PATCH 5/7] revert changes --- .github/workflows/upgrade-main.yml | 38 ------------------------------ 1 file changed, 38 deletions(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 2ea303ee..b99b9298 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -4,15 +4,10 @@ on: workflow_dispatch: {} schedule: - cron: 0 9 * * 2 # every Tuesday at 9am -permissions: - contents: write - pull-requests: write jobs: upgrade: name: Upgrade runs-on: ubuntu-latest - outputs: - patch_created: ${{ steps.create_patch.outputs.patch_created }} steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 @@ -24,36 +19,6 @@ jobs: run: yarn install --check-files --frozen-lockfile - name: Upgrade dependencies run: npx projen upgrade - - name: Find mutations - id: create_patch - run: |- - git add . - git diff --staged --patch --exit-code > .repo.patch || echo "patch_created=true" >> "${GITHUB_OUTPUT}" - - name: Upload patch - if: steps.create_patch.outputs.patch_created - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 - with: - name: .repo.patch - path: .repo.patch - pr: - name: Create Pull Request - needs: upgrade - runs-on: ubuntu-latest - if: ${{ needs.upgrade.outputs.patch_created }} - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - - name: Download patch - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: .repo.patch - path: ${{ runner.temp }} - - name: Apply patch - run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."' - - name: Set git identity - run: |- - git config user.name "svc-apix-bot" - git config user.email "svc-api-experience-integrations-escalation@mongodb.com" - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e with: @@ -63,6 +28,3 @@ jobs: delete-branch: true branch: upgrade-dependencies body: "Upgrades project dependencies. See details in [workflow run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" - author: svc-apix-bot - committer: svc-apix-bot - signoff: true From a995ad9c6a2e2cbae4336acc7a14b75203aa1f35 Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 18:20:16 +0100 Subject: [PATCH 6/7] use regular token --- .github/workflows/upgrade-main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index b99b9298..291628a5 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -11,6 +11,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + with: + ref: main - name: Setup Node.js uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 with: @@ -22,7 +24,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e with: - token: ${{ secrets.APIX_BOT_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} title: "chore: Upgrade dependencies" commit-message: "Upgrade dependencies" delete-branch: true From f674419dc7cac971eb230eb02198c59fc3c41563 Mon Sep 17 00:00:00 2001 From: Leo Antoli <430982+lantoli@users.noreply.github.com> Date: Mon, 3 Nov 2025 18:24:53 +0100 Subject: [PATCH 7/7] revert token --- .github/workflows/upgrade-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml index 291628a5..aead2829 100644 --- a/.github/workflows/upgrade-main.yml +++ b/.github/workflows/upgrade-main.yml @@ -24,7 +24,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.APIX_BOT_PAT }} title: "chore: Upgrade dependencies" commit-message: "Upgrade dependencies" delete-branch: true